grpc 1.53.0 → 1.54.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (695) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +80 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/impl/grpc_types.h +11 -2
  6. data/include/grpc/support/port_platform.h +4 -4
  7. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  9. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  10. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  11. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  12. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  13. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  14. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  15. data/src/core/ext/filters/client_channel/http_proxy.cc +1 -1
  16. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  17. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  18. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  19. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
  20. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  21. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  22. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  25. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  26. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  27. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  28. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  29. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  30. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  31. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  32. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  33. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  34. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  35. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  36. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  37. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  38. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  39. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  40. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  41. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  42. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  43. data/src/core/ext/gcp/metadata_query.cc +137 -0
  44. data/src/core/ext/gcp/metadata_query.h +87 -0
  45. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  46. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +12 -8
  47. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +5 -1
  48. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +149 -60
  49. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  50. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  51. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  52. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +118 -222
  53. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +295 -113
  54. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -0
  55. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -0
  56. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +466 -273
  57. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +7 -3
  58. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +14 -12
  59. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +9 -1
  60. data/src/core/ext/transport/chttp2/transport/internal.h +18 -3
  61. data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
  62. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  63. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  64. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  65. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  67. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  68. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  69. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  70. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  71. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  72. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  73. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  74. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  75. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  76. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  77. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  78. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  79. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  80. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  81. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  82. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  83. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  84. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  85. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  86. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  87. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  88. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  89. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  90. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  91. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  92. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  94. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  95. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  96. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  97. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  98. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  99. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  100. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  101. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  102. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  103. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  104. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  105. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  106. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  107. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  108. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  109. data/src/core/ext/xds/xds_client_stats.h +24 -20
  110. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  111. data/src/core/ext/xds/xds_endpoint.h +9 -1
  112. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  113. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  114. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  115. data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.h → lib/backoff/random_early_detection.cc} +14 -12
  116. data/src/core/lib/backoff/random_early_detection.h +59 -0
  117. data/src/core/lib/channel/call_finalization.h +1 -1
  118. data/src/core/lib/channel/call_tracer.cc +51 -0
  119. data/src/core/lib/channel/call_tracer.h +101 -38
  120. data/src/core/lib/channel/connected_channel.cc +483 -1050
  121. data/src/core/lib/channel/context.h +8 -1
  122. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  123. data/src/core/lib/channel/promise_based_filter.h +27 -13
  124. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  125. data/src/core/lib/config/config_vars.cc +151 -0
  126. data/src/core/lib/config/config_vars.h +127 -0
  127. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  128. data/src/core/lib/config/load_config.cc +66 -0
  129. data/src/core/lib/config/load_config.h +49 -0
  130. data/src/core/lib/debug/trace.cc +5 -6
  131. data/src/core/lib/debug/trace.h +0 -5
  132. data/src/core/lib/event_engine/event_engine.cc +37 -2
  133. data/src/core/lib/event_engine/handle_containers.h +7 -22
  134. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  135. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  136. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  137. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  138. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  139. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  140. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
  141. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  142. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  143. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  144. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  145. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  146. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  147. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  148. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  149. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  150. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  151. data/src/core/lib/experiments/config.cc +3 -10
  152. data/src/core/lib/experiments/experiments.cc +7 -0
  153. data/src/core/lib/experiments/experiments.h +9 -1
  154. data/src/core/lib/gpr/log.cc +15 -28
  155. data/src/core/lib/gprpp/fork.cc +8 -14
  156. data/src/core/lib/gprpp/orphanable.h +4 -3
  157. data/src/core/lib/gprpp/per_cpu.h +9 -3
  158. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  159. data/src/core/lib/gprpp/ref_counted.h +33 -34
  160. data/src/core/lib/gprpp/thd.h +16 -0
  161. data/src/core/lib/gprpp/time.cc +1 -0
  162. data/src/core/lib/gprpp/time.h +4 -4
  163. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  164. data/src/core/lib/iomgr/call_combiner.h +2 -2
  165. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  166. data/src/core/lib/iomgr/endpoint_pair.h +2 -2
  167. data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
  168. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  169. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  170. data/src/core/lib/iomgr/ev_posix.h +0 -3
  171. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  172. data/src/core/lib/iomgr/iomgr.cc +4 -8
  173. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  174. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  175. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  176. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  177. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  178. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  179. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
  180. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  181. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  182. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  183. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  184. data/src/core/lib/promise/activity.cc +22 -6
  185. data/src/core/lib/promise/activity.h +61 -24
  186. data/src/core/lib/promise/cancel_callback.h +77 -0
  187. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  188. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  189. data/src/core/lib/promise/for_each.h +176 -0
  190. data/src/core/lib/promise/if.h +9 -0
  191. data/src/core/lib/promise/interceptor_list.h +23 -2
  192. data/src/core/lib/promise/latch.h +89 -3
  193. data/src/core/lib/promise/loop.h +13 -9
  194. data/src/core/lib/promise/map.h +7 -0
  195. data/src/core/lib/promise/party.cc +286 -0
  196. data/src/core/lib/promise/party.h +499 -0
  197. data/src/core/lib/promise/pipe.h +197 -57
  198. data/src/core/lib/promise/poll.h +48 -0
  199. data/src/core/lib/promise/promise.h +2 -2
  200. data/src/core/lib/resource_quota/arena.cc +19 -3
  201. data/src/core/lib/resource_quota/arena.h +119 -5
  202. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  203. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  204. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  205. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  206. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  207. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  208. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  209. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  210. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  211. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  212. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  213. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  214. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  215. data/src/core/lib/slice/slice.cc +1 -1
  216. data/src/core/lib/surface/builtins.cc +2 -0
  217. data/src/core/lib/surface/call.cc +926 -1024
  218. data/src/core/lib/surface/call.h +10 -0
  219. data/src/core/lib/surface/lame_client.cc +1 -0
  220. data/src/core/lib/surface/validate_metadata.cc +43 -42
  221. data/src/core/lib/surface/validate_metadata.h +9 -0
  222. data/src/core/lib/surface/version.cc +2 -2
  223. data/src/core/lib/transport/batch_builder.cc +179 -0
  224. data/src/core/lib/transport/batch_builder.h +468 -0
  225. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  226. data/src/core/lib/transport/bdp_estimator.h +10 -6
  227. data/src/core/lib/transport/custom_metadata.h +30 -0
  228. data/src/core/lib/transport/metadata_batch.cc +9 -6
  229. data/src/core/lib/transport/metadata_batch.h +168 -18
  230. data/src/core/lib/transport/parsed_metadata.h +19 -9
  231. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  232. data/src/core/lib/transport/transport.cc +30 -2
  233. data/src/core/lib/transport/transport.h +70 -14
  234. data/src/core/lib/transport/transport_impl.h +7 -0
  235. data/src/core/lib/transport/transport_op_string.cc +52 -42
  236. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  237. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  238. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  239. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  240. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  241. data/src/core/tsi/ssl_transport_security.cc +4 -2
  242. data/src/ruby/lib/grpc/version.rb +1 -1
