grpc 1.53.1 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -13,7 +13,6 @@
|
|
13
13
|
|
14
14
|
#include <openssl/err.h>
|
15
15
|
#include <openssl/mem.h>
|
16
|
-
#include <openssl/type_check.h>
|
17
16
|
|
18
17
|
#include "../internal.h"
|
19
18
|
|
@@ -30,7 +29,7 @@
|
|
30
29
|
// A block_t is a Salsa20 block.
|
31
30
|
typedef struct { uint32_t words[16]; } block_t;
|
32
31
|
|
33
|
-
|
32
|
+
static_assert(sizeof(block_t) == 64, "block_t has padding");
|
34
33
|
|
35
34
|
// salsa208_word_specification implements the Salsa20/8 core function, also
|
36
35
|
// described in RFC 7914, section 3. It modifies the block at |inout|
|
@@ -171,14 +170,13 @@ int EVP_PBE_scrypt(const char *password, size_t password_len,
|
|
171
170
|
|
172
171
|
// Allocate and divide up the scratch space. |max_mem| fits in a size_t, which
|
173
172
|
// is no bigger than uint64_t, so none of these operations may overflow.
|
174
|
-
|
173
|
+
static_assert(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
|
175
174
|
size_t B_blocks = p * 2 * r;
|
176
175
|
size_t B_bytes = B_blocks * sizeof(block_t);
|
177
176
|
size_t T_blocks = 2 * r;
|
178
177
|
size_t V_blocks = N * 2 * r;
|
179
178
|
block_t *B = OPENSSL_malloc((B_blocks + T_blocks + V_blocks) * sizeof(block_t));
|
180
179
|
if (B == NULL) {
|
181
|
-
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
|
182
180
|
return 0;
|
183
181
|
}
|
184
182
|
|
@@ -56,6 +56,8 @@
|
|
56
56
|
|
57
57
|
#include <openssl/evp.h>
|
58
58
|
|
59
|
+
#include <limits.h>
|
60
|
+
|
59
61
|
#include <openssl/digest.h>
|
60
62
|
#include <openssl/err.h>
|
61
63
|
|
@@ -74,15 +76,20 @@ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
|
|
74
76
|
return EVP_DigestUpdate(ctx, data, len);
|
75
77
|
}
|
76
78
|
|
77
|
-
int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
|
78
|
-
|
79
|
+
int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, unsigned *out_sig_len,
|
80
|
+
EVP_PKEY *pkey) {
|
79
81
|
uint8_t m[EVP_MAX_MD_SIZE];
|
80
|
-
unsigned
|
82
|
+
unsigned m_len;
|
81
83
|
int ret = 0;
|
82
84
|
EVP_MD_CTX tmp_ctx;
|
83
85
|
EVP_PKEY_CTX *pkctx = NULL;
|
84
86
|
size_t sig_len = EVP_PKEY_size(pkey);
|
85
87
|
|
88
|
+
// Ensure the final result will fit in |unsigned|.
