grpc 1.53.1 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
|
@@ -76,7 +76,6 @@ static int pkcs12_encode_password(const char *in, size_t in_len, uint8_t **out,
|
|
|
76
76
|
size_t *out_len) {
|
|
77
77
|
CBB cbb;
|
|
78
78
|
if (!CBB_init(&cbb, in_len * 2)) {
|
|
79
|
-
OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);
|
|
80
79
|
return 0;
|
|
81
80
|
}
|
|
82
81
|
|
|
@@ -162,7 +161,6 @@ int pkcs12_key_gen(const char *pass, size_t pass_len, const uint8_t *salt,
|
|
|
162
161
|
|
|
163
162
|
I = OPENSSL_malloc(I_len);
|
|
164
163
|
if (I_len != 0 && I == NULL) {
|
|
165
|
-
OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);
|
|
166
164
|
goto err;
|
|
167
165
|
}
|
|
168
166
|
|
|
@@ -390,7 +388,6 @@ int pkcs8_pbe_decrypt(uint8_t **out, size_t *out_len, CBS *algorithm,
|
|
|
390
388
|
|
|
391
389
|
buf = OPENSSL_malloc(in_len);
|
|
392
390
|
if (buf == NULL) {
|
|
393
|
-
OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);
|
|
394
391
|
goto err;
|
|
395
392
|
}
|
|
396
393
|
|
|
@@ -90,62 +90,16 @@ int pkcs12_iterations_acceptable(uint64_t iterations) {
|
|
|
90
90
|
return 0 < iterations && iterations <= kIterationsLimit;
|
|
91
91
|
}
|
|
92
92
|
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
if (key->pkey) {
|
|
100
|
-
OPENSSL_cleanse(key->pkey->data, key->pkey->length);
|
|
101
|
-
}
|
|
102
|
-
}
|
|
103
|
-
return 1;
|
|
104
|
-
}
|
|
93
|
+
ASN1_SEQUENCE(PKCS8_PRIV_KEY_INFO) = {
|
|
94
|
+
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
|
|
95
|
+
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
|
|
96
|
+
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
|
|
97
|
+
ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0),
|
|
98
|
+
} ASN1_SEQUENCE_END(PKCS8_PRIV_KEY_INFO)
|
|
105
99
|
|
|
106
|
-
|
|
107
|
-
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
|
|
108
|
-
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
|
|
109
|
-
ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
|
|
110
|
-
ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
|
|
111
|
-
} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
|
|
112
|
-
|
|
113
|
-
IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
|
|
114
|
-
|
|
115
|
-
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
|
|
116
|
-
int ptype, void *pval, uint8_t *penc, int penclen) {
|
|
117
|
-
if (version >= 0 &&
|
|
118
|
-
!ASN1_INTEGER_set(priv->version, version)) {
|
|
119
|
-
return 0;
|
|
120
|
-
}
|
|
100
|
+
IMPLEMENT_ASN1_FUNCTIONS_const(PKCS8_PRIV_KEY_INFO)
|
|
121
101
|
|
|
122
|
-
|
|
123
|
-
return 0;
|
|
124
|
-
}
|
|
125
|
-
|
|
126
|
-
if (penc != NULL) {
|
|
127
|
-
ASN1_STRING_set0(priv->pkey, penc, penclen);
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
return 1;
|
|
131
|
-
}
|
|
132
|
-
|
|
133
|
-
int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const uint8_t **pk, int *ppklen,
|
|
134
|
-
X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) {
|
|
135
|
-
if (ppkalg) {
|
|
136
|
-
*ppkalg = p8->pkeyalg->algorithm;
|
|
137
|
-
}
|
|
138
|
-
if (pk) {
|
|
139
|
-
*pk = ASN1_STRING_data(p8->pkey);
|
|
140
|
-
*ppklen = ASN1_STRING_length(p8->pkey);
|
|
141
|
-
}
|
|
142
|
-
if (pa) {
|
|
143
|
-
*pa = p8->pkeyalg;
|
|
144
|
-
}
|
|
145
|
-
return 1;
|
|
146
|
-
}
|
|
147
|
-
|
|
148
|
-
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) {
|
|
102
|
+
EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) {
|
|
149
103
|
uint8_t *der = NULL;
|
|
150
104
|
int der_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &der);
|
|
151
105
|
if (der_len < 0) {
|
|
@@ -166,7 +120,7 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) {
|
|
|
166
120
|
return ret;
|
|
167
121
|
}
|
|
168
122
|
|
|
169
|
-
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) {
|
|
123
|
+
PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey) {
|
|
170
124
|
CBB cbb;
|
|
171
125
|
uint8_t *der = NULL;
|
|
172
126
|
size_t der_len;
|
|
@@ -380,7 +334,6 @@ static int parse_bag_attributes(CBS *attrs, uint8_t **out_friendly_name,
|
|
|
380
334
|
// Convert the friendly name to UTF-8.