  243. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  244. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  245. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  246. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  247. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  248. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  249. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  250. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  251. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  252. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  253. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  254. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  255. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  256. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  257. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  258. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  259. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  260. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  261. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  262. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  263. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  264. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  265. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  266. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  267. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  268. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  269. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  288. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  289. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  290. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  291. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  292. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  293. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  294. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  295. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  296. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  297. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  298. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  299. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  300. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  301. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  302. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  303. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  304. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  305. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  306. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  307. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  308. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  309. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  310. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  311. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  312. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  313. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  314. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  315. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  316. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  317. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  318. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  319. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  320. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  321. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  322. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  323. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  324. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  325. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  326. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  327. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  328. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  329. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  330. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  331. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  332. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  333. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  334. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  335. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  336. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  337. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  338. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  339. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  340. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  341. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  342. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  343. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  344. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  345. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  346. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  347. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  348. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  349. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  350. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  351. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  352. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  353. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  354. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  355. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  363. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  364. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  365. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  366. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  367. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  368. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  369. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  370. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  371. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  372. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  373. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  396. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  398. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  403. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  405. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  410. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  446. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  447. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  448. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  449. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  450. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  451. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  452. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  454. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  455. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  456. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  457. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  458. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  459. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  460. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  461. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  462. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  463. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  464. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  465. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  466. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  467. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  468. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  469. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  470. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  471. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  472. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  473. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  474. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  475. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  476. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  477. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  478. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  479. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  480. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  481. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  482. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  483. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  484. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  485. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  486. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  487. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  488. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  489. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  490. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  491. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  532. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  533. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  534. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  535. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  536. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  537. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  538. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  539. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  540. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  541. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  557. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  558. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  559. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  560. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  561. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  562. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  563. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  564. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  565. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  566. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  567. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  568. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  569. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  570. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  571. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  572. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  573. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  574. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  575. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  576. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  577. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  578. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  579. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  580. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  581. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  582. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  583. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  584. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  585. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  586. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  587. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  588. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  589. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  591. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  592. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  593. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  594. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  595. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  596. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  597. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  598. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  599. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  600. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  601. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  602. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  603. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  604. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  605. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  606. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  607. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  608. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  609. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  610. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  611. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  612. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  613. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  614. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  615. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  616. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  617. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  618. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  619. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  620. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  621. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  622. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  623. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  624. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  625. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  630. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  631. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  632. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  633. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  634. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  635. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  636. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  637. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  638. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  639. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  640. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  641. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  642. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  643. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  644. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  645. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  646. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  647. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  648. metadata +105 -70
  649. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  650. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  651. data/src/core/lib/gprpp/global_config.h +0 -93
  652. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  653. data/src/core/lib/gprpp/global_config_env.h +0 -133
  654. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  655. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  656. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  657. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  658. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  659. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  660. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  661. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  662. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  663. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  664. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  665. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  666. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  667. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  668. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  669. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  670. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  671. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  672. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  673. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  674. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  675. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  676. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  677. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  678. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  679. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  680. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  681. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  682. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  683. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  684. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  685. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  686. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  687. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  688. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  689. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  690. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  691. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  692. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  693. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  694. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  695. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c CHANGED
@@ -13,7 +13,6 @@
13
13
 
