grpc 1.53.1 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -65,6 +65,7 @@
|
|
65
65
|
#include <openssl/nid.h>
|
66
66
|
|
67
67
|
#include "internal.h"
|
68
|
+
#include "../service_indicator/internal.h"
|
68
69
|
#include "../../internal.h"
|
69
70
|
|
70
71
|
|
@@ -103,6 +104,11 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
|
|
103
104
|
return 0;
|
104
105
|
}
|
105
106
|
|
107
|
+
if (in->poisoned) {
|
108
|
+
OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
109
|
+
return 0;
|
110
|
+
}
|
111
|
+
|
106
112
|
EVP_CIPHER_CTX_cleanup(out);
|
107
113
|
OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX));
|
108
114
|
|
@@ -110,7 +116,6 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
|
|
110
116
|
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
|
111
117
|
if (!out->cipher_data) {
|
112
118
|
out->cipher = NULL;
|
113
|
-
OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
|
114
119
|
return 0;
|
115
120
|
}
|
116
121
|
OPENSSL_memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
|
@@ -159,7 +164,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
|
159
164
|
ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
|
160
165
|
if (!ctx->cipher_data) {
|
161
166
|
ctx->cipher = NULL;
|
162
|
-
OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
|
163
167
|
return 0;
|
164
168
|
}
|
165
169
|
} else {
|
@@ -225,6 +229,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
|
225
229
|
|
226
230
|
ctx->buf_len = 0;
|
227
231
|
ctx->final_used = 0;
|
232
|
+
// Clear the poisoned flag to permit re-use of a CTX that previously had a
|
233
|
+
// failed operation.
|
234
|
+
ctx->poisoned = 0;
|
228
235
|
return 1;
|
229
236
|
}
|
230
237
|
|
@@ -249,6 +256,15 @@ static int block_remainder(const EVP_CIPHER_CTX *ctx, int len) {
|
|
249
256
|
|
250
257
|
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
251
258
|
const uint8_t *in, int in_len) {
|
259
|
+
if (ctx->poisoned) {
|
260
|
+
OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
261
|
+
return 0;
|
262
|
+
}
|
263
|
+
// If the first call to |cipher| succeeds and the second fails, |ctx| may be
|
264
|
+
// left in an indeterminate state. We set a poison flag on failure to ensure
|
265
|
+
// callers do not continue to use the object in that case.
|
266
|
+
ctx->poisoned = 1;
|
267
|
+
|
252
268
|
// Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
|
253
269
|
// does not overflow |*out_len|.
|
254
270
|
int bl = ctx->cipher->block_size;
|
@@ -264,17 +280,23 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
264
280
|
} else {
|
265
281
|
*out_len = ret;
|
266
282
|
}
|
283
|
+
ctx->poisoned = 0;
|
267
284
|
return 1;
|
268
285
|
}
|
269
286
|
|
270
287
|
if (in_len <= 0) {
|
271
288
|
*out_len = 0;
|
272
|
-
|
289
|
+
if (in_len == 0) {
|
290
|
+
ctx->poisoned = 0;
|
291
|
+
return 1;
|
292
|
+
}
|
293
|
+
return 0;
|
273
294
|
}
|
274
295
|
|
275
296
|
if (ctx->buf_len == 0 && block_remainder(ctx, in_len) == 0) {
|
276
297
|
if (ctx->cipher->cipher(ctx, out, in, in_len)) {
|
277
298
|
*out_len = in_len;
|
299
|
+
ctx->poisoned = 0;
|
278
300
|
return 1;
|
279
301
|
} else {
|
280
302
|
*out_len = 0;
|
@@ -289,6 +311,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
289
311
|
OPENSSL_memcpy(&ctx->buf[i], in, in_len);
|
290
312
|
ctx->buf_len += in_len;
|
291
313
|
*out_len = 0;
|
314
|
+
ctx->poisoned = 0;
|
292
315
|
return 1;
|
293
316
|
} else {
|
294
317
|
int j = bl - i;
|
@@ -318,28 +341,36 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
318
341
|
OPENSSL_memcpy(ctx->buf, &in[in_len], i);
|
319
342
|
}
|
320
343
|
ctx->buf_len = i;
|
344
|
+
ctx->poisoned = 0;
|
321
345
|
return 1;
|
322
346
|
}
|
323
347
|
|
324
348
|
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) {
|
325
|
-
int n
|
349
|
+
int n;
|
326
350
|
unsigned int i, b, bl;
|
327
351
|
|
352
|
+
if (ctx->poisoned) {
|
353
|
+
OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
354
|
+
return 0;
|
355
|
+
}
|
356
|
+
|
328
357
|
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
329
|
-
|
330
|
-
|
358
|
+
// When EVP_CIPH_FLAG_CUSTOM_CIPHER is set, the return value of |cipher| is
|
359
|
+
// the number of bytes written, or -1 on error. Otherwise the return value
|
360
|
+
// is one on success and zero on error.
