grpc 1.53.1 → 1.54.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (689) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +78 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/support/port_platform.h +4 -4
  6. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  7. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  8. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  9. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  10. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  11. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  12. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  13. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  14. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  16. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  17. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
  18. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  19. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  20. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  21. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  22. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  24. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  25. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  26. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  27. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  28. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  29. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  30. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  31. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  32. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  33. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  34. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  35. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  36. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  37. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  38. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  39. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  40. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  41. data/src/core/ext/gcp/metadata_query.cc +142 -0
  42. data/src/core/ext/gcp/metadata_query.h +82 -0
  43. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  44. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
  45. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
  46. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
  47. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  48. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  49. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
  52. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
  53. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
  56. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
  57. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
  58. data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
  59. data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
  60. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  61. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  62. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  63. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  64. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  65. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  67. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  68. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  69. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  70. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  71. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  72. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  73. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  74. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  75. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  76. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  77. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  78. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  79. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  80. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  81. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  82. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  83. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  84. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  85. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  86. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  87. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  88. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  89. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  90. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  91. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  92. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  94. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  95. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  96. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  97. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  98. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  99. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  100. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  101. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  102. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  103. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  104. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  105. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  106. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  107. data/src/core/ext/xds/xds_client_stats.h +24 -20
  108. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  109. data/src/core/ext/xds/xds_endpoint.h +9 -1
  110. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  111. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  112. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  113. data/src/core/lib/channel/call_finalization.h +1 -1
  114. data/src/core/lib/channel/call_tracer.cc +51 -0
  115. data/src/core/lib/channel/call_tracer.h +101 -38
  116. data/src/core/lib/channel/connected_channel.cc +483 -1050
  117. data/src/core/lib/channel/context.h +8 -1
  118. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  119. data/src/core/lib/channel/promise_based_filter.h +27 -13
  120. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  121. data/src/core/lib/config/config_vars.cc +151 -0
  122. data/src/core/lib/config/config_vars.h +127 -0
  123. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  124. data/src/core/lib/config/load_config.cc +66 -0
  125. data/src/core/lib/config/load_config.h +49 -0
  126. data/src/core/lib/debug/trace.cc +5 -6
  127. data/src/core/lib/debug/trace.h +0 -5
  128. data/src/core/lib/event_engine/event_engine.cc +37 -2
  129. data/src/core/lib/event_engine/handle_containers.h +7 -22
  130. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  131. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  132. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  133. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  134. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  135. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  136. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
  137. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  138. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  139. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  140. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  141. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  142. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  143. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  144. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  145. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  146. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  147. data/src/core/lib/experiments/config.cc +3 -10
  148. data/src/core/lib/experiments/experiments.cc +7 -0
  149. data/src/core/lib/experiments/experiments.h +9 -1
  150. data/src/core/lib/gpr/log.cc +15 -28
  151. data/src/core/lib/gprpp/fork.cc +8 -14
  152. data/src/core/lib/gprpp/orphanable.h +4 -3
  153. data/src/core/lib/gprpp/per_cpu.h +9 -3
  154. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  155. data/src/core/lib/gprpp/ref_counted.h +33 -34
  156. data/src/core/lib/gprpp/thd.h +16 -0
  157. data/src/core/lib/gprpp/time.cc +1 -0
  158. data/src/core/lib/gprpp/time.h +4 -4
  159. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  160. data/src/core/lib/iomgr/call_combiner.h +2 -2
  161. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  162. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  163. data/src/core/lib/iomgr/ev_posix.h +0 -3
  164. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  165. data/src/core/lib/iomgr/iomgr.cc +4 -8
  166. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  167. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  168. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  169. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  170. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  171. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  172. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
  173. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  174. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  175. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  176. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  177. data/src/core/lib/promise/activity.cc +22 -6
  178. data/src/core/lib/promise/activity.h +61 -24
  179. data/src/core/lib/promise/cancel_callback.h +77 -0
  180. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  181. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  182. data/src/core/lib/promise/for_each.h +176 -0
  183. data/src/core/lib/promise/if.h +9 -0
  184. data/src/core/lib/promise/interceptor_list.h +23 -2
  185. data/src/core/lib/promise/latch.h +89 -3
  186. data/src/core/lib/promise/loop.h +13 -9
  187. data/src/core/lib/promise/map.h +7 -0
  188. data/src/core/lib/promise/party.cc +286 -0
  189. data/src/core/lib/promise/party.h +499 -0
  190. data/src/core/lib/promise/pipe.h +197 -57
  191. data/src/core/lib/promise/poll.h +48 -0
  192. data/src/core/lib/promise/promise.h +2 -2
  193. data/src/core/lib/resource_quota/arena.cc +19 -3
  194. data/src/core/lib/resource_quota/arena.h +119 -5
  195. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  196. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  197. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  198. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  199. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  200. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  201. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  202. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  203. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  204. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  205. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  206. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  207. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  208. data/src/core/lib/slice/slice.cc +1 -1
  209. data/src/core/lib/surface/builtins.cc +2 -0
  210. data/src/core/lib/surface/call.cc +926 -1024
  211. data/src/core/lib/surface/call.h +10 -0
  212. data/src/core/lib/surface/lame_client.cc +1 -0
  213. data/src/core/lib/surface/validate_metadata.cc +42 -43
  214. data/src/core/lib/surface/validate_metadata.h +0 -9
  215. data/src/core/lib/surface/version.cc +2 -2
  216. data/src/core/lib/transport/batch_builder.cc +179 -0
  217. data/src/core/lib/transport/batch_builder.h +468 -0
  218. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  219. data/src/core/lib/transport/bdp_estimator.h +10 -6
  220. data/src/core/lib/transport/custom_metadata.h +30 -0
  221. data/src/core/lib/transport/metadata_batch.cc +5 -2
  222. data/src/core/lib/transport/metadata_batch.h +17 -113
  223. data/src/core/lib/transport/parsed_metadata.h +6 -16
  224. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  225. data/src/core/lib/transport/transport.cc +30 -2
  226. data/src/core/lib/transport/transport.h +70 -14
  227. data/src/core/lib/transport/transport_impl.h +7 -0
  228. data/src/core/lib/transport/transport_op_string.cc +52 -42
  229. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  230. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  231. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  232. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  233. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  234. data/src/core/tsi/ssl_transport_security.cc +4 -2
  235. data/src/ruby/lib/grpc/version.rb +1 -1