14
14
  #include <openssl/err.h>
15
15
  #include <openssl/mem.h>
16
- #include <openssl/type_check.h>
17
16
 
18
17
  #include "../internal.h"
19
18
 
@@ -30,7 +29,7 @@
30
29
  // A block_t is a Salsa20 block.
31
30
  typedef struct { uint32_t words[16]; } block_t;
32
31
 
33
- OPENSSL_STATIC_ASSERT(sizeof(block_t) == 64, "block_t has padding");
32
+ static_assert(sizeof(block_t) == 64, "block_t has padding");
34
33
 
35
34
  // salsa208_word_specification implements the Salsa20/8 core function, also
36
35
  // described in RFC 7914, section 3. It modifies the block at |inout|
@@ -171,14 +170,13 @@ int EVP_PBE_scrypt(const char *password, size_t password_len,
171
170
 
172
171
  // Allocate and divide up the scratch space. |max_mem| fits in a size_t, which
173
172
  // is no bigger than uint64_t, so none of these operations may overflow.
174
- OPENSSL_STATIC_ASSERT(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
173
+ static_assert(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
175
174
  size_t B_blocks = p * 2 * r;
176
175
  size_t B_bytes = B_blocks * sizeof(block_t);
177
176
  size_t T_blocks = 2 * r;
178
177
  size_t V_blocks = N * 2 * r;
179
178
  block_t *B = OPENSSL_malloc((B_blocks + T_blocks + V_blocks) * sizeof(block_t));
180
179
  if (B == NULL) {
181
- OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
182
180
  return 0;
183
181
  }
184
182
 
data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c CHANGED
@@ -56,6 +56,8 @@
56
56
 
57
57
  #include <openssl/evp.h>
58
58
 
59
+ #include <limits.h>
60
+
59
61
  #include <openssl/digest.h>
60
62
  #include <openssl/err.h>
61
63
 
@@ -74,15 +76,20 @@ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
74
76
  return EVP_DigestUpdate(ctx, data, len);
75
77
  }
76
78
 
77
- int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
78
- unsigned int *out_sig_len, EVP_PKEY *pkey) {
79
+ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, unsigned *out_sig_len,
80
+ EVP_PKEY *pkey) {
79
81
  uint8_t m[EVP_MAX_MD_SIZE];
80
- unsigned int m_len;
82
+ unsigned m_len;
81
83
  int ret = 0;
82
84
  EVP_MD_CTX tmp_ctx;
83
85
  EVP_PKEY_CTX *pkctx = NULL;
84
86
  size_t sig_len = EVP_PKEY_size(pkey);
85
87
 
88
+ // Ensure the final result will fit in |unsigned|.
89
+ if (sig_len > UINT_MAX) {
90
+ sig_len = UINT_MAX;
91
+ }
92
+
86
93
  *out_sig_len = 0;
87
94
  EVP_MD_CTX_init(&tmp_ctx);
88
95
  if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
@@ -92,19 +99,17 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
92
99
  EVP_MD_CTX_cleanup(&tmp_ctx);
93
100
 
94
101
  pkctx = EVP_PKEY_CTX_new(pkey, NULL);
95
- if (!pkctx || !EVP_PKEY_sign_init(pkctx) ||
102
+ if (!pkctx || //
103
+ !EVP_PKEY_sign_init(pkctx) ||
96
104
  !EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) ||
97
105
  !EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) {
98
106
  goto out;
99
107
  }
100
- *out_sig_len = sig_len;
108
+ *out_sig_len = (unsigned)sig_len;
101
109
  ret = 1;
102
110
 
103
111
  out:
104
- if (pkctx) {
105
- EVP_PKEY_CTX_free(pkctx);
106
- }
107
-
112
+ EVP_PKEY_CTX_free(pkctx);
108
113
  return ret;
109
114
  }
110
115
 
@@ -123,7 +128,7 @@ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
123
128
  int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len,
124
129
  EVP_PKEY *pkey) {
125
130
  uint8_t m[EVP_MAX_MD_SIZE];
126
- unsigned int m_len;
131
+ unsigned m_len;
127
132
  int ret = 0;
128
133
  EVP_MD_CTX tmp_ctx;
129
134
  EVP_PKEY_CTX *pkctx = NULL;
data/third_party/boringssl-with-bazel/src/crypto/ex_data.c CHANGED
@@ -109,6 +109,8 @@
109
109
  #include <openssl/ex_data.h>
110
110
 
111
111
  #include <assert.h>
112
+ #include <limits.h>
113
+ #include <stdlib.h>
112
114
  #include <string.h>
113
115
 