|
|
381
335
|
CBB cbb;
|
|
382
336
|
if (!CBB_init(&cbb, CBS_len(&value))) {
|
|
383
|
-
OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);
|
|
384
337
|
goto err;
|
|
385
338
|
}
|
|
386
339
|
while (CBS_len(&value) != 0) {
|
|
@@ -393,7 +346,6 @@ static int parse_bag_attributes(CBS *attrs, uint8_t **out_friendly_name,
|
|
|
393
346
|
}
|
|
394
347
|
}
|
|
395
348
|
if (!CBB_finish(&cbb, out_friendly_name, out_friendly_name_len)) {
|
|
396
|
-
OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);
|
|
397
349
|
CBB_cleanup(&cbb);
|
|
398
350
|
goto err;
|
|
399
351
|
}
|
|
@@ -828,7 +780,9 @@ PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) {
|
|
|
828
780
|
}
|
|
829
781
|
|
|
830
782
|
for (;;) {
|
|
831
|
-
|
|
783
|
+
size_t max_read = buf->length - used;
|
|
784
|
+
int n = BIO_read(bio, &buf->data[used],
|
|
785
|
+
max_read > INT_MAX ? INT_MAX : (int)max_read);
|
|
832
786
|
if (n < 0) {
|
|
833
787
|
if (used == 0) {
|
|
834
788
|
goto out;
|
|
@@ -888,7 +842,6 @@ int i2d_PKCS12(const PKCS12 *p12, uint8_t **out) {
|
|
|
888
842
|
if (*out == NULL) {
|
|
889
843
|
*out = OPENSSL_malloc(p12->ber_len);
|
|
890
844
|
if (*out == NULL) {
|
|
891
|
-
OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);
|
|
892
845
|
return -1;
|
|
893
846
|
}
|
|
894
847
|
OPENSSL_memcpy(*out, p12->ber_bytes, p12->ber_len);
|
|
@@ -927,7 +880,6 @@ int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey,
|
|
|
927
880
|
if (!ca_certs) {
|
|
928
881
|
ca_certs = sk_X509_new_null();
|
|
929
882
|
if (ca_certs == NULL) {
|
|
930
|
-
OPENSSL_PUT_ERROR(PKCS8, ERR_R_MALLOC_FAILURE);
|
|
931
883
|
return 0;
|
|
932
884
|
}
|
|
933
885
|
ca_certs_alloced = 1;
|
|
@@ -993,8 +945,8 @@ int PKCS12_verify_mac(const PKCS12 *p12, const char *password,
|
|
|
993
945
|
|
|
994
946
|
// add_bag_attributes adds the bagAttributes field of a SafeBag structure,
|
|
995
947
|
// containing the specified friendlyName and localKeyId attributes.
|
|
996
|
-
static int add_bag_attributes(CBB *bag, const char *name,
|
|
997
|
-
size_t key_id_len) {
|
|
948
|
+
static int add_bag_attributes(CBB *bag, const char *name, size_t name_len,
|
|
949
|
+
const uint8_t *key_id, size_t key_id_len) {
|
|
998
950
|
if (name == NULL && key_id_len == 0) {
|
|
999
951
|
return 1; // Omit the OPTIONAL SET.
|
|
1000
952
|
}
|
|
@@ -1003,7 +955,7 @@ static int add_bag_attributes(CBB *bag, const char *name, const uint8_t *key_id,
|
|
|
1003
955
|
if (!CBB_add_asn1(bag, &attrs, CBS_ASN1_SET)) {
|
|
1004
956
|
return 0;
|
|
1005
957
|
}
|
|
1006
|
-
if (
|
|
958
|
+
if (name_len != 0) {
|
|
1007
959
|
// See https://tools.ietf.org/html/rfc2985, section 5.5.1.
|
|
1008
960
|
if (!CBB_add_asn1(&attrs, &attr, CBS_ASN1_SEQUENCE) ||
|
|
1009
961
|
!CBB_add_asn1(&attr, &oid, CBS_ASN1_OBJECT) ||
|
|
@@ -1014,7 +966,7 @@ static int add_bag_attributes(CBB *bag, const char *name, const uint8_t *key_id,
|
|
|
1014
966
|
}
|
|
1015
967
|
// Convert the friendly name to a BMPString.