|
89
|
+
if (sig_len > UINT_MAX) {
|
90
|
+
sig_len = UINT_MAX;
|
91
|
+
}
|
92
|
+
|
86
93
|
*out_sig_len = 0;
|
87
94
|
EVP_MD_CTX_init(&tmp_ctx);
|
88
95
|
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
|
@@ -92,19 +99,17 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
|
|
92
99
|
EVP_MD_CTX_cleanup(&tmp_ctx);
|
93
100
|
|
94
101
|
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
|
95
|
-
if (!pkctx ||
|
102
|
+
if (!pkctx || //
|
103
|
+
!EVP_PKEY_sign_init(pkctx) ||
|
96
104
|
!EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) ||
|
97
105
|
!EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) {
|
98
106
|
goto out;
|
99
107
|
}
|
100
|
-
*out_sig_len = sig_len;
|
108
|
+
*out_sig_len = (unsigned)sig_len;
|
101
109
|
ret = 1;
|
102
110
|
|
103
111
|
out:
|
104
|
-
|
105
|
-
EVP_PKEY_CTX_free(pkctx);
|
106
|
-
}
|
107
|
-
|
112
|
+
EVP_PKEY_CTX_free(pkctx);
|
108
113
|
return ret;
|
109
114
|
}
|
110
115
|
|
@@ -123,7 +128,7 @@ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
|
|
123
128
|
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len,
|
124
129
|
EVP_PKEY *pkey) {
|
125
130
|
uint8_t m[EVP_MAX_MD_SIZE];
|
126
|
-
unsigned
|
131
|
+
unsigned m_len;
|
127
132
|
int ret = 0;
|
128
133
|
EVP_MD_CTX tmp_ctx;
|
129
134
|
EVP_PKEY_CTX *pkctx = NULL;
|
@@ -109,6 +109,8 @@
|
|
109
109
|
#include <openssl/ex_data.h>
|
110
110
|
|
111
111
|
#include <assert.h>
|
112
|
+
#include <limits.h>
|
113
|
+
#include <stdlib.h>
|
112
114
|
#include <string.h>
|
113
115
|
|
114
116
|
#include <openssl/crypto.h>
|
@@ -135,7 +137,6 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
|
|
135
137
|
|
136
138
|
funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
|
137
139
|
if (funcs == NULL) {
|
138
|
-
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
|
139
140
|
return 0;
|
140
141
|
}
|
141
142
|
|
@@ -149,44 +150,55 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
|
|
149
150
|
ex_data_class->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
|
150
151
|
}
|
151
152
|
|
152
|
-
if (ex_data_class->meth == NULL
|
153
|
-
!sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) {
|
154
|
-
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
|
155
|
-
OPENSSL_free(funcs);
|
153
|
+
if (ex_data_class->meth == NULL) {
|
156
154
|
goto err;
|
157
155
|
}
|
158
156
|
|
159
|
-
|
157
|
+
// The index must fit in |int|.
|
158
|
+
if (sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) >
|
159
|
+
(size_t)(INT_MAX - ex_data_class->num_reserved)) {
|
160
|
+
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
|
161
|
+
goto err;
|
162
|
+
}
|
163
|
+
|
164
|
+
if (!sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) {
|
165
|
+
goto err;
|
166
|
+
}
|
167
|
+
funcs = NULL; // |sk_CRYPTO_EX_DATA_FUNCS_push| takes ownership.
|
168
|
+
|
169
|
+
*out_index = (int)sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1 +
|
160
170
|
ex_data_class->num_reserved;
|
161
171
|
ret = 1;
|
162
172
|
|
163
173
|
err:
|
164
174
|
CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock);
|
175
|
+
OPENSSL_free(funcs);
|
165
176
|
return ret;
|
166
177
|
}
|
167
178
|
|
168
179
|
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) {
|
169
|
-
|
180
|
+
if (index < 0) {
|
181
|
+
// A caller that can accidentally pass in an invalid index into this
|
182
|
+
// function will hit an memory error if |index| happened to be valid, and
|
183
|
+
// expected |val| to be of a different type.
|
184
|
+
abort();
|
185
|
+
}
|
170
186
|
|
171
187
|
if (ad->sk == NULL) {
|
172
188
|
ad->sk = sk_void_new_null();
|
173
189
|
if (ad->sk == NULL) {
|
174
|
-
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
|
175
190
|
return 0;
|
176
191
|
}
|
177
192
|
}
|
178
193
|
|
179
|
-
n = sk_void_num(ad->sk);
|
180
|
-
|
181
194
|
// Add NULL values until the stack is long enough.
|
182
|
-
for (i =
|
195
|
+
for (size_t i = sk_void_num(ad->sk); i <= (size_t)index; i++) {
|
183
196
|
if (!sk_void_push(ad->sk, NULL)) {
|
184
|
-
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
|
185
197
|
return 0;
|
186
198
|
}
|
187
199
|
}
|
188
200
|
|
189
|
-
sk_void_set(ad->sk, index, val);
|
201
|
+
sk_void_set(ad->sk, (size_t)index, val);
|
190
202
|
return 1;
|
191
203
|
}
|
192
204
|
|
@@ -218,7 +230,6 @@ static int get_func_pointers(STACK_OF(CRYPTO_EX_DATA_FUNCS) **out,
|
|
218
230
|
CRYPTO_STATIC_MUTEX_unlock_read(&ex_data_class->lock);
|
219
231
|
|
220
232
|
if (n > 0 && *out == NULL) {
|
221
|
-
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
|
222
233
|
return 0;
|
223
234
|
}
|
224
235
|
|
@@ -242,7 +253,10 @@ void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj,
|
|
242
253
|
return;
|
243
254
|
}
|
244
255
|
|
245
|
-
|
256
|
+
// |CRYPTO_get_ex_new_index| will not allocate indices beyond |INT_MAX|.