114
116
  #include <openssl/crypto.h>
@@ -135,7 +137,6 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
135
137
 
136
138
  funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
137
139
  if (funcs == NULL) {
138
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
139
140
  return 0;
140
141
  }
141
142
 
@@ -149,44 +150,55 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
149
150
  ex_data_class->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
150
151
  }
151
152
 
152
- if (ex_data_class->meth == NULL ||
153
- !sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) {
154
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
155
- OPENSSL_free(funcs);
153
+ if (ex_data_class->meth == NULL) {
156
154
  goto err;
157
155
  }
158
156
 
159
- *out_index = sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1 +
157
+ // The index must fit in |int|.
158
+ if (sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) >
159
+ (size_t)(INT_MAX - ex_data_class->num_reserved)) {
160
+ OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
161
+ goto err;
162
+ }
163
+
164
+ if (!sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) {
165
+ goto err;
166
+ }
167
+ funcs = NULL; // |sk_CRYPTO_EX_DATA_FUNCS_push| takes ownership.
168
+
169
+ *out_index = (int)sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1 +
160
170
  ex_data_class->num_reserved;
161
171
  ret = 1;
162
172
 
163
173
  err:
164
174
  CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock);
175
+ OPENSSL_free(funcs);
165
176
  return ret;
166
177
  }
167
178
 
168
179
  int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) {
169
- int n, i;
180
+ if (index < 0) {
181
+ // A caller that can accidentally pass in an invalid index into this
182
+ // function will hit an memory error if |index| happened to be valid, and
183
+ // expected |val| to be of a different type.
184
+ abort();
185
+ }
170
186
 
171
187
  if (ad->sk == NULL) {
172
188
  ad->sk = sk_void_new_null();
173
189
  if (ad->sk == NULL) {
174
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
175
190
  return 0;
176
191
  }
177
192
  }
178
193
 
179
- n = sk_void_num(ad->sk);
180
-
181
194
  // Add NULL values until the stack is long enough.
182
- for (i = n; i <= index; i++) {
195
+ for (size_t i = sk_void_num(ad->sk); i <= (size_t)index; i++) {
183
196
  if (!sk_void_push(ad->sk, NULL)) {
184
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
185
197
  return 0;
186
198
  }
187
199
  }
188
200
 
189
- sk_void_set(ad->sk, index, val);
201
+ sk_void_set(ad->sk, (size_t)index, val);
190
202
  return 1;
191
203
  }
192
204
 
@@ -218,7 +230,6 @@ static int get_func_pointers(STACK_OF(CRYPTO_EX_DATA_FUNCS) **out,
218
230
  CRYPTO_STATIC_MUTEX_unlock_read(&ex_data_class->lock);
219
231
 
220
232
  if (n > 0 && *out == NULL) {
221
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
222
233
  return 0;
223
234
  }
224
235
 
@@ -242,7 +253,10 @@ void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj,
242
253
  return;
243
254
  }
244
255
 
245
- for (size_t i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) {
256
+ // |CRYPTO_get_ex_new_index| will not allocate indices beyond |INT_MAX|.
257
+ assert(sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers) <=
258
+ (size_t)(INT_MAX - ex_data_class->num_reserved));
259
+ for (int i = 0; i < (int)sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) {
246
260
  CRYPTO_EX_DATA_FUNCS *func_pointer =
247
261
  sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i);
248
262
  if (func_pointer->free_func) {
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c CHANGED
@@ -50,8 +50,6 @@
50
50
 
51
51
  #include <assert.h>
52
52
 
53
- #include <openssl/cpu.h>
54
-
55
53
  #include "internal.h"
56
54
  #include "../modes/internal.h"
57
55
 
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c CHANGED
@@ -18,6 +18,7 @@
18
18
  #include <string.h>
19
19
 
20
20
  #include "../../internal.h"
21
+ #include "internal.h"
21
22
 
22
23
  #if defined(OPENSSL_SSE2)
23
24
  #include <emmintrin.h>
@@ -151,10 +152,10 @@ static inline aes_word_t aes_nohw_shift_right(aes_word_t a, aes_word_t i) {
151
152
  }
152
153
  #endif // OPENSSL_SSE2
153
154
 
154
- OPENSSL_STATIC_ASSERT(AES_NOHW_BATCH_SIZE * 128 == 8 * 8 * sizeof(aes_word_t),
155
- "batch size does not match word size");
156
- OPENSSL_STATIC_ASSERT(AES_NOHW_WORD_SIZE == sizeof(aes_word_t),
157
- "AES_NOHW_WORD_SIZE is incorrect");
155
+ static_assert(AES_NOHW_BATCH_SIZE * 128 == 8 * 8 * sizeof(aes_word_t),
156
+ "batch size does not match word size");
157
+ static_assert(AES_NOHW_WORD_SIZE == sizeof(aes_word_t),
158
+ "AES_NOHW_WORD_SIZE is incorrect");
158
159
 
159
160
 
160
161
  // Block representations.
@@ -1181,29 +1182,27 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
1181
1182
  aes_nohw_expand_round_keys(&sched, key);
1182
1183
 
