grpc 1.41.0 → 1.41.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +4 -3
- data/etc/roots.pem +335 -326
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +278 -272
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +15 -22
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/a_strex.c +268 -271
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +6 -43
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +0 -39
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +289 -198
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +9 -13
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +45 -65
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +21 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +24 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +9 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +151 -12
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +181 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -179
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +0 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +11 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +0 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +22 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +24 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +17 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +71 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +304 -192
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +2 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +8 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +9 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +37 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +26 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +31 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +50 -76
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +0 -131
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +48 -8
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +266 -357
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +90 -152
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +75 -79
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +96 -97
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +63 -43
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +6 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +14 -16
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +14 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +203 -203
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +30 -41
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +47 -33
- metadata +39 -38
@@ -79,17 +79,11 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
|
|
79
79
|
{
|
80
80
|
const ASN1_TEMPLATE *tt = NULL, *seqtt;
|
81
81
|
const ASN1_EXTERN_FUNCS *ef;
|
82
|
-
const ASN1_AUX *aux = it->funcs;
|
83
|
-
ASN1_aux_cb *asn1_cb;
|
84
82
|
int i;
|
85
83
|
if (!pval)
|
86
84
|
return;
|
87
85
|
if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
|
88
86
|
return;
|
89
|
-
if (aux && aux->asn1_cb)
|
90
|
-
asn1_cb = aux->asn1_cb;
|
91
|
-
else
|
92
|
-
asn1_cb = 0;
|
93
87
|
|
94
88
|
switch (it->itype) {
|
95
89
|
|
@@ -104,7 +98,9 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
|
|
104
98
|
ASN1_primitive_free(pval, it);
|
105
99
|
break;
|
106
100
|
|
107
|
-
case ASN1_ITYPE_CHOICE:
|
101
|
+
case ASN1_ITYPE_CHOICE: {
|
102
|
+
const ASN1_AUX *aux = it->funcs;
|
103
|
+
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
|
108
104
|
if (asn1_cb) {
|
109
105
|
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
|
110
106
|
if (i == 2)
|
@@ -124,6 +120,7 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
|
|
124
120
|
*pval = NULL;
|
125
121
|
}
|
126
122
|
break;
|
123
|
+
}
|
127
124
|
|
128
125
|
case ASN1_ITYPE_EXTERN:
|
129
126
|
ef = it->funcs;
|
@@ -131,9 +128,11 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
|
|
131
128
|
ef->asn1_ex_free(pval, it);
|
132
129
|