  236. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  237. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  238. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  239. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  240. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  241. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  242. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  243. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  244. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  245. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  246. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  247. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  248. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  249. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  250. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  251. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  252. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  253. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  254. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  255. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  256. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  257. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  258. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  259. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  260. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  261. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  262. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  263. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  264. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  265. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  266. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  267. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  268. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  269. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  288. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  289. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  290. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  291. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  292. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  293. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  294. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  295. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  296. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  297. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  298. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  299. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  300. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  301. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  302. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  303. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  304. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  305. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  306. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  307. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  308. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  309. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  310. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  311. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  312. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  313. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  314. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  315. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  316. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  317. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  318. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  319. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  320. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  321. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  322. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  323. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  324. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  325. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  326. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  327. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  328. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  329. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  330. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  331. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  332. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  333. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  334. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  335. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  336. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  337. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  338. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  339. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  340. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  341. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  342. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  343. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  344. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  345. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  346. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  347. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  348. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  349. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  350. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  351. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  352. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  353. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  354. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  355. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  363. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  364. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  365. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  366. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  367. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  368. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  369. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  370. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  371. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  372. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  373. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  396. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  403. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  446. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  447. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  448. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  449. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  450. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  451. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  452. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  454. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  455. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  456. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  457. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  458. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  459. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  460. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  461. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  462. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  463. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  464. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  465. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  466. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  467. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  468. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  469. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  470. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  471. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  472. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  473. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  474. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  475. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  476. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  477. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  478. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  479. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  480. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  481. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  482. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  483. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  484. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  485. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  486. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  487. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  488. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  489. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  490. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  491. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  532. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  533. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  534. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  535. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  536. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  557. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  558. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  559. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  560. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  561. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  562. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  563. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  564. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  565. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  566. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  567. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  568. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  569. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  570. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  571. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  572. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  573. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  574. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  575. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  576. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  577. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  578. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  579. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  580. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  581. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  582. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  583. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  584. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  585. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  586. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  587. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  588. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  589. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  591. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  592. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  593. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  594. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  595. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  596. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  597. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  598. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  599. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  600. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  601. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  602. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  603. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  604. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  605. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  606. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  607. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  608. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  609. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  610. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  611. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  612. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  613. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  614. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  615. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  616. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  617. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  618. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  619. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  620. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  621. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  622. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  623. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  624. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  625. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  630. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  631. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  632. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  633. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  634. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  635. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  636. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  637. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  638. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  639. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  640. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  641. metadata +103 -70
  642. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  643. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  644. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
  645. data/src/core/lib/gprpp/global_config.h +0 -93
  646. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  647. data/src/core/lib/gprpp/global_config_env.h +0 -133
  648. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  649. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  650. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  651. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  652. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  653. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  654. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  655. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  656. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  657. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  658. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  659. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  660. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  661. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  662. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  663. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  664. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  665. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  666. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  667. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  668. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  669. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  670. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  671. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  672. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  673. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  674. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  675. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  676. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  677. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  678. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  679. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  680. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  681. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  682. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  683. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  684. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  685. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  686. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  687. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  688. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  689. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -13,7 +13,6 @@
13
13
 