1183
1184
  // Make |AES_NOHW_BATCH_SIZE| copies of |ivec|.
1184
- alignas(AES_NOHW_WORD_SIZE) union {
1185
- uint32_t u32[AES_NOHW_BATCH_SIZE * 4];
1186
- uint8_t u8[AES_NOHW_BATCH_SIZE * 16];
1187
- } ivs, enc_ivs;
1185
+ alignas(AES_NOHW_WORD_SIZE) uint8_t ivs[AES_NOHW_BATCH_SIZE * 16];
1186
+ alignas(AES_NOHW_WORD_SIZE) uint8_t enc_ivs[AES_NOHW_BATCH_SIZE * 16];
1188
1187
  for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) {
1189
- memcpy(ivs.u8 + 16 * i, ivec, 16);
1188
+ memcpy(ivs + 16 * i, ivec, 16);
1190
1189
  }
1191
1190
 
1192
- uint32_t ctr = CRYPTO_bswap4(ivs.u32[3]);
1191
+ uint32_t ctr = CRYPTO_load_u32_be(ivs + 12);
1193
1192
  for (;;) {
1194
1193
  // Update counters.
1195
1194
  for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) {
1196
- ivs.u32[4 * i + 3] = CRYPTO_bswap4(ctr + i);
1195
+ CRYPTO_store_u32_be(ivs + 16 * i + 12, ctr + (uint32_t)i);
1197
1196
  }
1198
1197
 
1199
1198
  size_t todo = blocks >= AES_NOHW_BATCH_SIZE ? AES_NOHW_BATCH_SIZE : blocks;
1200
1199
  AES_NOHW_BATCH batch;
1201
- aes_nohw_to_batch(&batch, ivs.u8, todo);
1200
+ aes_nohw_to_batch(&batch, ivs, todo);
1202
1201
  aes_nohw_encrypt_batch(&sched, key->rounds, &batch);
1203
- aes_nohw_from_batch(enc_ivs.u8, todo, &batch);
1202
+ aes_nohw_from_batch(enc_ivs, todo, &batch);
1204
1203
 
1205
1204
  for (size_t i = 0; i < todo; i++) {
1206
- aes_nohw_xor_block(out + 16 * i, in + 16 * i, enc_ivs.u8 + 16 * i);
1205
+ aes_nohw_xor_block(out + 16 * i, in + 16 * i, enc_ivs + 16 * i);
1207
1206
  }
1208
1207
 
1209
1208
  blocks -= todo;
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h CHANGED
@@ -17,7 +17,7 @@
17
17
 
18
18
  #include <stdlib.h>
19
19
 
20
- #include <openssl/cpu.h>
20
+ #include "../../internal.h"
21
21
 
22
22
  #if defined(__cplusplus)
23
23
  extern "C" {
@@ -30,18 +30,14 @@ extern "C" {
30
30
  #define HWAES
31
31
  #define HWAES_ECB
32
32
 
33
- OPENSSL_INLINE int hwaes_capable(void) {
34
- return (OPENSSL_ia32cap_get()[1] & (1 << (57 - 32))) != 0;
35
- }
33
+ OPENSSL_INLINE int hwaes_capable(void) { return CRYPTO_is_AESNI_capable(); }
36
34
 
37
35
  #define VPAES
38
36
  #if defined(OPENSSL_X86_64)
39
37
  #define VPAES_CTR32
40
38
  #endif
41
39
  #define VPAES_CBC
42
- OPENSSL_INLINE int vpaes_capable(void) {
43
- return (OPENSSL_ia32cap_get()[1] & (1 << (41 - 32))) != 0;
44
- }
40
+ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_SSSE3_capable(); }
45
41
 
46
42
  #elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
47
43
  #define HWAES
@@ -63,12 +59,6 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
63
59
  OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
64
60
  #endif
65
61
 
66
- #elif defined(OPENSSL_PPC64LE)
67
- #define HWAES
68
-
69
- OPENSSL_INLINE int hwaes_capable(void) {
70
- return CRYPTO_is_PPC64LE_vcrypto_capable();
71
- }
72
62
  #endif
73
63
 
74
64
  #endif // !NO_ASM
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c CHANGED
@@ -55,6 +55,7 @@
55
55
  #include <openssl/mem.h>
56
56
 
57
57
  #include "../../internal.h"
58
+ #include "../service_indicator/internal.h"
58
59
 
59
60
 
60
61
  // kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1.
@@ -98,6 +99,7 @@ int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
98
99
  }
99
100
 
100
101
  OPENSSL_memcpy(out, A, 8);
102
+ FIPS_service_indicator_update_state();
101
103
  return (int)in_len + 8;
102
104
  }
103
105
 
@@ -151,6 +153,7 @@ int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
151
153
  return -1;
152
154
  }
153
155
 
156
+ FIPS_service_indicator_update_state();
154
157
  return (int)in_len - 8;
155
158
  }
156
159
 