|
|
1016
968
|
CBS name_cbs;
|
|
1017
|
-
CBS_init(&name_cbs, (const uint8_t *)name,
|
|
969
|
+
CBS_init(&name_cbs, (const uint8_t *)name, name_len);
|
|
1018
970
|
while (CBS_len(&name_cbs) != 0) {
|
|
1019
971
|
uint32_t c;
|
|
1020
972
|
if (!cbs_get_utf8(&name_cbs, &c) ||
|
|
@@ -1059,10 +1011,24 @@ static int add_cert_bag(CBB *cbb, X509 *cert, const char *name,
|
|
|
1059
1011
|
}
|
|
1060
1012
|
uint8_t *buf;
|
|
1061
1013
|
int len = i2d_X509(cert, NULL);
|
|
1014
|
+
|
|
1015
|
+
int int_name_len = 0;
|
|
1016
|
+
const char *cert_name = (const char *)X509_alias_get0(cert, &int_name_len);
|
|
1017
|
+
size_t name_len = int_name_len;
|
|
1018
|
+
if (name) {
|
|
1019
|
+
if (name_len != 0) {
|
|
1020
|
+
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_AMBIGUOUS_FRIENDLY_NAME);
|
|
1021
|
+
return 0;
|
|
1022
|
+
}
|
|
1023
|
+
name_len = strlen(name);
|
|
1024
|
+
} else {
|
|
1025
|
+
name = cert_name;
|
|
1026
|
+
}
|
|
1027
|
+
|
|
1062
1028
|
if (len < 0 ||
|
|
1063
1029
|
!CBB_add_space(&cert_value, &buf, (size_t)len) ||
|
|
1064
1030
|
i2d_X509(cert, &buf) < 0 ||
|
|
1065
|
-
!add_bag_attributes(&bag, name, key_id, key_id_len) ||
|
|
1031
|
+
!add_bag_attributes(&bag, name, name_len, key_id, key_id_len) ||
|
|
1066
1032
|
!CBB_flush(cbb)) {
|
|
1067
1033
|
return 0;
|
|
1068
1034
|
}
|
|
@@ -1323,7 +1289,11 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
|
1323
1289
|
goto err;
|
|
1324
1290
|
}
|
|
1325
1291
|
}
|
|
1326
|
-
|
|
1292
|
+
size_t name_len = 0;
|
|
1293
|
+
if (name) {
|
|
1294
|
+
name_len = strlen(name);
|
|
1295
|
+
}
|
|
1296
|
+
if (!add_bag_attributes(&bag, name, name_len, key_id, key_id_len) ||
|
|
1327
1297
|
!CBB_flush(&content_infos)) {
|
|
1328
1298
|
goto err;
|
|
1329
1299
|
}
|
|
@@ -18,27 +18,15 @@
|
|
|
18
18
|
|
|
19
19
|
#include <openssl/poly1305.h>
|
|
20
20
|
|
|
21
|
+
#include <assert.h>
|
|
21
22
|
#include <string.h>
|
|
22
23
|
|
|
23
|
-
#include <openssl/cpu.h>
|
|
24
|
-
|
|
25
24
|
#include "internal.h"
|
|
26
25
|
#include "../internal.h"
|
|
27
26
|
|
|
28
27
|
|
|
29
28
|
#if !defined(BORINGSSL_HAS_UINT128) || !defined(OPENSSL_X86_64)
|
|
30
29
|
|
|
31
|
-
// We can assume little-endian.