14
14
  #include <openssl/err.h>
15
15
  #include <openssl/mem.h>
16
- #include <openssl/type_check.h>
17
16
 
18
17
  #include "../internal.h"
19
18
 
@@ -30,7 +29,7 @@
30
29
  // A block_t is a Salsa20 block.
31
30
  typedef struct { uint32_t words[16]; } block_t;
32
31
 
33
- OPENSSL_STATIC_ASSERT(sizeof(block_t) == 64, "block_t has padding");
32
+ static_assert(sizeof(block_t) == 64, "block_t has padding");
34
33
 
35
34
  // salsa208_word_specification implements the Salsa20/8 core function, also
36
35
  // described in RFC 7914, section 3. It modifies the block at |inout|
@@ -171,14 +170,13 @@ int EVP_PBE_scrypt(const char *password, size_t password_len,
171
170
 
172
171
  // Allocate and divide up the scratch space. |max_mem| fits in a size_t, which
173
172
  // is no bigger than uint64_t, so none of these operations may overflow.
174
- OPENSSL_STATIC_ASSERT(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
173
+ static_assert(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t");
175
174
  size_t B_blocks = p * 2 * r;
176
175
  size_t B_bytes = B_blocks * sizeof(block_t);
177
176
  size_t T_blocks = 2 * r;
178
177
  size_t V_blocks = N * 2 * r;
179
178
  block_t *B = OPENSSL_malloc((B_blocks + T_blocks + V_blocks) * sizeof(block_t));
180
179
  if (B == NULL) {
181
- OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
182
180
  return 0;
183
181
  }
184
182
 
@@ -56,6 +56,8 @@
56
56
 
57
57
  #include <openssl/evp.h>
58
58
 
59
+ #include <limits.h>
60
+
59
61
  #include <openssl/digest.h>
60
62
  #include <openssl/err.h>
61
63
 
@@ -74,15 +76,20 @@ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
74
76
  return EVP_DigestUpdate(ctx, data, len);
75
77
  }
76
78
 
77
- int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
78
- unsigned int *out_sig_len, EVP_PKEY *pkey) {
79
+ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig, unsigned *out_sig_len,
80
+ EVP_PKEY *pkey) {
79
81
  uint8_t m[EVP_MAX_MD_SIZE];
80
- unsigned int m_len;
82
+ unsigned m_len;
81
83
  int ret = 0;
82
84
  EVP_MD_CTX tmp_ctx;
83
85
  EVP_PKEY_CTX *pkctx = NULL;
84
86
  size_t sig_len = EVP_PKEY_size(pkey);
85
87
 
88
+ // Ensure the final result will fit in |unsigned|.
89
+ if (sig_len > UINT_MAX) {
90
+ sig_len = UINT_MAX;
91
+ }
92
+
86
93
  *out_sig_len = 0;
87
94
  EVP_MD_CTX_init(&tmp_ctx);
88
95
  if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
@@ -92,19 +99,17 @@ int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
92
99
  EVP_MD_CTX_cleanup(&tmp_ctx);
93
100
 
94
101
  pkctx = EVP_PKEY_CTX_new(pkey, NULL);
95
- if (!pkctx || !EVP_PKEY_sign_init(pkctx) ||
102
+ if (!pkctx || //
103
+ !EVP_PKEY_sign_init(pkctx) ||
96
104
  !EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) ||
97
105
  !EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) {
98
106
  goto out;
99
107
  }
100
- *out_sig_len = sig_len;
108
+ *out_sig_len = (unsigned)sig_len;
101
109
  ret = 1;
102
110
 
103
111
  out:
104
- if (pkctx) {
105
- EVP_PKEY_CTX_free(pkctx);
106
- }
107
-
112
+ EVP_PKEY_CTX_free(pkctx);
108
113
  return ret;
109
114
  }
110
115
 
@@ -123,7 +128,7 @@ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) {
123
128
  int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len,
124
129
  EVP_PKEY *pkey) {
125
130
  uint8_t m[EVP_MAX_MD_SIZE];
126
- unsigned int m_len;
131
+ unsigned m_len;
127
132
  int ret = 0;
128
133
  EVP_MD_CTX tmp_ctx;
129
134
  EVP_PKEY_CTX *pkctx = NULL;
@@ -109,6 +109,8 @@
109
109
  #include <openssl/ex_data.h>
110
110
 
111
111
  #include <assert.h>
112
+ #include <limits.h>
113
+ #include <stdlib.h>
112
114
  #include <string.h>
113
115
 
114
116
  #include <openssl/crypto.h>
@@ -135,7 +137,6 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
135
137
 
136
138
  funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
137
139
  if (funcs == NULL) {
138
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
139
140
  return 0;
140
141
  }
141
142
 
@@ -149,44 +150,55 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
149
150
  ex_data_class->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
150
151
  }
151
152
 
152
- if (ex_data_class->meth == NULL ||
153
- !sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) {
154
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
155
- OPENSSL_free(funcs);
153
+ if (ex_data_class->meth == NULL) {
156
154
  goto err;
157
155
  }
158
156
 