@@ -161,10 +164,8 @@ static const uint8_t kPaddingConstant[4] = {0xa6, 0x59, 0x59, 0xa6};
161
164
  int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
162
165
  size_t max_out, const uint8_t *in, size_t in_len) {
163
166
  // See https://tools.ietf.org/html/rfc5649#section-4.1
164
- const uint32_t in_len32_be = CRYPTO_bswap4(in_len);
165
167
  const uint64_t in_len64 = in_len;
166
168
  const size_t padded_len = (in_len + 7) & ~7;
167
-
168
169
  *out_len = 0;
169
170
  if (in_len == 0 || in_len64 > 0xffffffffu || in_len + 7 < in_len ||
170
171
  padded_len + 8 < padded_len || max_out < padded_len + 8) {
@@ -173,7 +174,7 @@ int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
173
174
 
174
175
  uint8_t block[AES_BLOCK_SIZE];
175
176
  memcpy(block, kPaddingConstant, sizeof(kPaddingConstant));
176
- memcpy(block + 4, &in_len32_be, sizeof(in_len32_be));
177
+ CRYPTO_store_u32_be(block + 4, (uint32_t)in_len);
177
178
 
178
179
  if (in_len <= 8) {
179
180
  memset(block + 8, 0, 8);
@@ -190,12 +191,15 @@ int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
190
191
  assert(padded_len >= 8);
191
192
  memset(padded_in + padded_len - 8, 0, 8);
192
193
  memcpy(padded_in, in, in_len);
194
+ FIPS_service_indicator_lock_state();
193
195
  const int ret = AES_wrap_key(key, block, out, padded_in, padded_len);
196
+ FIPS_service_indicator_unlock_state();
194
197
  OPENSSL_free(padded_in);
195
198
  if (ret < 0) {
196
199
  return 0;
197
200
  }
198
201
  *out_len = ret;
202
+ FIPS_service_indicator_update_state();
199
203
  return 1;
200
204
  }
201
205
 
@@ -220,9 +224,7 @@ int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
220
224
  crypto_word_t ok = constant_time_eq_int(
221
225
  CRYPTO_memcmp(iv, kPaddingConstant, sizeof(kPaddingConstant)), 0);
222
226
 
223
- uint32_t claimed_len32;
224
- memcpy(&claimed_len32, iv + 4, sizeof(claimed_len32));
225
- const size_t claimed_len = CRYPTO_bswap4(claimed_len32);
227
+ const size_t claimed_len = CRYPTO_load_u32_be(iv + 4);
226
228
  ok &= ~constant_time_is_zero_w(claimed_len);
227
229
  ok &= constant_time_eq_w((claimed_len - 1) >> 3, (in_len - 9) >> 3);
228
230
 
@@ -232,5 +234,9 @@ int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
232
234
  }
233
235
 
234
236
  *out_len = constant_time_select_w(ok, claimed_len, 0);
235
- return ok & 1;
237
+ const int ret = ok & 1;
238
+ if (ret) {
239
+ FIPS_service_indicator_update_state();
240
+ }
241
+ return ret;
236
242
  }
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c CHANGED
@@ -52,6 +52,7 @@
52
52
 
53
53
  #include "../aes/internal.h"
54
54
  #include "../modes/internal.h"
55
+ #include "../service_indicator/internal.h"
55
56
 
56
57
 
57
58
  void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
@@ -74,6 +75,8 @@ void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
74
75
  CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num,
75
76
  aes_nohw_ctr32_encrypt_blocks);
76
77
  }
78
+
79
+ FIPS_service_indicator_update_state();
77
80
  }
78
81
 
79
82
  void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key,
@@ -86,24 +89,23 @@ void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key,
86
89
  } else {
87
90
  AES_decrypt(in, out, key);
88
91
  }
92
+
93
+ FIPS_service_indicator_update_state();
89
94
  }
90
95
 
91
96
  void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
92
97
  const AES_KEY *key, uint8_t *ivec, const int enc) {
93
98
  if (hwaes_capable()) {
94
99
  aes_hw_cbc_encrypt(in, out, len, key, ivec, enc);
95
- return;
96
- }
97
-
98
- if (!vpaes_capable()) {
100
+ } else if (!vpaes_capable()) {
99
101
  aes_nohw_cbc_encrypt(in, out, len, key, ivec, enc);
100
- return;
101
- }
102
- if (enc) {
102
+ } else if (enc) {
103
103
  CRYPTO_cbc128_encrypt(in, out, len, key, ivec, AES_encrypt);
104
104
  } else {
105
105
  CRYPTO_cbc128_decrypt(in, out, len, key, ivec, AES_decrypt);
106
106
  }
107
+
108
+ FIPS_service_indicator_update_state();
107
109
  }
108
110
 