|
257
|
+
assert(sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers) <=
|
258
|
+
(size_t)(INT_MAX - ex_data_class->num_reserved));
|
259
|
+
for (int i = 0; i < (int)sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) {
|
246
260
|
CRYPTO_EX_DATA_FUNCS *func_pointer =
|
247
261
|
sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i);
|
248
262
|
if (func_pointer->free_func) {
|
@@ -18,6 +18,7 @@
|
|
18
18
|
#include <string.h>
|
19
19
|
|
20
20
|
#include "../../internal.h"
|
21
|
+
#include "internal.h"
|
21
22
|
|
22
23
|
#if defined(OPENSSL_SSE2)
|
23
24
|
#include <emmintrin.h>
|
@@ -151,10 +152,10 @@ static inline aes_word_t aes_nohw_shift_right(aes_word_t a, aes_word_t i) {
|
|
151
152
|
}
|
152
153
|
#endif // OPENSSL_SSE2
|
153
154
|
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
155
|
+
static_assert(AES_NOHW_BATCH_SIZE * 128 == 8 * 8 * sizeof(aes_word_t),
|
156
|
+
"batch size does not match word size");
|
157
|
+
static_assert(AES_NOHW_WORD_SIZE == sizeof(aes_word_t),
|
158
|
+
"AES_NOHW_WORD_SIZE is incorrect");
|
158
159
|
|
159
160
|
|
160
161
|
// Block representations.
|
@@ -1181,29 +1182,27 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
1181
1182
|
aes_nohw_expand_round_keys(&sched, key);
|
1182
1183
|
|
1183
1184
|
// Make |AES_NOHW_BATCH_SIZE| copies of |ivec|.
|
1184
|
-
alignas(AES_NOHW_WORD_SIZE)
|
1185
|
-
|
1186
|
-
uint8_t u8[AES_NOHW_BATCH_SIZE * 16];
|
1187
|
-
} ivs, enc_ivs;
|
1185
|
+
alignas(AES_NOHW_WORD_SIZE) uint8_t ivs[AES_NOHW_BATCH_SIZE * 16];
|
1186
|
+
alignas(AES_NOHW_WORD_SIZE) uint8_t enc_ivs[AES_NOHW_BATCH_SIZE * 16];
|
1188
1187
|
for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) {
|
1189
|
-
memcpy(ivs
|
1188
|
+
memcpy(ivs + 16 * i, ivec, 16);
|
1190
1189
|
}
|
1191
1190
|
|
1192
|
-
uint32_t ctr =
|
1191
|
+
uint32_t ctr = CRYPTO_load_u32_be(ivs + 12);
|
1193
1192
|
for (;;) {
|
1194
1193
|
// Update counters.