159
- *out_index = sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1 +
157
+ // The index must fit in |int|.
158
+ if (sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) >
159
+ (size_t)(INT_MAX - ex_data_class->num_reserved)) {
160
+ OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
161
+ goto err;
162
+ }
163
+
164
+ if (!sk_CRYPTO_EX_DATA_FUNCS_push(ex_data_class->meth, funcs)) {
165
+ goto err;
166
+ }
167
+ funcs = NULL; // |sk_CRYPTO_EX_DATA_FUNCS_push| takes ownership.
168
+
169
+ *out_index = (int)sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth) - 1 +
160
170
  ex_data_class->num_reserved;
161
171
  ret = 1;
162
172
 
163
173
  err:
164
174
  CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock);
175
+ OPENSSL_free(funcs);
165
176
  return ret;
166
177
  }
167
178
 
168
179
  int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) {
169
- int n, i;
180
+ if (index < 0) {
181
+ // A caller that can accidentally pass in an invalid index into this
182
+ // function will hit an memory error if |index| happened to be valid, and
183
+ // expected |val| to be of a different type.
184
+ abort();
185
+ }
170
186
 
171
187
  if (ad->sk == NULL) {
172
188
  ad->sk = sk_void_new_null();
173
189
  if (ad->sk == NULL) {
174
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
175
190
  return 0;
176
191
  }
177
192
  }
178
193
 
179
- n = sk_void_num(ad->sk);
180
-
181
194
  // Add NULL values until the stack is long enough.
182
- for (i = n; i <= index; i++) {
195
+ for (size_t i = sk_void_num(ad->sk); i <= (size_t)index; i++) {
183
196
  if (!sk_void_push(ad->sk, NULL)) {
184
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
185
197
  return 0;
186
198
  }
187
199
  }
188
200
 
189
- sk_void_set(ad->sk, index, val);
201
+ sk_void_set(ad->sk, (size_t)index, val);
190
202
  return 1;
191
203
  }
192
204
 
@@ -218,7 +230,6 @@ static int get_func_pointers(STACK_OF(CRYPTO_EX_DATA_FUNCS) **out,
218
230
  CRYPTO_STATIC_MUTEX_unlock_read(&ex_data_class->lock);
219
231
 
220
232
  if (n > 0 && *out == NULL) {
221
- OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
222
233
  return 0;
223
234
  }
224
235
 
@@ -242,7 +253,10 @@ void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj,
242
253
  return;
243
254
  }
244
255
 
245
- for (size_t i = 0; i < sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) {
256
+ // |CRYPTO_get_ex_new_index| will not allocate indices beyond |INT_MAX|.
257
+ assert(sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers) <=
258
+ (size_t)(INT_MAX - ex_data_class->num_reserved));
259
+ for (int i = 0; i < (int)sk_CRYPTO_EX_DATA_FUNCS_num(func_pointers); i++) {
246
260
  CRYPTO_EX_DATA_FUNCS *func_pointer =
247
261
  sk_CRYPTO_EX_DATA_FUNCS_value(func_pointers, i);
248
262
  if (func_pointer->free_func) {
@@ -50,8 +50,6 @@
50
50
 
51
51
  #include <assert.h>
52
52
 
53
- #include <openssl/cpu.h>
54
-
55
53
  #include "internal.h"
56
54
  #include "../modes/internal.h"
57
55
 
@@ -18,6 +18,7 @@
18
18
  #include <string.h>
19
19
 
20
20
  #include "../../internal.h"
21
+ #include "internal.h"
21
22
 
22
23
  #if defined(OPENSSL_SSE2)
23
24
  #include <emmintrin.h>
@@ -151,10 +152,10 @@ static inline aes_word_t aes_nohw_shift_right(aes_word_t a, aes_word_t i) {
151
152
  }
152
153
  #endif // OPENSSL_SSE2
153
154
 
154
- OPENSSL_STATIC_ASSERT(AES_NOHW_BATCH_SIZE * 128 == 8 * 8 * sizeof(aes_word_t),
155
- "batch size does not match word size");
156
- OPENSSL_STATIC_ASSERT(AES_NOHW_WORD_SIZE == sizeof(aes_word_t),
157
- "AES_NOHW_WORD_SIZE is incorrect");
155
+ static_assert(AES_NOHW_BATCH_SIZE * 128 == 8 * 8 * sizeof(aes_word_t),
156
+ "batch size does not match word size");
157
+ static_assert(AES_NOHW_WORD_SIZE == sizeof(aes_word_t),
158
+ "AES_NOHW_WORD_SIZE is incorrect");
158
159
 
159
160
 
160
161
  // Block representations.
@@ -1181,29 +1182,27 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
1181
1182
  aes_nohw_expand_round_keys(&sched, key);
1182
1183
 