break;
|
133
130
|
|
134
|
-
case ASN1_ITYPE_SEQUENCE:
|
131
|
+
case ASN1_ITYPE_SEQUENCE: {
|
135
132
|
if (!asn1_refcount_dec_and_test_zero(pval, it))
|
136
133
|
return;
|
134
|
+
const ASN1_AUX *aux = it->funcs;
|
135
|
+
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
|
137
136
|
if (asn1_cb) {
|
138
137
|
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
|
139
138
|
if (i == 2)
|
@@ -162,6 +161,7 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
|
|
162
161
|
}
|
163
162
|
break;
|
164
163
|
}
|
164
|
+
}
|
165
165
|
}
|
166
166
|
|
167
167
|
void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
|
@@ -95,14 +95,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
95
95
|
{
|
96
96
|
const ASN1_TEMPLATE *tt = NULL;
|
97
97
|
const ASN1_EXTERN_FUNCS *ef;
|
98
|
-
const ASN1_AUX *aux = it->funcs;
|
99
|
-
ASN1_aux_cb *asn1_cb;
|
100
98
|
ASN1_VALUE **pseqval;
|
101
99
|
int i;
|
102
|
-
if (aux && aux->asn1_cb)
|
103
|
-
asn1_cb = aux->asn1_cb;
|
104
|
-
else
|
105
|
-
asn1_cb = 0;
|
106
100
|
|
107
101
|
switch (it->itype) {
|
108
102
|
|
@@ -127,7 +121,9 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
127
121
|
goto memerr;
|
128
122
|
break;
|
129
123
|
|
130
|
-
case ASN1_ITYPE_CHOICE:
|
124
|
+
case ASN1_ITYPE_CHOICE: {
|
125
|
+
const ASN1_AUX *aux = it->funcs;
|
126
|
+
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
|
131
127
|
if (asn1_cb) {
|
132
128
|
i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
|
133
129
|
if (!i)
|
@@ -146,8 +142,11 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
146
142
|
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
|
147
143
|
goto auxerr2;
|
148
144
|
break;
|
145
|
+
}
|
149
146
|
|
150
|
-
case ASN1_ITYPE_SEQUENCE:
|
147
|
+
case ASN1_ITYPE_SEQUENCE: {
|
148
|
+
const ASN1_AUX *aux = it->funcs;
|
149
|
+
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
|
151
150
|
if (asn1_cb) {
|
152
151
|
i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
|
153
152
|
if (!i)
|
@@ -173,6 +172,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
173
172
|
goto auxerr2;
|
174
173
|
break;
|
175
174
|
}
|
175
|
+
}
|
176
176
|
return 1;
|
177
177
|
|
178
178
|
memerr2:
|
@@ -271,7 +271,6 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
|
|
271
271
|
static int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
272
272
|
{
|
273
273
|
ASN1_TYPE *typ;
|
274
|
-
ASN1_STRING *str;
|
275
274
|
int utype;
|
276
275
|
|
277
276
|
if (!it)
|
@@ -308,10 +307,7 @@ static int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
|
308
307
|
break;
|
309
308
|
|
310
309
|
default:
|
311
|
-
|
312
|
-
if (it->itype == ASN1_ITYPE_MSTRING && str)
|
313
|
-
str->flags |= ASN1_STRING_FLAG_MSTRING;
|
314
|
-
*pval = (ASN1_VALUE *)str;
|
310
|
+
*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
|
315
311
|
break;
|
316
312
|
}
|
317
313
|
if (*pval)
|
@@ -118,6 +118,7 @@ int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it) {
|
|
118
118
|
}
|
119
119
|
|
120
120
|
static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) {
|
121
|
+
assert(it->itype == ASN1_ITYPE_SEQUENCE);
|
121
122
|
const ASN1_AUX *aux;
|
122
123
|
if (!pval || !*pval) {
|
123
124
|
return NULL;
|
@@ -265,14 +265,17 @@ static uint8_t base64_ascii_to_bin(uint8_t a) {
|
|
265
265
|
const uint8_t is_slash = constant_time_eq_8(a, '/');
|
266
266
|
const uint8_t is_equals = constant_time_eq_8(a, '=');
|
267
267
|
|
268
|
-
uint8_t ret =
|
269
|
-
ret
|
270
|
-
ret
|
271
|
-
ret
|
272
|
-
ret
|
273
|
-
ret
|
274
|
-
//
|
275
|
-
|
268
|
+
uint8_t ret = 0;
|
269
|
+
ret |= is_upper & (a - 'A'); // [0,26)
|
270
|
+
ret |= is_lower & (a - 'a' + 26); // [26,52)
|
271
|
+
ret |= is_digit & (a - '0' + 52); // [52,62)
|
272
|
+
ret |= is_plus & 62;
|
273
|
+
ret |= is_slash & 63;
|
274
|
+
// Invalid inputs, 'A', and '=' have all been mapped to zero. Map invalid
|
275
|
+
// inputs to 0xff. Note '=' is padding and handled separately by the caller.