|
|
32
|
-
static uint32_t U8TO32_LE(const uint8_t *m) {
|
|
33
|
-
uint32_t r;
|
|
34
|
-
OPENSSL_memcpy(&r, m, sizeof(r));
|
|
35
|
-
return r;
|
|
36
|
-
}
|
|
37
|
-
|
|
38
|
-
static void U32TO8_LE(uint8_t *m, uint32_t v) {
|
|
39
|
-
OPENSSL_memcpy(m, &v, sizeof(v));
|
|
40
|
-
}
|
|
41
|
-
|
|
42
30
|
static uint64_t mul32x32_64(uint32_t a, uint32_t b) { return (uint64_t)a * b; }
|
|
43
31
|
|
|
44
32
|
struct poly1305_state_st {
|
|
@@ -50,7 +38,7 @@ struct poly1305_state_st {
|
|
|
50
38
|
uint8_t key[16];
|
|
51
39
|
};
|
|
52
40
|
|
|
53
|
-
|
|
41
|
+
static_assert(
|
|
54
42
|
sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
|
|
55
43
|
"poly1305_state isn't large enough to hold aligned poly1305_state_st");
|
|
56
44
|
|
|
@@ -76,10 +64,10 @@ static void poly1305_update(struct poly1305_state_st *state, const uint8_t *in,
|
|
|
76
64
|
}
|
|
77
65
|
|
|
78
66
|
poly1305_donna_16bytes:
|
|
79
|
-
t0 =
|
|
80
|
-
t1 =
|
|
81
|
-
t2 =
|
|
82
|
-
t3 =
|
|
67
|
+
t0 = CRYPTO_load_u32_le(in);
|
|
68
|
+
t1 = CRYPTO_load_u32_le(in + 4);
|
|
69
|
+
t2 = CRYPTO_load_u32_le(in + 8);
|
|
70
|
+
t3 = CRYPTO_load_u32_le(in + 12);
|
|
83
71
|
|
|
84
72
|
in += 16;
|
|
85
73
|
len -= 16;
|
|
@@ -142,10 +130,10 @@ poly1305_donna_atmost15bytes:
|
|
|
142
130
|
}
|
|
143
131
|
len = 0;
|
|
144
132
|
|
|
145
|
-
t0 =
|
|
146
|
-
t1 =
|
|
147
|
-
t2 =
|
|
148
|
-
t3 =
|
|
133
|
+
t0 = CRYPTO_load_u32_le(mp + 0);
|
|
134
|
+
t1 = CRYPTO_load_u32_le(mp + 4);
|
|
135
|
+
t2 = CRYPTO_load_u32_le(mp + 8);
|
|
136
|
+
t3 = CRYPTO_load_u32_le(mp + 12);
|
|
149
137
|
|
|
150
138
|
state->h0 += t0 & 0x3ffffff;
|
|
151
139
|
state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
|
|
@@ -167,10 +155,10 @@ void CRYPTO_poly1305_init(poly1305_state *statep, const uint8_t key[32]) {
|
|
|
167
155
|
}
|
|
168
156
|
#endif
|
|
169
157
|
|
|
170
|
-
t0 =
|
|
171
|
-
t1 =
|
|
172
|
-
t2 =
|
|
173
|
-
t3 =
|
|
158
|
+
t0 = CRYPTO_load_u32_le(key + 0);
|
|
159
|
+
t1 = CRYPTO_load_u32_le(key + 4);
|
|
160
|
+
t2 = CRYPTO_load_u32_le(key + 8);
|
|
161
|
+
t3 = CRYPTO_load_u32_le(key + 12);
|
|
174
162
|
|
|
175
163
|
// precompute multipliers
|
|
176
164
|
state->r0 = t0 & 0x3ffffff;
|
|
@@ -206,6 +194,11 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
|
|
|
206
194
|
size_t in_len) {
|
|
207
195
|
struct poly1305_state_st *state = poly1305_aligned_state(statep);
|
|
208
196
|
|
|
197
|
+
// Work around a C language bug. See https://crbug.com/1019588.
|
|
198
|
+
if (in_len == 0) {
|
|
199
|
+
return;
|
|
200
|
+
}
|
|
201
|
+
|
|
209
202
|
#if defined(OPENSSL_POLY1305_NEON)
|
|
210
203
|
if (CRYPTO_is_NEON_capable()) {
|
|
211
204
|
CRYPTO_poly1305_update_neon(statep, in, in_len);
|
|
@@ -248,7 +241,6 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
|
|
|
248
241
|
|
|
249
242
|
void CRYPTO_poly1305_finish(poly1305_state *statep, uint8_t mac[16]) {
|
|
250
243
|
struct poly1305_state_st *state = poly1305_aligned_state(statep);
|
|
251
|
-
uint64_t f0, f1, f2, f3;
|
|
252
244
|
uint32_t g0, g1, g2, g3, g4;
|
|
253
245
|
uint32_t b, nb;
|
|
254
246
|
|
|