|
361
|
+
const int num_bytes = ctx->cipher->cipher(ctx, out, NULL, 0);
|
362
|
+
if (num_bytes < 0) {
|
331
363
|
return 0;
|
332
|
-
} else {
|
333
|
-
*out_len = ret;
|
334
364
|
}
|
335
|
-
|
365
|
+
*out_len = num_bytes;
|
366
|
+
goto out;
|
336
367
|
}
|
337
368
|
|
338
369
|
b = ctx->cipher->block_size;
|
339
370
|
assert(b <= sizeof(ctx->buf));
|
340
371
|
if (b == 1) {
|
341
372
|
*out_len = 0;
|
342
|
-
|
373
|
+
goto out;
|
343
374
|
}
|
344
375
|
|
345
376
|
bl = ctx->buf_len;
|
@@ -349,24 +380,30 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) {
|
|
349
380
|
return 0;
|
350
381
|
}
|
351
382
|
*out_len = 0;
|
352
|
-
|
383
|
+
goto out;
|
353
384
|
}
|
354
385
|
|
355
386
|
n = b - bl;
|
356
387
|
for (i = bl; i < b; i++) {
|
357
388
|
ctx->buf[i] = n;
|
358
389
|
}
|
359
|
-
|
360
|
-
|
361
|
-
if (ret) {
|
362
|
-
*out_len = b;
|
390
|
+
if (!ctx->cipher->cipher(ctx, out, ctx->buf, b)) {
|
391
|
+
return 0;
|
363
392
|
}
|
393
|
+
*out_len = b;
|
364
394
|
|
365
|
-
|
395
|
+
out:
|
396
|
+
EVP_Cipher_verify_service_indicator(ctx);
|
397
|
+
return 1;
|
366
398
|
}
|
367
399
|
|
368
400
|
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
369
401
|
const uint8_t *in, int in_len) {
|
402
|
+
if (ctx->poisoned) {
|
403
|
+
OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
404
|
+
return 0;
|
405
|
+
}
|
406
|
+
|
370
407
|
// Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
|
371
408
|
// does not overflow |*out_len|.
|
372
409
|
unsigned int b = ctx->cipher->block_size;
|
@@ -429,6 +466,11 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
|
|
429
466
|
unsigned int b;
|
430
467
|
*out_len = 0;
|
431
468
|
|
469
|
+
if (ctx->poisoned) {
|
470
|
+
OPENSSL_PUT_ERROR(CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
471
|
+
return 0;
|
472
|
+
}
|
473
|
+
|
432
474
|
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
433
475
|
i = ctx->cipher->cipher(ctx, out, NULL, 0);
|
434
476
|
if (i < 0) {
|
@@ -436,7 +478,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
|
|
436
478
|
} else {
|
437
479
|
*out_len = i;
|
438
480
|
}
|
439
|
-
|
481
|
+
goto out;
|
440
482
|
}
|
441
483
|
|
442
484
|
b = ctx->cipher->block_size;
|
@@ -446,7 +488,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
|
|
446
488
|
return 0;
|
447
489
|
}
|
448
490
|
*out_len = 0;
|
449
|
-
|
491
|
+
goto out;
|
450
492
|
}
|
451
493
|
|
452
494
|
if (b > 1) {
|
@@ -480,12 +522,30 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *out_len) {
|
|
480
522
|
*out_len = 0;
|
481
523
|
}
|
482
524
|
|
525
|
+
out:
|
526
|
+
EVP_Cipher_verify_service_indicator(ctx);
|
483
527
|
return 1;
|
484
528
|
}
|
485
529
|
|
486
530
|
int EVP_Cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
|
487
531
|
size_t in_len) {
|
488
|
-
|
532
|
+
const int ret = ctx->cipher->cipher(ctx, out, in, in_len);
|
533
|
+
|
534
|
+
// |EVP_CIPH_FLAG_CUSTOM_CIPHER| never sets the FIPS indicator via
|
535
|
+
// |EVP_Cipher| because it's complicated whether the operation has completed
|
536
|
+
// or not. E.g. AES-GCM with a non-NULL |in| argument hasn't completed an
|
537
|
+
// operation. Callers should use the |EVP_AEAD| API or, at least,
|
538
|
+
// |EVP_CipherUpdate| etc.