|
276
|
+
const uint8_t is_valid =
|
277
|
+
is_upper | is_lower | is_digit | is_plus | is_slash | is_equals;
|
278
|
+
ret |= ~is_valid;
|
276
279
|
return ret;
|
277
280
|
}
|
278
281
|
|
@@ -116,17 +116,11 @@ static int mem_new(BIO *bio) {
|
|
116
116
|
}
|
117
117
|
|
118
118
|
static int mem_free(BIO *bio) {
|
119
|
-
BUF_MEM *b;
|
120
|
-
|
121
|
-
if (bio == NULL) {
|
122
|
-
return 0;
|
123
|
-
}
|
124
|
-
|
125
119
|
if (!bio->shutdown || !bio->init || bio->ptr == NULL) {
|
126
120
|
return 1;
|
127
121
|
}
|
128
122
|
|
129
|
-
b = (BUF_MEM *)bio->ptr;
|
123
|
+
BUF_MEM *b = (BUF_MEM *)bio->ptr;
|
130
124
|
if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
|
131
125
|
b->data = NULL;
|
132
126
|
}
|
@@ -320,7 +320,7 @@ static int conn_new(BIO *bio) {
|
|
320
320
|
bio->init = 0;
|
321
321
|
bio->num = -1;
|
322
322
|
bio->flags = 0;
|
323
|
-
bio->ptr =
|
323
|
+
bio->ptr = BIO_CONNECT_new();
|
324
324
|
return bio->ptr != NULL;
|
325
325
|
}
|
326
326
|
|
@@ -340,10 +340,6 @@ static void conn_close_socket(BIO *bio) {
|
|
340
340
|
}
|
341
341
|
|
342
342
|
static int conn_free(BIO *bio) {
|
343
|
-
if (bio == NULL) {
|
344
|
-
return 0;
|
345
|
-
}
|
346
|
-
|
347
343
|
if (bio->shutdown) {
|
348
344
|
conn_close_socket(bio);
|
349
345
|
}
|
@@ -126,13 +126,7 @@ BIO *BIO_new_fp(FILE *stream, int close_flag) {
|
|
126
126
|
return ret;
|
127
127
|
}
|
128
128
|
|
129
|
-
static int file_new(BIO *bio) { return 1; }
|
130
|
-
|
131
129
|
static int file_free(BIO *bio) {
|
132
|
-
if (bio == NULL) {
|
133
|
-
return 0;
|
134
|
-
}
|
135
|
-
|
136
130
|
if (!bio->shutdown) {
|
137
131
|
return 1;
|
138
132
|
}
|
@@ -279,7 +273,7 @@ static const BIO_METHOD methods_filep = {
|
|
279
273
|
BIO_TYPE_FILE, "FILE pointer",
|
280
274
|
file_write, file_read,
|
281
275
|
NULL /* puts */, file_gets,
|
282
|
-
file_ctrl,
|
276
|
+
file_ctrl, NULL /* create */,
|
283
277
|
file_free, NULL /* callback_ctrl */,
|
284
278
|
};
|
285
279
|
|
@@ -127,12 +127,7 @@ static void bio_destroy_pair(BIO *bio) {
|
|
127
127
|
}
|
128
128
|
|
129
129
|
static int bio_free(BIO *bio) {
|
130
|
-
struct bio_bio_st *b;
|
131
|
-
|
132
|
-
if (bio == NULL) {
|
133
|
-
return 0;
|
134
|
-
}
|
135
|
-
b = bio->ptr;
|
130
|
+
struct bio_bio_st *b = bio->ptr;
|
136
131
|
|
137
132
|
assert(b != NULL);
|
138
133
|
|
@@ -81,19 +81,7 @@ static int closesocket(int sock) {
|
|
81
81
|
}
|
82
82
|
#endif
|
83
83
|
|
84
|
-
static int sock_new(BIO *bio) {
|
85
|
-
bio->init = 0;
|
86
|
-
bio->num = 0;
|
87
|
-
bio->ptr = NULL;
|
88
|
-
bio->flags = 0;
|
89
|
-
return 1;
|
90
|
-
}
|
91
|
-
|
92
84
|
static int sock_free(BIO *bio) {
|
93
|
-
if (bio == NULL) {
|
94
|
-
return 0;
|
95
|
-
}
|
96
|
-
|
97
85
|
if (bio->shutdown) {
|
98
86
|
if (bio->init) {
|
99
87
|
closesocket(bio->num);
|
@@ -105,17 +93,15 @@ static int sock_free(BIO *bio) {
|
|
105
93
|
}
|
106
94
|
|
107
95
|
static int sock_read(BIO *b, char *out, int outl) {
|
108
|
-
int ret = 0;
|
109
|
-
|
110
96
|
if (out == NULL) {
|
111
97
|
return 0;
|
112
98
|
}
|
113
99
|
|
114
100
|
bio_clear_socket_error();
|
115
101
|
#if defined(OPENSSL_WINDOWS)
|
116
|
-
ret = recv(b->num, out, outl, 0);
|
102
|
+