@@ -301,21 +293,22 @@ void CRYPTO_poly1305_finish(poly1305_state *statep, uint8_t mac[16]) {
|
|
|
301
293
|
state->h3 = (state->h3 & nb) | (g3 & b);
|
|
302
294
|
state->h4 = (state->h4 & nb) | (g4 & b);
|
|
303
295
|
|
|
304
|
-
f0 = ((state->h0) | (state->h1 << 26)) +
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
296
|
+
uint64_t f0 = ((state->h0) | (state->h1 << 26)) +
|
|
297
|
+
(uint64_t)CRYPTO_load_u32_le(&state->key[0]);
|
|
298
|
+
uint64_t f1 = ((state->h1 >> 6) | (state->h2 << 20)) +
|
|
299
|
+
(uint64_t)CRYPTO_load_u32_le(&state->key[4]);
|
|
300
|
+
uint64_t f2 = ((state->h2 >> 12) | (state->h3 << 14)) +
|
|
301
|
+
(uint64_t)CRYPTO_load_u32_le(&state->key[8]);
|
|
302
|
+
uint64_t f3 = ((state->h3 >> 18) | (state->h4 << 8)) +
|
|
303
|
+
(uint64_t)CRYPTO_load_u32_le(&state->key[12]);
|
|
311
304
|
|
|
312
|
-
|
|
305
|
+
CRYPTO_store_u32_le(&mac[0], (uint32_t)f0);
|
|
313
306
|
f1 += (f0 >> 32);
|
|
314
|
-
|
|
307
|
+
CRYPTO_store_u32_le(&mac[4], (uint32_t)f1);
|
|
315
308
|
f2 += (f1 >> 32);
|
|
316
|
-
|
|
309
|
+
CRYPTO_store_u32_le(&mac[8], (uint32_t)f2);
|
|
317
310
|
f3 += (f2 >> 32);
|
|
318
|
-
|
|
311
|
+
CRYPTO_store_u32_le(&mac[12], (uint32_t)f3);
|
|
319
312
|
}
|
|
320
313
|
|
|
321
314
|
#endif // !BORINGSSL_HAS_UINT128 || !OPENSSL_X86_64
|
|
@@ -17,6 +17,7 @@
|
|
|
17
17
|
|
|
18
18
|
#include <openssl/poly1305.h>
|
|
19
19
|
|
|
20
|
+
#include <assert.h>
|
|
20
21
|
#include <string.h>
|
|
21
22
|
|
|
22
23
|
#include "../internal.h"
|
|
@@ -183,7 +184,7 @@ struct poly1305_state_st {
|
|
|
183
184
|
uint8_t key[16];
|
|
184
185
|
};
|
|
185
186
|
|
|
186
|
-
|
|
187
|
+
static_assert(
|
|
187
188
|
sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
|
|
188
189
|
"poly1305_state isn't large enough to hold aligned poly1305_state_st.");
|
|
189
190
|
|
|
@@ -20,6 +20,8 @@
|
|
|
20
20
|
|
|
21
21
|
#include <openssl/poly1305.h>
|
|
22
22
|
|
|
23
|
+
#include <assert.h>
|
|
24
|
+
|
|
23
25
|
#include "../internal.h"
|
|
24
26
|
|
|
25
27
|
|
|
@@ -27,22 +29,6 @@
|
|
|
27
29
|
|
|
28
30
|
#include <emmintrin.h>
|
|
29
31
|
|
|
30
|
-
static uint32_t load_u32_le(const uint8_t in[4]) {
|
|
31
|
-
uint32_t ret;
|
|
32
|
-
OPENSSL_memcpy(&ret, in, 4);
|
|
33
|
-
return ret;
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
static uint64_t load_u64_le(const uint8_t in[8]) {
|
|
37
|
-
uint64_t ret;
|
|
38
|
-
OPENSSL_memcpy(&ret, in, 8);
|
|
39
|
-
return ret;
|
|
40
|
-
}
|
|
41
|
-
|
|
42
|
-
static void store_u64_le(uint8_t out[8], uint64_t v) {
|
|
43
|
-
OPENSSL_memcpy(out, &v, 8);
|
|
44
|
-
}
|
|
45
|
-
|
|
46
32
|
typedef __m128i xmmi;
|
|
47
33
|
|
|
48
34
|
static const alignas(16) uint32_t poly1305_x64_sse2_message_mask[4] = {
|
|
@@ -92,9 +78,10 @@ typedef struct poly1305_state_internal_t {
|
|
|
92
78
|
} poly1305_state_internal; /* 448 bytes total + 63 bytes for
|
|
93
79
|
alignment = 511 bytes raw */
|
|
94
80
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
81
|
+
static_assert(sizeof(struct poly1305_state_internal_t) + 63 <=
|
|
82
|
+
sizeof(poly1305_state),
|
|
83
|
+