|
539
|
+
//
|
540
|
+
// This call can't be pushed into |EVP_Cipher_verify_service_indicator|
|
541
|
+
// because whether |ret| indicates success or not depends on whether
|
542
|
+
// |EVP_CIPH_FLAG_CUSTOM_CIPHER| is set. (This unreasonable, but matches
|
543
|
+
// OpenSSL.)
|
544
|
+
if (!(ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) && ret) {
|
545
|
+
EVP_Cipher_verify_service_indicator(ctx);
|
546
|
+
}
|
547
|
+
|
548
|
+
return ret;
|
489
549
|
}
|
490
550
|
|
491
551
|
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
@@ -47,12 +47,12 @@
|
|
47
47
|
* ==================================================================== */
|
48
48
|
|
49
49
|
#include <assert.h>
|
50
|
+
#include <limits.h>
|
50
51
|
#include <string.h>
|
51
52
|
|
52
53
|
#include <openssl/aead.h>
|
53
54
|
#include <openssl/aes.h>
|
54
55
|
#include <openssl/cipher.h>
|
55
|
-
#include <openssl/cpu.h>
|
56
56
|
#include <openssl/err.h>
|
57
57
|
#include <openssl/mem.h>
|
58
58
|
#include <openssl/nid.h>
|
@@ -62,6 +62,7 @@
|
|
62
62
|
#include "../../internal.h"
|
63
63
|
#include "../aes/internal.h"
|
64
64
|
#include "../modes/internal.h"
|
65
|
+
#include "../service_indicator/internal.h"
|
65
66
|
#include "../delocate.h"
|
66
67
|
|
67
68
|
|
@@ -99,16 +100,13 @@ static void vpaes_ctr32_encrypt_blocks_with_bsaes(const uint8_t *in,
|
|
99
100
|
out += 16 * bsaes_blocks;
|
100
101
|
blocks -= bsaes_blocks;
|
101
102
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
memcpy(new_ivec.u8, ivec, 16);
|
107
|
-
uint32_t ctr = CRYPTO_bswap4(new_ivec.u32[3]) + bsaes_blocks;
|
108
|
-
new_ivec.u32[3] = CRYPTO_bswap4(ctr);
|
103
|
+
uint8_t new_ivec[16];
|
104
|
+
memcpy(new_ivec, ivec, 12);
|
105
|
+
uint32_t ctr = CRYPTO_load_u32_be(ivec + 12) + bsaes_blocks;
|
106
|
+
CRYPTO_store_u32_be(new_ivec + 12, ctr);
|
109
107
|
|
110
108
|
// Finish any remaining blocks with |vpaes_ctr32_encrypt_blocks|.
|
111
|
-
vpaes_ctr32_encrypt_blocks(in, out, blocks, key, new_ivec
|
109
|
+
vpaes_ctr32_encrypt_blocks(in, out, blocks, key, new_ivec);
|
112
110
|
}
|
113
111
|
#endif // BSAES
|
114
112
|
|
@@ -292,8 +290,10 @@ static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
|
|
292
290
|
ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
|
293
291
|
block128_f *out_block, const uint8_t *key,
|
294
292
|
size_t key_bytes) {
|
293
|
+
// This function assumes the key length was previously validated.
|
294
|
+
assert(key_bytes == 128 / 8 || key_bytes == 192 / 8 || key_bytes == 256 / 8);
|
295
295
|
if (hwaes_capable()) {
|
296
|
-
aes_hw_set_encrypt_key(key, key_bytes * 8, aes_key);
|
296
|
+
aes_hw_set_encrypt_key(key, (int)key_bytes * 8, aes_key);
|
297
297
|
if (gcm_key != NULL) {
|
298
298
|
CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_hw_encrypt, 1);
|
299
299
|
}
|
@@ -304,7 +304,7 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
|
|
304
304
|
}
|
305
305
|
|
306
306
|
if (vpaes_capable()) {
|
307
|
-
vpaes_set_encrypt_key(key, key_bytes * 8, aes_key);
|
307
|
+
vpaes_set_encrypt_key(key, (int)key_bytes * 8, aes_key);
|
308
308
|
if (out_block) {
|
309
309
|
*out_block = vpaes_encrypt;
|
310
310
|
}
|
@@ -321,7 +321,7 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
|
|
321
321
|
#endif
|
322
322
|
}
|
323
323
|
|
324
|
-
aes_nohw_set_encrypt_key(key, key_bytes * 8, aes_key);
|
324
|
+
aes_nohw_set_encrypt_key(key, (int)key_bytes * 8, aes_key);
|
325
325
|
if (gcm_key != NULL) {
|
326
326
|
CRYPTO_gcm128_init_key(gcm_key, aes_key, aes_nohw_encrypt, 0);
|
327
327
|
}
|
@@ -338,11 +338,9 @@ ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
|
|
338
338
|
#endif
|
339
339
|
|
340
340
|
static EVP_AES_GCM_CTX *aes_gcm_from_cipher_ctx(EVP_CIPHER_CTX *ctx) {
|
341
|
-
|
342
|
-
OPENSSL_STATIC_ASSERT(
|
341
|
+
static_assert(
|
343
342
|
alignof(EVP_AES_GCM_CTX) <= 16,
|
344
343
|
"EVP_AES_GCM_CTX needs more alignment than this function provides");
|
345
|
-
#endif
|
346
344
|
|
347
345
|
// |malloc| guarantees up to 4-byte alignment on 32-bit and 8-byte alignment
|
348
346
|
// on 64-bit systems, so we need to adjust to reach 16-byte alignment.