int ret = recv(b->num, out, outl, 0);
|
117
103
|
#else
|
118
|
-
ret = read(b->num, out, outl);
|
104
|
+
int ret = read(b->num, out, outl);
|
119
105
|
#endif
|
120
106
|
BIO_clear_retry_flags(b);
|
121
107
|
if (ret <= 0) {
|
@@ -186,7 +172,7 @@ static const BIO_METHOD methods_sockp = {
|
|
186
172
|
BIO_TYPE_SOCKET, "socket",
|
187
173
|
sock_write, sock_read,
|
188
174
|
NULL /* puts */, NULL /* gets, */,
|
189
|
-
sock_ctrl,
|
175
|
+
sock_ctrl, NULL /* create */,
|
190
176
|
sock_free, NULL /* callback_ctrl */,
|
191
177
|
};
|
192
178
|
|
@@ -404,6 +404,15 @@ int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) {
|
|
404
404
|
return 1;
|
405
405
|
}
|
406
406
|
|
407
|
+
int CBB_add_zeros(CBB *cbb, size_t len) {
|
408
|
+
uint8_t *out;
|
409
|
+
if (!CBB_add_space(cbb, &out, len)) {
|
410
|
+
return 0;
|
411
|
+
}
|
412
|
+
OPENSSL_memset(out, 0, len);
|
413
|
+
return 1;
|
414
|
+
}
|
415
|
+
|
407
416
|
int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) {
|
408
417
|
if (!CBB_flush(cbb) ||
|
409
418
|
!cbb_buffer_add(cbb->base, out_data, len)) {
|
@@ -216,6 +216,14 @@ int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) {
|
|
216
216
|
return cbs_get_length_prefixed(cbs, out, 3);
|
217
217
|
}
|
218
218
|
|
219
|
+
int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c) {
|
220
|
+
const uint8_t *split = OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs));
|
221
|
+
if (split == NULL) {
|
222
|
+
return 0;
|
223
|
+
}
|
224
|
+
return CBS_get_bytes(cbs, out, split - CBS_data(cbs));
|
225
|
+
}
|
226
|
+
|
219
227
|
// parse_base128_integer reads a big-endian base-128 integer from |cbs| and sets
|
220
228
|
// |*out| to the result. This is the encoding used in DER for both high tag
|
221
229
|
// number form and OID components.
|
@@ -67,25 +67,42 @@
|
|
67
67
|
#include "../internal.h"
|
68
68
|
|
69
69
|
|
70
|
+
static const struct {
|
71
|
+
int nid;
|
72
|
+
const char *name;
|
73
|
+
const EVP_CIPHER *(*func)(void);
|
74
|
+
} kCiphers[] = {
|
75
|
+
{NID_aes_128_cbc, "aes-128-cbc", EVP_aes_128_cbc},
|
76
|
+
{NID_aes_128_ctr, "aes-128-ctr", EVP_aes_128_ctr},
|
77
|
+
{NID_aes_128_ecb, "aes-128-ecb", EVP_aes_128_ecb},
|
78
|
+
{NID_aes_128_gcm, "aes-128-gcm", EVP_aes_128_gcm},
|
79
|
+
{NID_aes_128_ofb128, "aes-128-ofb", EVP_aes_128_ofb},
|
80
|
+
{NID_aes_192_cbc, "aes-192-cbc", EVP_aes_192_cbc},
|
81
|
+
{NID_aes_192_ctr, "aes-192-ctr", EVP_aes_192_ctr},
|
82
|
+
{NID_aes_192_ecb, "aes-192-ecb", EVP_aes_192_ecb},
|
83
|
+
{NID_aes_192_gcm, "aes-192-gcm", EVP_aes_192_gcm},
|
84
|
+
{NID_aes_192_ofb128, "aes-192-ofb", EVP_aes_192_ofb},
|
85
|
+
{NID_aes_256_cbc, "aes-256-cbc", EVP_aes_256_cbc},
|
86
|
+
{NID_aes_256_ctr, "aes-256-ctr", EVP_aes_256_ctr},
|
87
|
+
{NID_aes_256_ecb, "aes-256-ecb", EVP_aes_256_ecb},
|
88
|
+
{NID_aes_256_gcm, "aes-256-gcm", EVP_aes_256_gcm},
|
89
|
+
{NID_aes_256_ofb128, "aes-256-ofb", EVP_aes_256_ofb},
|
90
|
+
{NID_des_cbc, "des-cbc", EVP_des_cbc},
|
91
|
+
{NID_des_ecb, "des-ecb", EVP_des_ecb},
|
92
|
+
{NID_des_ede_cbc, "des-ede-cbc", EVP_des_ede_cbc},
|
93
|
+
{NID_des_ede_ecb, "des-ede", EVP_des_ede},
|
94
|
+
{NID_des_ede3_cbc, "des-ede3-cbc", EVP_des_ede3_cbc},
|
95
|
+