1183
1184
  // Make |AES_NOHW_BATCH_SIZE| copies of |ivec|.
1184
- alignas(AES_NOHW_WORD_SIZE) union {
1185
- uint32_t u32[AES_NOHW_BATCH_SIZE * 4];
1186
- uint8_t u8[AES_NOHW_BATCH_SIZE * 16];
1187
- } ivs, enc_ivs;
1185
+ alignas(AES_NOHW_WORD_SIZE) uint8_t ivs[AES_NOHW_BATCH_SIZE * 16];
1186
+ alignas(AES_NOHW_WORD_SIZE) uint8_t enc_ivs[AES_NOHW_BATCH_SIZE * 16];
1188
1187
  for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) {
1189
- memcpy(ivs.u8 + 16 * i, ivec, 16);
1188
+ memcpy(ivs + 16 * i, ivec, 16);
1190
1189
  }
1191
1190
 
1192
- uint32_t ctr = CRYPTO_bswap4(ivs.u32[3]);
1191
+ uint32_t ctr = CRYPTO_load_u32_be(ivs + 12);
1193
1192
  for (;;) {
1194
1193
  // Update counters.
1195
1194
  for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) {
1196
- ivs.u32[4 * i + 3] = CRYPTO_bswap4(ctr + i);
1195
+ CRYPTO_store_u32_be(ivs + 16 * i + 12, ctr + (uint32_t)i);
1197
1196
  }
1198
1197
 
1199
1198
  size_t todo = blocks >= AES_NOHW_BATCH_SIZE ? AES_NOHW_BATCH_SIZE : blocks;
1200
1199
  AES_NOHW_BATCH batch;
1201
- aes_nohw_to_batch(&batch, ivs.u8, todo);
1200
+ aes_nohw_to_batch(&batch, ivs, todo);
1202
1201
  aes_nohw_encrypt_batch(&sched, key->rounds, &batch);
1203
- aes_nohw_from_batch(enc_ivs.u8, todo, &batch);
1202
+ aes_nohw_from_batch(enc_ivs, todo, &batch);
1204
1203
 
1205
1204
  for (size_t i = 0; i < todo; i++) {
1206
- aes_nohw_xor_block(out + 16 * i, in + 16 * i, enc_ivs.u8 + 16 * i);
1205
+ aes_nohw_xor_block(out + 16 * i, in + 16 * i, enc_ivs + 16 * i);
1207
1206
  }
1208
1207
 
1209
1208
  blocks -= todo;
@@ -17,7 +17,7 @@
17
17
 
18
18
  #include <stdlib.h>
19
19
 
20
- #include <openssl/cpu.h>
20
+ #include "../../internal.h"
21
21
 
22
22
  #if defined(__cplusplus)
23
23
  extern "C" {
@@ -30,18 +30,14 @@ extern "C" {
30
30
  #define HWAES
31
31
  #define HWAES_ECB
32
32
 
33
- OPENSSL_INLINE int hwaes_capable(void) {
34
- return (OPENSSL_ia32cap_get()[1] & (1 << (57 - 32))) != 0;
35
- }
33
+ OPENSSL_INLINE int hwaes_capable(void) { return CRYPTO_is_AESNI_capable(); }
36
34
 
37
35
  #define VPAES
38
36
  #if defined(OPENSSL_X86_64)
39
37
  #define VPAES_CTR32
40
38
  #endif
41
39
  #define VPAES_CBC
42
- OPENSSL_INLINE int vpaes_capable(void) {
43
- return (OPENSSL_ia32cap_get()[1] & (1 << (41 - 32))) != 0;
44
- }
40
+ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_SSSE3_capable(); }
45
41
 
46
42
  #elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
47
43
  #define HWAES
@@ -63,12 +59,6 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
63
59
  OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
64
60
  #endif
65
61
 
66
- #elif defined(OPENSSL_PPC64LE)
67
- #define HWAES
68
-
69
- OPENSSL_INLINE int hwaes_capable(void) {
70
- return CRYPTO_is_PPC64LE_vcrypto_capable();
71
- }
72
62
  #endif
73
63
 
74
64
  #endif // !NO_ASM
@@ -55,6 +55,7 @@
55
55
  #include <openssl/mem.h>
56
56
 
57
57
  #include "../../internal.h"
58
+ #include "../service_indicator/internal.h"
58
59
 
59
60
 
60
61
  // kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1.
@@ -98,6 +99,7 @@ int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
98
99
  }
99
100
 
100
101
  OPENSSL_memcpy(out, A, 8);
102
+ FIPS_service_indicator_update_state();
101
103
  return (int)in_len + 8;
102
104
  }
103
105
 
@@ -151,6 +153,7 @@ int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
151
153
  return -1;
152
154
  }
153
155
 
156
+ FIPS_service_indicator_update_state();
154
157
  return (int)in_len - 8;
155
158
  }
156
159
 
@@ -161,10 +164,8 @@ static const uint8_t kPaddingConstant[4] = {0xa6, 0x59, 0x59, 0xa6};
161
164
  int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
162
165
  size_t max_out, const uint8_t *in, size_t in_len) {
163
166
  // See https://tools.ietf.org/html/rfc5649#section-4.1
164
- const uint32_t in_len32_be = CRYPTO_bswap4(in_len);
165
167
  const uint64_t in_len64 = in_len;
166
168
  const size_t padded_len = (in_len + 7) & ~7;
167
-
168
169
  *out_len = 0;
169
170
  if (in_len == 0 || in_len64 > 0xffffffffu || in_len + 7 < in_len ||
170
171
  padded_len + 8 < padded_len || max_out < padded_len + 8) {
@@ -173,7 +174,7 @@ int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
173
174
 