|
1195
1194
|
for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) {
|
1196
|
-
ivs
|
1195
|
+
CRYPTO_store_u32_be(ivs + 16 * i + 12, ctr + (uint32_t)i);
|
1197
1196
|
}
|
1198
1197
|
|
1199
1198
|
size_t todo = blocks >= AES_NOHW_BATCH_SIZE ? AES_NOHW_BATCH_SIZE : blocks;
|
1200
1199
|
AES_NOHW_BATCH batch;
|
1201
|
-
aes_nohw_to_batch(&batch, ivs
|
1200
|
+
aes_nohw_to_batch(&batch, ivs, todo);
|
1202
1201
|
aes_nohw_encrypt_batch(&sched, key->rounds, &batch);
|
1203
|
-
aes_nohw_from_batch(enc_ivs
|
1202
|
+
aes_nohw_from_batch(enc_ivs, todo, &batch);
|
1204
1203
|
|
1205
1204
|
for (size_t i = 0; i < todo; i++) {
|
1206
|
-
aes_nohw_xor_block(out + 16 * i, in + 16 * i, enc_ivs
|
1205
|
+
aes_nohw_xor_block(out + 16 * i, in + 16 * i, enc_ivs + 16 * i);
|
1207
1206
|
}
|
1208
1207
|
|
1209
1208
|
blocks -= todo;
|
@@ -17,7 +17,7 @@
|
|
17
17
|
|
18
18
|
#include <stdlib.h>
|
19
19
|
|
20
|
-
#include
|
20
|
+
#include "../../internal.h"
|
21
21
|
|
22
22
|
#if defined(__cplusplus)
|
23
23
|
extern "C" {
|
@@ -30,18 +30,14 @@ extern "C" {
|
|
30
30
|
#define HWAES
|
31
31
|
#define HWAES_ECB
|
32
32
|
|
33
|
-
OPENSSL_INLINE int hwaes_capable(void) {
|
34
|
-
return (OPENSSL_ia32cap_get()[1] & (1 << (57 - 32))) != 0;
|
35
|
-
}
|
33
|
+
OPENSSL_INLINE int hwaes_capable(void) { return CRYPTO_is_AESNI_capable(); }
|
36
34
|
|
37
35
|
#define VPAES
|
38
36
|
#if defined(OPENSSL_X86_64)
|
39
37
|
#define VPAES_CTR32
|
40
38
|
#endif
|
41
39
|
#define VPAES_CBC
|
42
|
-
OPENSSL_INLINE int vpaes_capable(void) {
|
43
|
-
return (OPENSSL_ia32cap_get()[1] & (1 << (41 - 32))) != 0;
|
44
|
-
}
|
40
|
+
OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_SSSE3_capable(); }
|
45
41
|
|
46
42
|
#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
47
43
|
#define HWAES
|
@@ -63,12 +59,6 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
|
|
63
59
|
OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
|
64
60
|
#endif
|
65
61
|
|
66
|
-
#elif defined(OPENSSL_PPC64LE)
|
67
|
-
#define HWAES
|
68
|
-
|
69
|
-
OPENSSL_INLINE int hwaes_capable(void) {
|
70
|
-
return CRYPTO_is_PPC64LE_vcrypto_capable();
|
71
|
-
}
|
72
62
|
#endif
|
73
63
|
|
74
64
|
#endif // !NO_ASM
|
@@ -55,6 +55,7 @@
|
|
55
55
|
#include <openssl/mem.h>
|
56
56
|
|
57
57
|
#include "../../internal.h"
|
58
|
+
#include "../service_indicator/internal.h"
|
58
59
|
|
59
60
|
|
60
61
|
// kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1.
|
@@ -98,6 +99,7 @@ int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
|
|
98
99
|
}
|
99
100
|
|
100
101
|
OPENSSL_memcpy(out, A, 8);
|
102
|
+
FIPS_service_indicator_update_state();
|
101
103
|
return (int)in_len + 8;
|
102
104
|
}
|
103
105
|
|
@@ -151,6 +153,7 @@ int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
|
|
151
153
|
return -1;
|
152
154
|
}
|
153
155
|
|
156
|
+
FIPS_service_indicator_update_state();
|
154
157
|
return (int)in_len - 8;
|
155
158
|
}
|
156
159
|
|