{NID_rc2_cbc, "rc2-cbc", EVP_rc2_cbc},
|
96
|
+
{NID_rc4, "rc4", EVP_rc4},
|
97
|
+
};
|
98
|
+
|
70
99
|
const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
|
71
|
-
|
72
|
-
|
73
|
-
return
|
74
|
-
|
75
|
-
return EVP_rc2_40_cbc();
|
76
|
-
case NID_des_ede3_cbc:
|
77
|
-
return EVP_des_ede3_cbc();
|
78
|
-
case NID_des_ede_cbc:
|
79
|
-
return EVP_des_cbc();
|
80
|
-
case NID_aes_128_cbc:
|
81
|
-
return EVP_aes_128_cbc();
|
82
|
-
case NID_aes_192_cbc:
|
83
|
-
return EVP_aes_192_cbc();
|
84
|
-
case NID_aes_256_cbc:
|
85
|
-
return EVP_aes_256_cbc();
|
86
|
-
default:
|
87
|
-
return NULL;
|
100
|
+
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kCiphers); i++) {
|
101
|
+
if (kCiphers[i].nid == nid) {
|
102
|
+
return kCiphers[i].func();
|
103
|
+
}
|
88
104
|
}
|
105
|
+
return NULL;
|
89
106
|
}
|
90
107
|
|
91
108
|
const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
|
@@ -93,54 +110,17 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
|
|
93
110
|
return NULL;
|
94
111
|
}
|
95
112
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
return EVP_aes_128_cbc();
|
108
|
-
} else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) {
|
109
|
-
return EVP_aes_192_cbc();
|
110
|
-
} else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) {
|
111
|
-
return EVP_aes_256_cbc();
|
112
|
-
} else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) {
|
113
|
-
return EVP_aes_128_ctr();
|
114
|
-
} else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) {
|
115
|
-
return EVP_aes_192_ctr();
|
116
|
-
} else if (OPENSSL_strcasecmp(name, "aes-256-ctr") == 0) {
|
117
|
-
return EVP_aes_256_ctr();
|
118
|
-
} else if (OPENSSL_strcasecmp(name, "aes-128-ecb") == 0) {
|
119
|
-
return EVP_aes_128_ecb();
|
120
|
-
} else if (OPENSSL_strcasecmp(name, "aes-192-ecb") == 0) {
|
121
|
-
return EVP_aes_192_ecb();
|
122
|
-
} else if (OPENSSL_strcasecmp(name, "aes-256-ecb") == 0) {
|
123
|
-
return EVP_aes_256_ecb();
|
124
|
-
} else if (OPENSSL_strcasecmp(name, "aes-128-gcm") == 0) {
|
125
|
-
return EVP_aes_128_gcm();
|
126
|
-
} else if (OPENSSL_strcasecmp(name, "aes-192-gcm") == 0) {
|
127
|
-
return EVP_aes_192_gcm();
|
128
|
-
} else if (OPENSSL_strcasecmp(name, "aes-256-gcm") == 0) {
|
129
|
-
return EVP_aes_256_gcm();
|
130
|
-
} else if (OPENSSL_strcasecmp(name, "aes-128-ofb") == 0) {
|
131
|
-
return EVP_aes_128_ofb();
|
132
|
-
} else if (OPENSSL_strcasecmp(name, "aes-192-ofb") == 0) {
|
133
|
-
return EVP_aes_192_ofb();
|
134
|
-
} else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) {
|
135
|
-
return EVP_aes_256_ofb();
|
136
|
-
} else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) {
|
137
|
-
return EVP_des_ecb();
|
138
|
-
} else if (OPENSSL_strcasecmp(name, "des-ede") == 0) {
|
139
|
-
return EVP_des_ede();
|
140
|
-
} else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) {
|
141
|
-
return EVP_des_ede_cbc();
|
142
|
-
} else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) {
|
143
|
-
return EVP_rc2_cbc();
|
113
|
+
// This is not a name used by OpenSSL, but tcpdump registers it with
|
114
|
+
// |EVP_add_cipher_alias|. Our |EVP_add_cipher_alias| is a no-op, so we
|
115
|
+
// support the name here.