109
111
  void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t length,
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c CHANGED
@@ -58,12 +58,13 @@
58
58
  #include "cipher/aead.c"
59
59
  #include "cipher/cipher.c"
60
60
  #include "cipher/e_aes.c"
61
- #include "cipher/e_des.c"
62
- #include "des/des.c"
61
+ #include "cipher/e_aesccm.c"
62
+ #include "cmac/cmac.c"
63
63
  #include "dh/check.c"
64
64
  #include "dh/dh.c"
65
65
  #include "digest/digest.c"
66
66
  #include "digest/digests.c"
67
+ #include "digestsign/digestsign.c"
67
68
  #include "ecdh/ecdh.c"
68
69
  #include "ecdsa/ecdsa.c"
69
70
  #include "ec/ec.c"
@@ -73,7 +74,7 @@
73
74
  #include "ec/oct.c"
74
75
  #include "ec/p224-64.c"
75
76
  #include "ec/p256.c"
76
- #include "ec/p256-x86_64.c"
77
+ #include "ec/p256-nistz.c"
77
78
  #include "ec/scalar.c"
78
79
  #include "ec/simple.c"
79
80
  #include "ec/simple_mul.c"
@@ -99,7 +100,7 @@
99
100
  #include "rsa/rsa_impl.c"
100
101
  #include "self_check/fips.c"
101
102
  #include "self_check/self_check.c"
102
- #include "sha/sha1-altivec.c"
103
+ #include "service_indicator/service_indicator.c"
103
104
  #include "sha/sha1.c"
104
105
  #include "sha/sha256.c"
105
106
  #include "sha/sha512.c"
@@ -171,6 +172,23 @@ BORINGSSL_bcm_power_on_self_test(void) {
171
172
  #if !defined(OPENSSL_ASAN)
172
173
  // Integrity tests cannot run under ASAN because it involves reading the full
173
174
  // .text section, which triggers the global-buffer overflow detection.
175
+ if (!BORINGSSL_integrity_test()) {
176
+ goto err;
177
+ }
178
+ #endif // OPENSSL_ASAN
179
+
180
+ if (!boringssl_self_test_startup()) {
181
+ goto err;
182
+ }
183
+
184
+ return;
185
+
186
+ err:
187
+ BORINGSSL_FIPS_abort();
188
+ }
189
+
190
+ #if !defined(OPENSSL_ASAN)
191
+ int BORINGSSL_integrity_test(void) {
174
192
  const uint8_t *const start = BORINGSSL_bcm_text_start;
175
193
  const uint8_t *const end = BORINGSSL_bcm_text_end;
176
194
 
@@ -192,17 +210,15 @@ BORINGSSL_bcm_power_on_self_test(void) {
192
210
  #endif
193
211
 
194
212
  assert_within(rodata_start, kPrimes, rodata_end);
195
- assert_within(rodata_start, des_skb, rodata_end);
196
213
  assert_within(rodata_start, kP256Params, rodata_end);
197
214
  assert_within(rodata_start, kPKCS1SigPrefixes, rodata_end);
198
215
 
199
- #if defined(OPENSSL_AARCH64) || defined(OPENSSL_ANDROID)
200
216
  uint8_t result[SHA256_DIGEST_LENGTH];
201
217
  const EVP_MD *const kHashFunction = EVP_sha256();
202
- #else
203
- uint8_t result[SHA512_DIGEST_LENGTH];
204
- const EVP_MD *const kHashFunction = EVP_sha512();
205
- #endif
218
+ if (!boringssl_self_test_sha256() ||
219
+ !boringssl_self_test_hmac_sha256()) {
220
+ return 0;
221
+ }
206
222
 
207
223
  static const uint8_t kHMACKey[64] = {0};
208
224
  unsigned result_len;
@@ -211,7 +227,7 @@ BORINGSSL_bcm_power_on_self_test(void) {
211
227
  if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), kHashFunction,
212
228
  NULL /* no ENGINE */)) {
213
229
  fprintf(stderr, "HMAC_Init_ex failed.\n");
214
- goto err;
230
+ return 0;
215
231
  }
216
232
 
217
233
  BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC);
@@ -231,30 +247,22 @@ BORINGSSL_bcm_power_on_self_test(void) {
231
247
  if (!HMAC_Final(&hmac_ctx, result, &result_len) ||
232
248
  result_len != sizeof(result)) {
233
249
  fprintf(stderr, "HMAC failed.\n");
234
- goto err;
250
+ return 0;
235
251
  }
236
- HMAC_CTX_cleanup(&hmac_ctx);
252
+ HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
237
253
 
238
254
  const uint8_t *expected = BORINGSSL_bcm_text_hash;
239
255
 
240
256
  if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) {
241
- goto err;
242
- }
243
-
244
- if (!boringssl_fips_self_test(BORINGSSL_bcm_text_hash, sizeof(result))) {
245
- goto err;
246
- }
247
- #else
248
- if (!BORINGSSL_self_test()) {
249
- goto err;
257
+ #if !defined(BORINGSSL_FIPS_BREAK_TESTS)
258
+ return 0;
259
+ #endif
250
260
  }
251
- #endif // OPENSSL_ASAN
252
-
253
- return;
254
261
 