@@ -161,10 +164,8 @@ static const uint8_t kPaddingConstant[4] = {0xa6, 0x59, 0x59, 0xa6};
|
|
161
164
|
int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
|
162
165
|
size_t max_out, const uint8_t *in, size_t in_len) {
|
163
166
|
// See https://tools.ietf.org/html/rfc5649#section-4.1
|
164
|
-
const uint32_t in_len32_be = CRYPTO_bswap4(in_len);
|
165
167
|
const uint64_t in_len64 = in_len;
|
166
168
|
const size_t padded_len = (in_len + 7) & ~7;
|
167
|
-
|
168
169
|
*out_len = 0;
|
169
170
|
if (in_len == 0 || in_len64 > 0xffffffffu || in_len + 7 < in_len ||
|
170
171
|
padded_len + 8 < padded_len || max_out < padded_len + 8) {
|
@@ -173,7 +174,7 @@ int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
|
|
173
174
|
|
174
175
|
uint8_t block[AES_BLOCK_SIZE];
|
175
176
|
memcpy(block, kPaddingConstant, sizeof(kPaddingConstant));
|
176
|
-
|
177
|
+
CRYPTO_store_u32_be(block + 4, (uint32_t)in_len);
|
177
178
|
|
178
179
|
if (in_len <= 8) {
|
179
180
|
memset(block + 8, 0, 8);
|
@@ -190,12 +191,15 @@ int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
|
|
190
191
|
assert(padded_len >= 8);
|
191
192
|
memset(padded_in + padded_len - 8, 0, 8);
|
192
193
|
memcpy(padded_in, in, in_len);
|
194
|
+
FIPS_service_indicator_lock_state();
|
193
195
|
const int ret = AES_wrap_key(key, block, out, padded_in, padded_len);
|
196
|
+
FIPS_service_indicator_unlock_state();
|
194
197
|
OPENSSL_free(padded_in);
|
195
198
|
if (ret < 0) {
|
196
199
|
return 0;
|
197
200
|
}
|
198
201
|
*out_len = ret;
|
202
|
+
FIPS_service_indicator_update_state();
|
199
203
|
return 1;
|
200
204
|
}
|
201
205
|
|
@@ -220,9 +224,7 @@ int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
|
|
220
224
|
crypto_word_t ok = constant_time_eq_int(
|
221
225
|
CRYPTO_memcmp(iv, kPaddingConstant, sizeof(kPaddingConstant)), 0);
|
222
226
|
|
223
|
-
|
224
|
-
memcpy(&claimed_len32, iv + 4, sizeof(claimed_len32));
|
225
|
-
const size_t claimed_len = CRYPTO_bswap4(claimed_len32);
|
227
|
+
const size_t claimed_len = CRYPTO_load_u32_be(iv + 4);
|
226
228
|
ok &= ~constant_time_is_zero_w(claimed_len);
|
227
229
|
ok &= constant_time_eq_w((claimed_len - 1) >> 3, (in_len - 9) >> 3);
|
228
230
|
|
@@ -232,5 +234,9 @@ int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
|
|
232
234
|
}
|
233
235
|
|
234
236
|
*out_len = constant_time_select_w(ok, claimed_len, 0);
|
235
|
-
|
237
|
+
const int ret = ok & 1;
|
238
|
+
if (ret) {
|
239
|
+
FIPS_service_indicator_update_state();
|
240
|
+
}
|
241
|
+
return ret;
|
236
242
|
}
|
@@ -52,6 +52,7 @@
|
|
52
52
|
|
53
53
|
#include "../aes/internal.h"
|
54
54
|
#include "../modes/internal.h"
|
55
|
+
#include "../service_indicator/internal.h"
|
55
56
|
|
56
57
|
|
57
58
|
void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
@@ -74,6 +75,8 @@ void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
|
74
75
|
CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num,
|
75
76
|
aes_nohw_ctr32_encrypt_blocks);
|
76