|
116
|
+
if (OPENSSL_strcasecmp(name, "3des") == 0) {
|
117
|
+
name = "des-ede3-cbc";
|
118
|
+
}
|
119
|
+
|
120
|
+
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kCiphers); i++) {
|
121
|
+
if (OPENSSL_strcasecmp(kCiphers[i].name, name) == 0) {
|
122
|
+
return kCiphers[i].func();
|
123
|
+
}
|
144
124
|
}
|
145
125
|
|
146
126
|
return NULL;
|
@@ -83,6 +83,7 @@ static const struct nid_to_digest nid_to_digest_mapping[] = {
|
|
83
83
|
{NID_sha256, EVP_sha256, SN_sha256, LN_sha256},
|
84
84
|
{NID_sha384, EVP_sha384, SN_sha384, LN_sha384},
|
85
85
|
{NID_sha512, EVP_sha512, SN_sha512, LN_sha512},
|
86
|
+
{NID_sha512_256, EVP_sha512_256, SN_sha512_256, LN_sha512_256},
|
86
87
|
{NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1},
|
87
88
|
// As a remnant of signing |EVP_MD|s, OpenSSL returned the corresponding
|
88
89
|
// hash function when given a signature OID. To avoid unintended lax parsing
|
@@ -456,7 +456,7 @@ void bn_mod_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
|
|
456
456
|
|
457
457
|
int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder,
|
458
458
|
const BIGNUM *numerator, const BIGNUM *divisor,
|
459
|
-
BN_CTX *ctx) {
|
459
|
+
unsigned divisor_min_bits, BN_CTX *ctx) {
|
460
460
|
if (BN_is_negative(numerator) || BN_is_negative(divisor)) {
|
461
461
|
OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
|
462
462
|
return 0;
|
@@ -496,8 +496,26 @@ int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder,
|
|
496
496
|
r->neg = 0;
|
497
497
|
|
498
498
|
// Incorporate |numerator| into |r|, one bit at a time, reducing after each
|
499
|
-
// step.
|
500
|
-
|
499
|
+
// step. We maintain the invariant that |0 <= r < divisor| and
|
500
|
+
// |q * divisor + r = n| where |n| is the portion of |numerator| incorporated
|
501
|
+
// so far.
|
502
|
+
//
|
503
|
+
// First, we short-circuit the loop: if we know |divisor| has at least
|
504
|
+
// |divisor_min_bits| bits, the top |divisor_min_bits - 1| can be incorporated
|
505
|
+
// without reductions. This significantly speeds up |RSA_check_key|. For
|
506
|
+
// simplicity, we round down to a whole number of words.
|
507
|
+
assert(divisor_min_bits <= BN_num_bits(divisor));
|
508
|
+
int initial_words = 0;
|
509
|
+
if (divisor_min_bits > 0) {
|
510
|
+
initial_words = (divisor_min_bits - 1) / BN_BITS2;
|
511
|
+
if (initial_words > numerator->width) {
|
512
|
+
initial_words = numerator->width;
|
513
|
+
}
|
514
|
+
OPENSSL_memcpy(r->d, numerator->d + numerator->width - initial_words,
|
515
|
+
initial_words * sizeof(BN_ULONG));
|
516
|
+
}
|
517
|
+
|
518
|
+
for (int i = numerator->width - initial_words - 1; i >= 0; i--) {
|
501
519
|
for (int bit = BN_BITS2 - 1; bit >= 0; bit--) {
|
502
520
|
// Incorporate the next bit of the numerator, by computing
|
503
521
|
// r = 2*r or 2*r + 1. Note the result fits in one more word. We store the
|
@@ -157,10 +157,11 @@ int bn_lcm_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) {
|
|
157
157
|
BN_CTX_start(ctx);
|
158
158
|
unsigned shift;
|
159
159
|
BIGNUM *gcd = BN_CTX_get(ctx);
|
160
|
-
int ret = gcd != NULL &&
|
160
|
+
int ret = gcd != NULL && //
|
161
161
|
bn_mul_consttime(r, a, b, ctx) &&
|
162
162
|
bn_gcd_consttime(gcd, &shift, a, b, ctx) &&
|
163
|
-
|
163
|
+
// |gcd| has a secret bit width.