255
- err:
256
- BORINGSSL_FIPS_abort();
262
+ OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10.
263
+ return 1;
257
264
  }
265
+ #endif // OPENSSL_ASAN
258
266
 
259
267
  void BORINGSSL_FIPS_abort(void) {
260
268
  for (;;) {
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c CHANGED
@@ -56,6 +56,7 @@
56
56
 
57
57
  #include <openssl/bn.h>
58
58
 
59
+ #include <assert.h>
59
60
  #include <limits.h>
60
61
  #include <string.h>
61
62
 
@@ -66,11 +67,15 @@
66
67
  #include "../delocate.h"
67
68
 
68
69
 
70
+ // BN_MAX_WORDS is the maximum number of words allowed in a |BIGNUM|. It is
71
+ // sized so byte and bit counts of a |BIGNUM| always fit in |int|, with room to
72
+ // spare.
73
+ #define BN_MAX_WORDS (INT_MAX / (4 * BN_BITS2))
74
+
69
75
  BIGNUM *BN_new(void) {
70
76
  BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM));
71
77
 
72
78
  if (bn == NULL) {
73
- OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
74
79
  return NULL;
75
80
  }
76
81
 
@@ -80,6 +85,8 @@ BIGNUM *BN_new(void) {
80
85
  return bn;
81
86
  }
82
87
 
88
+ BIGNUM *BN_secure_new(void) { return BN_new(); }
89
+
83
90
  void BN_init(BIGNUM *bn) {
84
91
  OPENSSL_memset(bn, 0, sizeof(BIGNUM));
85
92
  }
@@ -289,8 +296,9 @@ void bn_set_static_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
289
296
  }
290
297
  bn->d = (BN_ULONG *)words;
291
298
 
292
- bn->width = num;
293
- bn->dmax = num;
299
+ assert(num <= BN_MAX_WORDS);
300
+ bn->width = (int)num;
301
+ bn->dmax = (int)num;
294
302
  bn->neg = 0;
295
303
  bn->flags |= BN_FLG_STATIC_DATA;
296
304
  }
@@ -343,7 +351,7 @@ int bn_wexpand(BIGNUM *bn, size_t words) {
343
351
  return 1;
344
352
  }
345
353
 
346
- if (words > (INT_MAX / (4 * BN_BITS2))) {
354
+ if (words > BN_MAX_WORDS) {
347
355
  OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
348
356
  return 0;
349
357
  }
@@ -355,7 +363,6 @@ int bn_wexpand(BIGNUM *bn, size_t words) {
355
363
 
356
364
  a = OPENSSL_malloc(sizeof(BN_ULONG) * words);
357
365
  if (a == NULL) {
358
- OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
359
366
  return 0;
360
367
  }
361
368
 
@@ -377,30 +384,13 @@ int bn_expand(BIGNUM *bn, size_t bits) {
377
384
  }
378
385
 
379
386
  int bn_resize_words(BIGNUM *bn, size_t words) {
380
- #if defined(OPENSSL_PPC64LE)
381
- // This is a workaround for a miscompilation bug in Clang 7.0.1 on POWER.
382
- // The unittests catch the miscompilation, if it occurs, and it manifests
383
- // as a crash in |bn_fits_in_words|.
384
- //
385
- // The bug only triggers if building in FIPS mode and with -O3. Clang 8.0.1
386
- // has the same bug but this workaround is not effective there---I've not
387
- // been able to find a workaround for 8.0.1.
388
- //
389
- // At the time of writing (2019-08-08), Clang git does *not* have this bug
390
- // and does not need this workaroud. The current git version should go on to
391
- // be Clang 10 thus, once we can depend on that, this can be removed.
392
- if (value_barrier_w((size_t)bn->width == words)) {
393
- return 1;
394
- }
395
- #endif
396
-
397
387
  if ((size_t)bn->width <= words) {
398
388
  if (!bn_wexpand(bn, words)) {
399
389
  return 0;
400
390
  }
401
391
  OPENSSL_memset(bn->d + bn->width, 0,
402
392
  (words - bn->width) * sizeof(BN_ULONG));
403
- bn->width = words;
393
+ bn->width = (int)words;
404
394
  return 1;
405
395
  }
406
396
 
@@ -409,15 +399,15 @@ int bn_resize_words(BIGNUM *bn, size_t words) {
409
399
  OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
410
400
  return 0;
411
401
  }
412
- bn->width = words;
402
+ bn->width = (int)words;
413
403
  return 1;
414
404
  }
415
405
 
416
406
  void bn_select_words(BN_ULONG *r, BN_ULONG mask, const BN_ULONG *a,
417
407
  const BN_ULONG *b, size_t num) {
418
408
  for (size_t i = 0; i < num; i++) {
419
- OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
420
- "crypto_word_t is too small");
409
+ static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
410
+ "crypto_word_t is too small");
421
411
  r[i] = constant_time_select_w(mask, a[i], b[i]);
422
412
  }
423
413
  }