77
|
}
|
78
|
+
|
79
|
+
FIPS_service_indicator_update_state();
|
77
80
|
}
|
78
81
|
|
79
82
|
void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key,
|
@@ -86,24 +89,23 @@ void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key,
|
|
86
89
|
} else {
|
87
90
|
AES_decrypt(in, out, key);
|
88
91
|
}
|
92
|
+
|
93
|
+
FIPS_service_indicator_update_state();
|
89
94
|
}
|
90
95
|
|
91
96
|
void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
92
97
|
const AES_KEY *key, uint8_t *ivec, const int enc) {
|
93
98
|
if (hwaes_capable()) {
|
94
99
|
aes_hw_cbc_encrypt(in, out, len, key, ivec, enc);
|
95
|
-
|
96
|
-
}
|
97
|
-
|
98
|
-
if (!vpaes_capable()) {
|
100
|
+
} else if (!vpaes_capable()) {
|
99
101
|
aes_nohw_cbc_encrypt(in, out, len, key, ivec, enc);
|
100
|
-
|
101
|
-
}
|
102
|
-
if (enc) {
|
102
|
+
} else if (enc) {
|
103
103
|
CRYPTO_cbc128_encrypt(in, out, len, key, ivec, AES_encrypt);
|
104
104
|
} else {
|
105
105
|
CRYPTO_cbc128_decrypt(in, out, len, key, ivec, AES_decrypt);
|
106
106
|
}
|
107
|
+
|
108
|
+
FIPS_service_indicator_update_state();
|
107
109
|
}
|
108
110
|
|
109
111
|
void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
@@ -58,12 +58,13 @@
|
|
58
58
|
#include "cipher/aead.c"
|
59
59
|
#include "cipher/cipher.c"
|
60
60
|
#include "cipher/e_aes.c"
|
61
|
-
#include "cipher/
|
62
|
-
#include "
|
61
|
+
#include "cipher/e_aesccm.c"
|
62
|
+
#include "cmac/cmac.c"
|
63
63
|
#include "dh/check.c"
|
64
64
|
#include "dh/dh.c"
|
65
65
|
#include "digest/digest.c"
|
66
66
|
#include "digest/digests.c"
|
67
|
+
#include "digestsign/digestsign.c"
|
67
68
|
#include "ecdh/ecdh.c"
|
68
69
|
#include "ecdsa/ecdsa.c"
|
69
70
|
#include "ec/ec.c"
|
@@ -73,7 +74,7 @@
|
|
73
74
|
#include "ec/oct.c"
|
74
75
|
#include "ec/p224-64.c"
|
75
76
|
#include "ec/p256.c"
|
76
|
-
#include "ec/p256-
|
77
|
+
#include "ec/p256-nistz.c"
|
77
78
|
#include "ec/scalar.c"
|
78
79
|
#include "ec/simple.c"
|
79
80
|
#include "ec/simple_mul.c"
|
@@ -99,7 +100,7 @@
|
|
99
100
|
#include "rsa/rsa_impl.c"
|
100
101
|
#include "self_check/fips.c"
|
101
102
|
#include "self_check/self_check.c"
|
102
|
-
#include "
|
103
|
+
#include "service_indicator/service_indicator.c"
|
103
104
|
#include "sha/sha1.c"
|
104
105
|
#include "sha/sha256.c"
|
105
106
|
#include "sha/sha512.c"
|
@@ -171,6 +172,23 @@ BORINGSSL_bcm_power_on_self_test(void) {
|
|
171
172
|
#if !defined(OPENSSL_ASAN)
|
172
173
|
// Integrity tests cannot run under ASAN because it involves reading the full
|
173
174
|
// .text section, which triggers the global-buffer overflow detection.
|
175
|
+
if (!BORINGSSL_integrity_test()) {
|
176
|
+
goto err;
|
177
|
+
}
|
178
|
+
#endif // OPENSSL_ASAN
|
179
|
+
|
180
|
+
if (!boringssl_self_test_startup()) {
|
181
|
+
goto err;
|
182
|
+
}
|
183
|
+
|
184
|
+
return;
|
185
|
+
|
186
|
+
err:
|
187
|
+
BORINGSSL_FIPS_abort();
|
188
|
+
}
|
189
|
+
|
190
|
+
#if !defined(OPENSSL_ASAN)
|
191
|
+