"poly1305_state isn't large enough to hold aligned "
|
|
84
|
+
"poly1305_state_internal_t");
|
|
98
85
|
|
|
99
86
|
static inline poly1305_state_internal *poly1305_aligned_state(
|
|
100
87
|
poly1305_state *state) {
|
|
@@ -112,8 +99,8 @@ void CRYPTO_poly1305_init(poly1305_state *state, const uint8_t key[32]) {
|
|
|
112
99
|
uint64_t t0, t1;
|
|
113
100
|
|
|
114
101
|
// clamp key
|
|
115
|
-
t0 =
|
|
116
|
-
t1 =
|
|
102
|
+
t0 = CRYPTO_load_u64_le(key + 0);
|
|
103
|
+
t1 = CRYPTO_load_u64_le(key + 8);
|
|
117
104
|
r0 = t0 & 0xffc0fffffff;
|
|
118
105
|
t0 >>= 44;
|
|
119
106
|
t0 |= t1 << 20;
|
|
@@ -131,10 +118,10 @@ void CRYPTO_poly1305_init(poly1305_state *state, const uint8_t key[32]) {
|
|
|
131
118
|
p->R22.d[3] = (uint32_t)(r2 >> 32);
|
|
132
119
|
|
|
133
120
|
// store pad
|
|
134
|
-
p->R23.d[1] =
|
|
135
|
-
p->R23.d[3] =
|
|
136
|
-
p->R24.d[1] =
|
|
137
|
-
p->R24.d[3] =
|
|
121
|
+
p->R23.d[1] = CRYPTO_load_u32_le(key + 16);
|
|
122
|
+
p->R23.d[3] = CRYPTO_load_u32_le(key + 20);
|
|
123
|
+
p->R24.d[1] = CRYPTO_load_u32_le(key + 24);
|
|
124
|
+
p->R24.d[3] = CRYPTO_load_u32_le(key + 28);
|
|
138
125
|
|
|
139
126
|
// H = 0
|
|
140
127
|
st->H[0] = _mm_setzero_si128();
|
|
@@ -766,8 +753,8 @@ void CRYPTO_poly1305_finish(poly1305_state *state, uint8_t mac[16]) {
|
|
|
766
753
|
}
|
|
767
754
|
|
|
768
755
|
poly1305_donna_atleast16bytes:
|
|
769
|
-
t0 =
|
|
770
|
-
t1 =
|
|
756
|
+
t0 = CRYPTO_load_u64_le(m + 0);
|
|
757
|
+
t1 = CRYPTO_load_u64_le(m + 8);
|
|
771
758
|
h0 += t0 & 0xfffffffffff;
|
|
772
759
|
t0 = shr128_pair(t1, t0, 44);
|
|
773
760
|
h1 += t0 & 0xfffffffffff;
|
|
@@ -806,8 +793,8 @@ poly1305_donna_atmost15bytes:
|
|
|
806
793
|
OPENSSL_memset(m + leftover, 0, 16 - leftover);
|
|
807
794
|
leftover = 16;
|
|
808
795
|
|
|
809
|
-
t0 =
|
|
810
|
-
t1 =
|
|
796
|
+
t0 = CRYPTO_load_u64_le(m + 0);
|
|
797
|
+
t1 = CRYPTO_load_u64_le(m + 8);
|
|
811
798
|
h0 += t0 & 0xfffffffffff;
|
|
812
799
|
t0 = shr128_pair(t1, t0, 44);
|
|
813
800
|
h1 += t0 & 0xfffffffffff;
|
|
@@ -853,8 +840,8 @@ poly1305_donna_finish:
|
|
|
853
840
|
t1 = (t1 >> 24);
|
|
854
841
|
h2 += (t1)+c;
|
|
855
842
|
|
|
856
|
-
|
|
857
|
-
|
|
843
|
+
CRYPTO_store_u64_le(mac + 0, ((h0) | (h1 << 44)));
|
|
844
|
+
CRYPTO_store_u64_le(mac + 8, ((h1 >> 20) | (h2 << 24)));
|
|
858
845
|
}
|
|
859
846
|
|
|
860
847
|
#endif // BORINGSSL_HAS_UINT128 && OPENSSL_X86_64
|
|
@@ -19,6 +19,8 @@
|
|
|
19
19
|
|
|
20
20
|
#include <openssl/bytestring.h>
|
|
21
21
|
#include <openssl/mem.h>
|
|
22
|
+
#include <openssl/rand.h>
|
|
23
|
+
#include <openssl/siphash.h>
|
|
22
24
|
#include <openssl/thread.h>
|
|
23
25
|
|
|
24
26
|
#include "../internal.h"
|
|
@@ -26,10 +28,13 @@
|
|
|
26
28
|
|
|
27
29
|
|
|
28
30
|
static uint32_t CRYPTO_BUFFER_hash(const CRYPTO_BUFFER *buf) {
|
|
29
|
-
return
|
|
31
|
+
return (uint32_t)SIPHASH_24(buf->pool->hash_key, buf->data, buf->len);
|
|
30
32
|
}
|
|
31
33
|
|
|
32
34
|
static int CRYPTO_BUFFER_cmp(const CRYPTO_BUFFER *a, const CRYPTO_BUFFER *b) {
|
|
35
|
+
// Only |CRYPTO_BUFFER|s from the same pool have compatible hashes.