174
175
  uint8_t block[AES_BLOCK_SIZE];
175
176
  memcpy(block, kPaddingConstant, sizeof(kPaddingConstant));
176
- memcpy(block + 4, &in_len32_be, sizeof(in_len32_be));
177
+ CRYPTO_store_u32_be(block + 4, (uint32_t)in_len);
177
178
 
178
179
  if (in_len <= 8) {
179
180
  memset(block + 8, 0, 8);
@@ -190,12 +191,15 @@ int AES_wrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
190
191
  assert(padded_len >= 8);
191
192
  memset(padded_in + padded_len - 8, 0, 8);
192
193
  memcpy(padded_in, in, in_len);
194
+ FIPS_service_indicator_lock_state();
193
195
  const int ret = AES_wrap_key(key, block, out, padded_in, padded_len);
196
+ FIPS_service_indicator_unlock_state();
194
197
  OPENSSL_free(padded_in);
195
198
  if (ret < 0) {
196
199
  return 0;
197
200
  }
198
201
  *out_len = ret;
202
+ FIPS_service_indicator_update_state();
199
203
  return 1;
200
204
  }
201
205
 
@@ -220,9 +224,7 @@ int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
220
224
  crypto_word_t ok = constant_time_eq_int(
221
225
  CRYPTO_memcmp(iv, kPaddingConstant, sizeof(kPaddingConstant)), 0);
222
226
 
223
- uint32_t claimed_len32;
224
- memcpy(&claimed_len32, iv + 4, sizeof(claimed_len32));
225
- const size_t claimed_len = CRYPTO_bswap4(claimed_len32);
227
+ const size_t claimed_len = CRYPTO_load_u32_be(iv + 4);
226
228
  ok &= ~constant_time_is_zero_w(claimed_len);
227
229
  ok &= constant_time_eq_w((claimed_len - 1) >> 3, (in_len - 9) >> 3);
228
230
 
@@ -232,5 +234,9 @@ int AES_unwrap_key_padded(const AES_KEY *key, uint8_t *out, size_t *out_len,
232
234
  }
233
235
 
234
236
  *out_len = constant_time_select_w(ok, claimed_len, 0);
235
- return ok & 1;
237
+ const int ret = ok & 1;
238
+ if (ret) {
239
+ FIPS_service_indicator_update_state();
240
+ }
241
+ return ret;
236
242
  }
@@ -52,6 +52,7 @@
52
52
 
53
53
  #include "../aes/internal.h"
54
54
  #include "../modes/internal.h"
55
+ #include "../service_indicator/internal.h"
55
56
 
56
57
 
57
58
  void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
@@ -74,6 +75,8 @@ void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
74
75
  CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, ivec, ecount_buf, num,
75
76
  aes_nohw_ctr32_encrypt_blocks);
76
77
  }
78
+
79
+ FIPS_service_indicator_update_state();
77
80
  }
78
81
 
79
82
  void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key,
@@ -86,24 +89,23 @@ void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key,
86
89
  } else {
87
90
  AES_decrypt(in, out, key);
88
91
  }
92
+
93
+ FIPS_service_indicator_update_state();
89
94
  }
90
95
 
91
96
  void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
92
97
  const AES_KEY *key, uint8_t *ivec, const int enc) {
93
98
  if (hwaes_capable()) {
94
99
  aes_hw_cbc_encrypt(in, out, len, key, ivec, enc);
95
- return;
96
- }
97
-
98
- if (!vpaes_capable()) {
100
+ } else if (!vpaes_capable()) {
99
101
  aes_nohw_cbc_encrypt(in, out, len, key, ivec, enc);
100
- return;
101
- }
102
- if (enc) {
102
+ } else if (enc) {
103
103
  CRYPTO_cbc128_encrypt(in, out, len, key, ivec, AES_encrypt);
104
104
  } else {
105
105
  CRYPTO_cbc128_decrypt(in, out, len, key, ivec, AES_decrypt);
106
106
  }
107
+
108
+ FIPS_service_indicator_update_state();
107
109
  }
108
110
 