int BORINGSSL_integrity_test(void) {
|
174
192
|
const uint8_t *const start = BORINGSSL_bcm_text_start;
|
175
193
|
const uint8_t *const end = BORINGSSL_bcm_text_end;
|
176
194
|
|
@@ -192,17 +210,15 @@ BORINGSSL_bcm_power_on_self_test(void) {
|
|
192
210
|
#endif
|
193
211
|
|
194
212
|
assert_within(rodata_start, kPrimes, rodata_end);
|
195
|
-
assert_within(rodata_start, des_skb, rodata_end);
|
196
213
|
assert_within(rodata_start, kP256Params, rodata_end);
|
197
214
|
assert_within(rodata_start, kPKCS1SigPrefixes, rodata_end);
|
198
215
|
|
199
|
-
#if defined(OPENSSL_AARCH64) || defined(OPENSSL_ANDROID)
|
200
216
|
uint8_t result[SHA256_DIGEST_LENGTH];
|
201
217
|
const EVP_MD *const kHashFunction = EVP_sha256();
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
218
|
+
if (!boringssl_self_test_sha256() ||
|
219
|
+
!boringssl_self_test_hmac_sha256()) {
|
220
|
+
return 0;
|
221
|
+
}
|
206
222
|
|
207
223
|
static const uint8_t kHMACKey[64] = {0};
|
208
224
|
unsigned result_len;
|
@@ -211,7 +227,7 @@ BORINGSSL_bcm_power_on_self_test(void) {
|
|
211
227
|
if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), kHashFunction,
|
212
228
|
NULL /* no ENGINE */)) {
|
213
229
|
fprintf(stderr, "HMAC_Init_ex failed.\n");
|
214
|
-
|
230
|
+
return 0;
|
215
231
|
}
|
216
232
|
|
217
233
|
BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC);
|
@@ -231,30 +247,22 @@ BORINGSSL_bcm_power_on_self_test(void) {
|
|
231
247
|
if (!HMAC_Final(&hmac_ctx, result, &result_len) ||
|
232
248
|
result_len != sizeof(result)) {
|
233
249
|
fprintf(stderr, "HMAC failed.\n");
|
234
|
-
|
250
|
+
return 0;
|
235
251
|
}
|
236
|
-
|
252
|
+
HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
|
237
253
|
|
238
254
|
const uint8_t *expected = BORINGSSL_bcm_text_hash;
|
239
255
|
|
240
256
|
if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) {
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
if (!boringssl_fips_self_test(BORINGSSL_bcm_text_hash, sizeof(result))) {
|
245
|
-
goto err;
|
246
|
-
}
|
247
|
-
#else
|
248
|
-
if (!BORINGSSL_self_test()) {
|
249
|
-
goto err;
|
257
|
+
#if !defined(BORINGSSL_FIPS_BREAK_TESTS)
|
258
|
+
return 0;
|
259
|
+
#endif
|
250
260
|
}
|
251
|
-
#endif // OPENSSL_ASAN
|
252
|
-
|
253
|
-
return;
|
254
261
|
|
255
|
-
|
256
|
-
|
262
|
+
OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10.
|
263
|
+
return 1;
|
257
264
|
}
|
265
|
+
#endif // OPENSSL_ASAN
|
258
266
|
|
259
267
|
void BORINGSSL_FIPS_abort(void) {
|
260
268
|
for (;;) {
|
@@ -56,6 +56,7 @@
|
|
56
56
|
|
57
57
|
#include <openssl/bn.h>
|
58
58
|
|
59
|
+
#include <assert.h>
|
59
60
|
#include <limits.h>
|
60
61
|
#include <string.h>
|
61
62
|
|
@@ -66,11 +67,15 @@
|
|
66
67
|
#include "../delocate.h"
|
67
68
|
|
68
69
|
|
70
|
+
// BN_MAX_WORDS is the maximum number of words allowed in a |BIGNUM|. It is
|
71
|
+
// sized so byte and bit counts of a |BIGNUM| always fit in |int|, with room to
|
72
|
+
// spare.