|
|
36
|
+
assert(a->pool != NULL);
|
|
37
|
+
assert(a->pool == b->pool);
|
|
33
38
|
if (a->len != b->len) {
|
|
34
39
|
return 1;
|
|
35
40
|
}
|
|
@@ -50,6 +55,7 @@ CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) {
|
|
|
50
55
|
}
|
|
51
56
|
|
|
52
57
|
CRYPTO_MUTEX_init(&pool->lock);
|
|
58
|
+
RAND_bytes((uint8_t *)&pool->hash_key, sizeof(pool->hash_key));
|
|
53
59
|
|
|
54
60
|
return pool;
|
|
55
61
|
}
|
|
@@ -84,6 +90,7 @@ static CRYPTO_BUFFER *crypto_buffer_new(const uint8_t *data, size_t len,
|
|
|
84
90
|
CRYPTO_BUFFER tmp;
|
|
85
91
|
tmp.data = (uint8_t *) data;
|
|
86
92
|
tmp.len = len;
|
|
93
|
+
tmp.pool = pool;
|
|
87
94
|
|
|
88
95
|
CRYPTO_MUTEX_lock_read(&pool->lock);
|
|
89
96
|
CRYPTO_BUFFER *duplicate = lh_CRYPTO_BUFFER_retrieve(pool->bufs, &tmp);
|
|
@@ -12,23 +12,147 @@
|
|
|
12
12
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
13
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
14
|
|
|
15
|
-
#include <openssl/
|
|
15
|
+
#include <openssl/ctrdrbg.h>
|
|
16
|
+
|
|
16
17
|
#include "../fipsmodule/rand/internal.h"
|
|
18
|
+
#include "../internal.h"
|
|
17
19
|
|
|
18
20
|
#if defined(BORINGSSL_FIPS)
|
|
19
21
|
|
|
22
|
+
#define ENTROPY_READ_LEN \
|
|
23
|
+
(/* last_block size */ 16 + CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD)
|
|
24
|
+
|
|
25
|
+
#if defined(OPENSSL_ANDROID)
|
|
26
|
+
|
|
27
|
+
#include <errno.h>
|
|
28
|
+
#include <stdatomic.h>
|
|
29
|
+
#include <sys/socket.h>
|
|
30
|
+
#include <sys/types.h>
|
|
31
|
+
#include <sys/un.h>
|
|
32
|
+
#include <unistd.h>
|
|
33
|
+
|
|
34
|
+
// socket_history_t enumerates whether the entropy daemon should be contacted
|
|
35
|
+
// for a given entropy request. Values other than socket_not_yet_attempted are
|
|
36
|
+
// sticky so if the first attempt to read from the daemon fails it's assumed
|
|
37
|
+
// that the daemon is not present and no more attempts will be made. If the
|
|
38
|
+
// first attempt is successful then attempts will be made forever more.
|
|
39
|
+
enum socket_history_t {
|
|
40
|
+
// initial value, no connections to the entropy daemon have been made yet.
|
|
41
|
+
socket_not_yet_attempted = 0,
|
|
42
|
+
// reading from the entropy daemon was successful
|
|
43
|
+
socket_success,
|
|
44
|
+
// reading from the entropy daemon failed.
|
|
45
|
+
socket_failed,
|
|
46
|
+
};
|
|
47
|
+
|
|
48
|
+
static _Atomic enum socket_history_t g_socket_history =
|
|
49
|
+
socket_not_yet_attempted;
|
|
50
|
+
|
|
51
|
+
// DAEMON_RESPONSE_LEN is the number of bytes that the entropy daemon replies
|
|
52
|
+
// with.
|
|
53
|
+
#define DAEMON_RESPONSE_LEN 496
|
|
54
|
+
|
|
55
|
+
static_assert(ENTROPY_READ_LEN == DAEMON_RESPONSE_LEN,
|
|
56
|
+
"entropy daemon response length mismatch");
|
|
57
|
+
|
|
58
|
+
static int get_seed_from_daemon(uint8_t *out_entropy, size_t out_entropy_len) {
|
|
59
|
+
// |RAND_need_entropy| should never call this function for more than
|
|
60
|
+
// |DAEMON_RESPONSE_LEN| bytes.