109
111
  void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t length,
@@ -58,12 +58,13 @@
58
58
  #include "cipher/aead.c"
59
59
  #include "cipher/cipher.c"
60
60
  #include "cipher/e_aes.c"
61
- #include "cipher/e_des.c"
62
- #include "des/des.c"
61
+ #include "cipher/e_aesccm.c"
62
+ #include "cmac/cmac.c"
63
63
  #include "dh/check.c"
64
64
  #include "dh/dh.c"
65
65
  #include "digest/digest.c"
66
66
  #include "digest/digests.c"
67
+ #include "digestsign/digestsign.c"
67
68
  #include "ecdh/ecdh.c"
68
69
  #include "ecdsa/ecdsa.c"
69
70
  #include "ec/ec.c"
@@ -73,7 +74,7 @@
73
74
  #include "ec/oct.c"
74
75
  #include "ec/p224-64.c"
75
76
  #include "ec/p256.c"
76
- #include "ec/p256-x86_64.c"
77
+ #include "ec/p256-nistz.c"
77
78
  #include "ec/scalar.c"
78
79
  #include "ec/simple.c"
79
80
  #include "ec/simple_mul.c"
@@ -99,7 +100,7 @@
99
100
  #include "rsa/rsa_impl.c"
100
101
  #include "self_check/fips.c"
101
102
  #include "self_check/self_check.c"
102
- #include "sha/sha1-altivec.c"
103
+ #include "service_indicator/service_indicator.c"
103
104
  #include "sha/sha1.c"
104
105
  #include "sha/sha256.c"
105
106
  #include "sha/sha512.c"
@@ -171,6 +172,23 @@ BORINGSSL_bcm_power_on_self_test(void) {
171
172
  #if !defined(OPENSSL_ASAN)
172
173
  // Integrity tests cannot run under ASAN because it involves reading the full
173
174
  // .text section, which triggers the global-buffer overflow detection.
175
+ if (!BORINGSSL_integrity_test()) {
176
+ goto err;
177
+ }
178
+ #endif // OPENSSL_ASAN
179
+
180
+ if (!boringssl_self_test_startup()) {
181
+ goto err;
182
+ }
183
+
184
+ return;
185
+
186
+ err:
187
+ BORINGSSL_FIPS_abort();
188
+ }
189
+
190
+ #if !defined(OPENSSL_ASAN)
191
+ int BORINGSSL_integrity_test(void) {
174
192
  const uint8_t *const start = BORINGSSL_bcm_text_start;
175
193
  const uint8_t *const end = BORINGSSL_bcm_text_end;
176
194
 
@@ -192,17 +210,15 @@ BORINGSSL_bcm_power_on_self_test(void) {
192
210
  #endif
193
211
 
194
212
  assert_within(rodata_start, kPrimes, rodata_end);
195
- assert_within(rodata_start, des_skb, rodata_end);
196
213
  assert_within(rodata_start, kP256Params, rodata_end);
197
214
  assert_within(rodata_start, kPKCS1SigPrefixes, rodata_end);
198
215
 
199
- #if defined(OPENSSL_AARCH64) || defined(OPENSSL_ANDROID)
200
216
  uint8_t result[SHA256_DIGEST_LENGTH];
201
217
  const EVP_MD *const kHashFunction = EVP_sha256();
202
- #else
203
- uint8_t result[SHA512_DIGEST_LENGTH];
204
- const EVP_MD *const kHashFunction = EVP_sha512();
205
- #endif
218
+ if (!boringssl_self_test_sha256() ||
219
+ !boringssl_self_test_hmac_sha256()) {
220
+ return 0;
221
+ }
206
222
 
207
223
  static const uint8_t kHMACKey[64] = {0};
208
224
  unsigned result_len;
@@ -211,7 +227,7 @@ BORINGSSL_bcm_power_on_self_test(void) {
211
227
  if (!HMAC_Init_ex(&hmac_ctx, kHMACKey, sizeof(kHMACKey), kHashFunction,
212
228
  NULL /* no ENGINE */)) {
213
229
  fprintf(stderr, "HMAC_Init_ex failed.\n");
214
- goto err;
230
+ return 0;
215
231
  }
216
232
 
217
233
  BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC);
@@ -231,30 +247,22 @@ BORINGSSL_bcm_power_on_self_test(void) {
231
247
  if (!HMAC_Final(&hmac_ctx, result, &result_len) ||
232
248
  result_len != sizeof(result)) {
233
249
  fprintf(stderr, "HMAC failed.\n");
234
- goto err;
250
+ return 0;
235
251
  }
236
- HMAC_CTX_cleanup(&hmac_ctx);
252
+ HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
237
253
 
238
254
  const uint8_t *expected = BORINGSSL_bcm_text_hash;
239
255
 
240
256
  if (!check_test(expected, result, sizeof(result), "FIPS integrity test")) {
241
- goto err;
242
- }
243
-
244
- if (!boringssl_fips_self_test(BORINGSSL_bcm_text_hash, sizeof(result))) {
245
- goto err;
246
- }
247
- #else
248
- if (!BORINGSSL_self_test()) {
249
- goto err;
257
+ #if !defined(BORINGSSL_FIPS_BREAK_TESTS)
258
+ return 0;
259
+ #endif
250
260
  }
251
- #endif // OPENSSL_ASAN
252
-
253
- return;
254
261
 