|
73
|
+
#define BN_MAX_WORDS (INT_MAX / (4 * BN_BITS2))
|
74
|
+
|
69
75
|
BIGNUM *BN_new(void) {
|
70
76
|
BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM));
|
71
77
|
|
72
78
|
if (bn == NULL) {
|
73
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
|
74
79
|
return NULL;
|
75
80
|
}
|
76
81
|
|
@@ -80,6 +85,8 @@ BIGNUM *BN_new(void) {
|
|
80
85
|
return bn;
|
81
86
|
}
|
82
87
|
|
88
|
+
BIGNUM *BN_secure_new(void) { return BN_new(); }
|
89
|
+
|
83
90
|
void BN_init(BIGNUM *bn) {
|
84
91
|
OPENSSL_memset(bn, 0, sizeof(BIGNUM));
|
85
92
|
}
|
@@ -289,8 +296,9 @@ void bn_set_static_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
|
|
289
296
|
}
|
290
297
|
bn->d = (BN_ULONG *)words;
|
291
298
|
|
292
|
-
|
293
|
-
bn->
|
299
|
+
assert(num <= BN_MAX_WORDS);
|
300
|
+
bn->width = (int)num;
|
301
|
+
bn->dmax = (int)num;
|
294
302
|
bn->neg = 0;
|
295
303
|
bn->flags |= BN_FLG_STATIC_DATA;
|
296
304
|
}
|
@@ -343,7 +351,7 @@ int bn_wexpand(BIGNUM *bn, size_t words) {
|
|
343
351
|
return 1;
|
344
352
|
}
|
345
353
|
|
346
|
-
if (words >
|
354
|
+
if (words > BN_MAX_WORDS) {
|
347
355
|
OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
|
348
356
|
return 0;
|
349
357
|
}
|
@@ -355,7 +363,6 @@ int bn_wexpand(BIGNUM *bn, size_t words) {
|
|
355
363
|
|
356
364
|
a = OPENSSL_malloc(sizeof(BN_ULONG) * words);
|
357
365
|
if (a == NULL) {
|
358
|
-
OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
|
359
366
|
return 0;
|
360
367
|
}
|
361
368
|
|
@@ -377,30 +384,13 @@ int bn_expand(BIGNUM *bn, size_t bits) {
|
|
377
384
|
}
|
378
385
|
|
379
386
|
int bn_resize_words(BIGNUM *bn, size_t words) {
|
380
|
-
#if defined(OPENSSL_PPC64LE)
|
381
|
-
// This is a workaround for a miscompilation bug in Clang 7.0.1 on POWER.
|
382
|
-
// The unittests catch the miscompilation, if it occurs, and it manifests
|
383
|
-
// as a crash in |bn_fits_in_words|.
|
384
|
-
//
|
385
|
-
// The bug only triggers if building in FIPS mode and with -O3. Clang 8.0.1
|
386
|
-
// has the same bug but this workaround is not effective there---I've not
|
387
|
-
// been able to find a workaround for 8.0.1.
|
388
|
-
//
|
389
|
-
// At the time of writing (2019-08-08), Clang git does *not* have this bug
|
390
|
-
// and does not need this workaroud. The current git version should go on to
|
391
|
-
// be Clang 10 thus, once we can depend on that, this can be removed.
|
392
|
-
if (value_barrier_w((size_t)bn->width == words)) {
|
393
|
-
return 1;
|
394
|
-
}
|
395
|
-
#endif
|
396
|
-
|
397
387
|
if ((size_t)bn->width <= words) {
|
398
388
|
if (!bn_wexpand(bn, words)) {
|
399
389
|
return 0;
|
400
390
|
}
|
401
391
|
OPENSSL_memset(bn->d + bn->width, 0,
|
402
392
|
(words - bn->width) * sizeof(BN_ULONG));
|
403
|
-
bn->width = words;
|
393
|
+
bn->width = (int)words;
|
404
394
|
return 1;
|
405
395
|
}
|
406
396
|
|
@@ -409,15 +399,15 @@ int bn_resize_words(BIGNUM *bn, size_t words) {
|
|
409
399
|
OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
|
410
400
|
return 0;
|
411
401
|
}
|
412
|
-
bn->width = words;
|
402
|
+
bn->width = (int)words;
|
413
403
|
return 1;
|
414
404
|
}
|
415
405
|
|
416
406
|
void bn_select_words(BN_ULONG *r, BN_ULONG mask, const BN_ULONG *a,
|
417
407
|
const BN_ULONG *b, size_t num) {
|
418
408
|
for (size_t i = 0; i < num; i++) {
|
419
|
-
|
420
|
-
|
409
|
+
static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
|
410
|
+
"crypto_word_t is too small");
|
421
411
|
r[i] = constant_time_select_w(mask, a[i], b[i]);
|
422
412
|
}
|
423
413
|
}
|