|
|
61
|
+
if (out_entropy_len > DAEMON_RESPONSE_LEN) {
|
|
62
|
+
abort();
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
const enum socket_history_t socket_history = atomic_load(&g_socket_history);
|
|
66
|
+
if (socket_history == socket_failed) {
|
|
67
|
+
return 0;
|
|
68
|
+
}
|
|
69
|
+
|
|
70
|
+
int ret = 0;
|
|
71
|
+
const int sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
72
|
+
if (sock < 0) {
|
|
73
|
+
goto out;
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
struct sockaddr_un sun;
|
|
77
|
+
memset(&sun, 0, sizeof(sun));
|
|
78
|
+
sun.sun_family = AF_UNIX;
|
|
79
|
+
static const char kSocketPath[] = "/dev/socket/prng_seeder";
|
|
80
|
+
static_assert(sizeof(kSocketPath) <= UNIX_PATH_MAX,
|
|
81
|
+
"kSocketPath too long");
|
|
82
|
+
OPENSSL_memcpy(sun.sun_path, kSocketPath, sizeof(kSocketPath));
|
|
83
|
+
|
|
84
|
+
if (connect(sock, (struct sockaddr *)&sun, sizeof(sun))) {
|
|
85
|
+
goto out;
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
uint8_t buffer[DAEMON_RESPONSE_LEN];
|
|
89
|
+
size_t done = 0;
|
|
90
|
+
while (done < sizeof(buffer)) {
|
|
91
|
+
ssize_t n;
|
|
92
|
+
do {
|
|
93
|
+
n = read(sock, buffer + done, sizeof(buffer) - done);
|
|
94
|
+
} while (n == -1 && errno == EINTR);
|
|
95
|
+
|
|
96
|
+
if (n < 1) {
|
|
97
|
+
goto out;
|
|
98
|
+
}
|
|
99
|
+
done += n;
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
if (done != DAEMON_RESPONSE_LEN) {
|
|
103
|
+
// The daemon should always write |DAEMON_RESPONSE_LEN| bytes on every
|
|
104
|
+
// connection.
|
|
105
|
+
goto out;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
assert(out_entropy_len <= DAEMON_RESPONSE_LEN);
|
|
109
|
+
OPENSSL_memcpy(out_entropy, buffer, out_entropy_len);
|
|
110
|
+
ret = 1;
|
|
111
|
+
|
|
112
|
+
out:
|
|
113
|
+
if (socket_history == socket_not_yet_attempted) {
|
|
114
|
+
enum socket_history_t expected = socket_history;
|
|
115
|
+
// If another thread has already updated |g_socket_history| then we defer
|
|
116
|
+
// to their value.
|
|
117
|
+
atomic_compare_exchange_strong(&g_socket_history, &expected,
|
|
118
|
+
(ret == 0) ? socket_failed : socket_success);
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
close(sock);
|
|
122
|
+
return ret;
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
#else
|
|
126
|
+
|
|
127
|
+
static int get_seed_from_daemon(uint8_t *out_entropy, size_t out_entropy_len) {
|
|
128
|
+
return 0;
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
#endif // OPENSSL_ANDROID
|
|
132
|
+
|
|
20
133
|
// RAND_need_entropy is called by the FIPS module when it has blocked because of
|
|
21
134
|
// a lack of entropy. This signal is used as an indication to feed it more.
|
|
22
135
|
void RAND_need_entropy(size_t bytes_needed) {
|
|
23
|
-
uint8_t buf[
|
|
136
|
+
uint8_t buf[ENTROPY_READ_LEN];
|
|
24
137
|
size_t todo = sizeof(buf);
|
|
25
138
|
if (todo > bytes_needed) {
|
|
26
139
|
todo = bytes_needed;
|
|
27
140
|
}
|
|
28
141
|
|
|
29
|
-
int
|
|
30
|
-
|
|
31
|
-
|
|
142
|
+
int want_additional_input;
|
|
143
|
+
if (get_seed_from_daemon(buf, todo)) {
|
|
144
|
+
want_additional_input = 1;
|
|
145
|
+
} else {
|
|
146
|
+
CRYPTO_get_seed_entropy(buf, todo, &want_additional_input);
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
if (boringssl_fips_break_test("CRNG")) {
|
|
150
|
+
// This breaks the "continuous random number generator test" defined in FIPS
|
|
151
|
+
// 140-2, section 4.9.2, and implemented in |rand_get_seed|.
|
|
152
|
+
OPENSSL_memset(buf, 0, todo);
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
RAND_load_entropy(buf, todo, want_additional_input);
|
|
32
156
|
}
|
|
33
157
|
|
|
34
158
|
#endif // FIPS
|