255
- err:
256
- BORINGSSL_FIPS_abort();
262
+ OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10.
263
+ return 1;
257
264
  }
265
+ #endif // OPENSSL_ASAN
258
266
 
259
267
  void BORINGSSL_FIPS_abort(void) {
260
268
  for (;;) {
@@ -56,6 +56,7 @@
56
56
 
57
57
  #include <openssl/bn.h>
58
58
 
59
+ #include <assert.h>
59
60
  #include <limits.h>
60
61
  #include <string.h>
61
62
 
@@ -66,11 +67,15 @@
66
67
  #include "../delocate.h"
67
68
 
68
69
 
70
+ // BN_MAX_WORDS is the maximum number of words allowed in a |BIGNUM|. It is
71
+ // sized so byte and bit counts of a |BIGNUM| always fit in |int|, with room to
72
+ // spare.
73
+ #define BN_MAX_WORDS (INT_MAX / (4 * BN_BITS2))
74
+
69
75
  BIGNUM *BN_new(void) {
70
76
  BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM));
71
77
 
72
78
  if (bn == NULL) {
73
- OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
74
79
  return NULL;
75
80
  }
76
81
 
@@ -80,6 +85,8 @@ BIGNUM *BN_new(void) {
80
85
  return bn;
81
86
  }
82
87
 
88
+ BIGNUM *BN_secure_new(void) { return BN_new(); }
89
+
83
90
  void BN_init(BIGNUM *bn) {
84
91
  OPENSSL_memset(bn, 0, sizeof(BIGNUM));
85
92
  }
@@ -289,8 +296,9 @@ void bn_set_static_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
289
296
  }
290
297
  bn->d = (BN_ULONG *)words;
291
298
 
292
- bn->width = num;
293
- bn->dmax = num;
299
+ assert(num <= BN_MAX_WORDS);
300
+ bn->width = (int)num;
301
+ bn->dmax = (int)num;
294
302
  bn->neg = 0;
295
303
  bn->flags |= BN_FLG_STATIC_DATA;
296
304
  }
@@ -343,7 +351,7 @@ int bn_wexpand(BIGNUM *bn, size_t words) {
343
351
  return 1;
344
352
  }
345
353
 
346
- if (words > (INT_MAX / (4 * BN_BITS2))) {
354
+ if (words > BN_MAX_WORDS) {
347
355
  OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
348
356
  return 0;
349
357
  }
@@ -355,7 +363,6 @@ int bn_wexpand(BIGNUM *bn, size_t words) {
355
363
 
356
364
  a = OPENSSL_malloc(sizeof(BN_ULONG) * words);
357
365
  if (a == NULL) {
358
- OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
359
366
  return 0;
360
367
  }
361
368
 
@@ -377,30 +384,13 @@ int bn_expand(BIGNUM *bn, size_t bits) {
377
384
  }
378
385
 
379
386
  int bn_resize_words(BIGNUM *bn, size_t words) {
380
- #if defined(OPENSSL_PPC64LE)
381
- // This is a workaround for a miscompilation bug in Clang 7.0.1 on POWER.
382
- // The unittests catch the miscompilation, if it occurs, and it manifests
383
- // as a crash in |bn_fits_in_words|.
384
- //
385
- // The bug only triggers if building in FIPS mode and with -O3. Clang 8.0.1
386
- // has the same bug but this workaround is not effective there---I've not
387
- // been able to find a workaround for 8.0.1.
388
- //
389
- // At the time of writing (2019-08-08), Clang git does *not* have this bug
390
- // and does not need this workaroud. The current git version should go on to
391
- // be Clang 10 thus, once we can depend on that, this can be removed.
392
- if (value_barrier_w((size_t)bn->width == words)) {
393
- return 1;
394
- }
395
- #endif
396
-
397
387
  if ((size_t)bn->width <= words) {
398
388
  if (!bn_wexpand(bn, words)) {
399
389
  return 0;
400
390
  }
401
391
  OPENSSL_memset(bn->d + bn->width, 0,
402
392
  (words - bn->width) * sizeof(BN_ULONG));
403
- bn->width = words;
393
+ bn->width = (int)words;
404
394
  return 1;
405
395
  }
406
396
 
@@ -409,15 +399,15 @@ int bn_resize_words(BIGNUM *bn, size_t words) {
409
399
  OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
410
400
  return 0;
411
401
  }
412
- bn->width = words;
402
+ bn->width = (int)words;
413
403
  return 1;
414
404
  }
415
405
 
416
406
  void bn_select_words(BN_ULONG *r, BN_ULONG mask, const BN_ULONG *a,
417
407
  const BN_ULONG *b, size_t num) {
418
408
  for (size_t i = 0; i < num; i++) {
419
- OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
420
- "crypto_word_t is too small");
409
+ static_assert(sizeof(BN_ULONG) <= sizeof(crypto_word_t),
410
+ "crypto_word_t is too small");
421
411
  r[i] = constant_time_select_w(mask, a[i], b[i]);
422
412
  }
423
413
  }