|
164
|
+
bn_div_consttime(r, NULL, r, gcd, /*divisor_min_bits=*/0, ctx) &&
|
164
165
|
bn_rshift_secret_shift(r, r, shift, ctx);
|
165
166
|
BN_CTX_end(ctx);
|
166
167
|
return ret;
|
@@ -552,12 +552,15 @@ int bn_sqr_consttime(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
|
|
552
552
|
// bn_div_consttime behaves like |BN_div|, but it rejects negative inputs and
|
553
553
|
// treats both inputs, including their magnitudes, as secret. It is, as a
|
554
554
|
// result, much slower than |BN_div| and should only be used for rare operations
|
555
|
-
// where Montgomery reduction is not available.
|
555
|
+
// where Montgomery reduction is not available. |divisor_min_bits| is a
|
556
|
+
// public lower bound for |BN_num_bits(divisor)|. When |divisor|'s bit width is
|
557
|
+
// public, this can speed up the operation.
|
556
558
|
//
|
557
559
|
// Note that |quotient->width| will be set pessimally to |numerator->width|.
|
558
560
|
OPENSSL_EXPORT int bn_div_consttime(BIGNUM *quotient, BIGNUM *remainder,
|
559
561
|
const BIGNUM *numerator,
|
560
|
-
const BIGNUM *divisor,
|
562
|
+
const BIGNUM *divisor,
|
563
|
+
unsigned divisor_min_bits, BN_CTX *ctx);
|
561
564
|
|
562
565
|
// bn_is_relatively_prime checks whether GCD(|x|, |y|) is one. On success, it
|
563
566
|
// returns one and sets |*out_relatively_prime| to one if the GCD was one and
|
@@ -911,6 +911,16 @@ static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx,
|
|
911
911
|
size_t key_len, size_t tag_len) {
|
912
912
|
const size_t key_bits = key_len * 8;
|
913
913
|
|
914
|
+
switch (key_bits) {
|
915
|
+
case 128:
|
916
|
+
boringssl_fips_inc_counter(fips_counter_evp_aes_128_gcm);
|
917
|
+
break;
|
918
|
+
|
919
|
+
case 256:
|
920
|
+
boringssl_fips_inc_counter(fips_counter_evp_aes_256_gcm);
|
921
|
+
break;
|
922
|
+
}
|
923
|
+
|
914
924
|
if (key_bits != 128 && key_bits != 192 && key_bits != 256) {
|
915
925
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
|
916
926
|
return 0; // EVP_AEAD_CTX_init should catch this.
|
@@ -72,7 +72,7 @@ uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) {
|
|
72
72
|
return out;
|
73
73
|
}
|
74
74
|
|
75
|
-
// Implemented from
|
75
|
+
// Implemented from RFC 1186 The MD4 Message-Digest Algorithm.
|
76
76
|
|
77
77
|
int MD4_Init(MD4_CTX *md4) {
|
78
78
|
OPENSSL_memset(md4, 0, sizeof(MD4_CTX));
|
@@ -193,7 +193,7 @@ static void gcm_mul64_nohw(uint64_t *out_lo, uint64_t *out_hi, uint64_t a,
|
|
193
193
|
#endif // BORINGSSL_HAS_UINT128
|
194
194
|
|
195
195
|
void gcm_init_nohw(u128 Htable[16], const uint64_t Xi[2]) {
|
196
|
-
// We implement GHASH in terms of POLYVAL, as described in
|
196
|
+
// We implement GHASH in terms of POLYVAL, as described in RFC 8452. This
|
197
197
|
// avoids a shift by 1 in the multiplication, needed to account for bit
|
198
198
|
// reversal losing a bit after multiplication, that is,
|
199
199
|
// rev128(X) * rev128(Y) = rev255(X*Y).
|
@@ -356,7 +356,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
356
356
|
int used_cpu;
|
357
357
|
rand_get_seed(state, seed, &used_cpu);
|
358
358
|
|
359
|
-
uint8_t personalization[CTR_DRBG_ENTROPY_LEN];
|
359
|
+
uint8_t personalization[CTR_DRBG_ENTROPY_LEN] = {0};
|
360
360
|
size_t personalization_len = 0;
|
361
361
|
#if defined(OPENSSL_URANDOM)
|
362
362
|
// If we used RDRAND, also opportunistically read from the system. This
|
@@ -206,6 +206,12 @@ void RSA_get0_factors(const RSA *rsa, const BIGNUM **out_p,
|
|
206
206
|
}
|
207
207
|
}
|
208
208
|
|
209
|
+
const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *rsa) {
|
210
|
+
// We do not support the id-RSASSA-PSS key encoding. If we add support later,
|
211
|
+
// the |maskHash| field should be filled in for OpenSSL compatibility.
|
212
|
+
return NULL;
|
213
|
+
}
|
214
|
+
|
209
215
|
void RSA_get0_crt_params(const RSA *rsa, const BIGNUM **out_dmp1,
|
210
216
|
const BIGNUM **out_dmq1, const BIGNUM **out_iqmp) {
|
211
217
|
if (out_dmp1 != NULL) {
|
@@ -657,7 +663,8 @@ err:
|
|
657
663
|
}
|
658
664
|
|
659
665
|
static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv,
|
660
|
-
const BIGNUM *m,
|
666
|
+
const BIGNUM *m, unsigned m_min_bits,
|
667
|
+
BN_CTX *ctx) {
|
661
668
|
if (BN_is_negative(ainv) || BN_cmp(ainv, m) >= 0) {
|
662
669
|
*out_ok = 0;
|
663
670
|
return 1;
|
@@ -670,7 +677,7 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv,
|
|
670
677
|
BIGNUM *tmp = BN_CTX_get(ctx);
|
671
678
|
int ret = tmp != NULL &&
|
672
679
|
bn_mul_consttime(tmp, a, ainv, ctx) &&
|
673
|
-
bn_div_consttime(NULL, tmp, tmp, m, ctx);
|
680
|
+
bn_div_consttime(NULL, tmp, tmp, m, m_min_bits, ctx);
|
674
681
|
if (ret) {
|
675
682
|
*out_ok = BN_is_one(tmp);
|
676
683
|
}
|
@@ -750,10 +757,15 @@ int RSA_check_key(const RSA *key) {
|
|
750
757
|
// simply check that d * e is one mod p-1 and mod q-1. Note d and e were bound
|
751
758
|
// by earlier checks in this function.
|
752
759
|
if (!bn_usub_consttime(&pm1, key->p, BN_value_one()) ||
|
753
|
-
!bn_usub_consttime(&qm1, key->q, BN_value_one())
|
754
|
-
|
755
|
-
|
756
|
-
|
760
|
+
!bn_usub_consttime(&qm1, key->q, BN_value_one())) {
|
761
|
+
OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
|
762
|
+
goto out;
|
763
|
+
}
|
764
|
+
const unsigned pm1_bits = BN_num_bits(&pm1);
|
765
|
+
const unsigned qm1_bits = BN_num_bits(&qm1);
|
766
|
+
if (!bn_mul_consttime(&de, key->d, key->e, ctx) ||
|
767
|
+
!bn_div_consttime(NULL, &tmp, &de, &pm1, pm1_bits, ctx) ||
|
768
|
+
!bn_div_consttime(NULL, &de, &de, &qm1, qm1_bits, ctx)) {
|
757
769
|
OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
|
758
770
|
goto out;
|
759
771
|
}
|
@@ -772,9 +784,12 @@ int RSA_check_key(const RSA *key) {
|
|
772
784
|
|
773
785
|
if (has_crt_values) {
|
774
786
|
int dmp1_ok, dmq1_ok, iqmp_ok;
|
775
|
-
if (!check_mod_inverse(&dmp1_ok, key->e, key->dmp1, &pm1, ctx) ||
|
776
|
-
!check_mod_inverse(&dmq1_ok, key->e, key->dmq1, &qm1, ctx) ||
|
777
|
-
|
787
|
+
if (!check_mod_inverse(&dmp1_ok, key->e, key->dmp1, &pm1, pm1_bits, ctx) ||
|
788
|
+
!check_mod_inverse(&dmq1_ok, key->e, key->dmq1, &qm1, qm1_bits, ctx) ||
|
789
|
+
// |p| is odd, so |pm1| and |p| have the same bit width. If they didn't,
|
790
|
+
// we only need a lower bound anyway.
|
791
|
+
!check_mod_inverse(&iqmp_ok, key->q, key->iqmp, key->p, pm1_bits,
|
792
|
+
ctx)) {
|
778
793
|
OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
|
779
794
|
goto out;
|
780
795
|
}
|