|
@@ -486,8 +484,13 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
|
|
486
484
|
if (arg) {
|
487
485
|
OPENSSL_memcpy(gctx->iv, ptr, arg);
|
488
486
|
}
|
489
|
-
if (c->encrypt
|
490
|
-
|
487
|
+
if (c->encrypt) {
|
488
|
+
// |RAND_bytes| calls within the fipsmodule should be wrapped with state
|
489
|
+
// lock functions to avoid updating the service indicator with the DRBG
|
490
|
+
// functions.
|
491
|
+
FIPS_service_indicator_lock_state();
|
492
|
+
RAND_bytes(gctx->iv + arg, gctx->ivlen - arg);
|
493
|
+
FIPS_service_indicator_unlock_state();
|
491
494
|
}
|
492
495
|
gctx->iv_gen = 1;
|
493
496
|
return 1;
|
@@ -526,11 +529,10 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
|
|
526
529
|
if (gctx->iv == c->iv) {
|
527
530
|
gctx_out->iv = out->iv;
|
528
531
|
} else {
|
529
|
-
gctx_out->iv =
|
532
|
+
gctx_out->iv = OPENSSL_memdup(gctx->iv, gctx->ivlen);
|
530
533
|
if (!gctx_out->iv) {
|
531
534
|
return 0;
|
532
535
|
}
|
533
|
-
OPENSSL_memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
|
534
536
|
}
|
535
537
|
return 1;
|
536
538
|
}
|
@@ -552,6 +554,14 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
|
|
552
554
|
return -1;
|
553
555
|
}
|
554
556
|
|
557
|
+
if (len > INT_MAX) {
|
558
|
+
// This function signature can only express up to |INT_MAX| bytes encrypted.
|
559
|
+
//
|
560
|
+
// TODO(https://crbug.com/boringssl/494): Make the internal |EVP_CIPHER|
|
561
|
+
// calling convention |size_t|-clean.
|
562
|
+
return -1;
|
563
|
+
}
|
564
|
+
|
555
565
|
if (in) {
|
556
566
|
if (out == NULL) {
|
557
567
|
if (!CRYPTO_gcm128_aad(&gctx->gcm, in, len)) {
|
@@ -580,7 +590,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
|
|
580
590
|
}
|
581
591
|
}
|
582
592
|
}
|
583
|
-
return len;
|
593
|
+
return (int)len;
|
584
594
|
} else {
|
585
595
|
if (!ctx->encrypt) {
|
586
596
|
if (gctx->taglen < 0 ||
|
@@ -598,7 +608,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
|
|
598
608
|
}
|
599
609
|
}
|
600
610
|
|
601
|
-
|
611
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_cbc) {
|
602
612
|
memset(out, 0, sizeof(EVP_CIPHER));
|
603
613
|
|
604
614
|
out->nid = NID_aes_128_cbc;
|
@@ -611,7 +621,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_cbc_generic) {
|
|
611
621
|
out->cipher = aes_cbc_cipher;
|
612
622
|
}
|
613
623
|
|
614
|
-
|
624
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_ctr) {
|
615
625
|
memset(out, 0, sizeof(EVP_CIPHER));
|
616
626
|
|
617
627
|
out->nid = NID_aes_128_ctr;
|
@@ -636,7 +646,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_ecb_generic) {
|
|
636
646
|
out->cipher = aes_ecb_cipher;
|
637
647
|
}
|
638
648
|
|
639
|
-
|
649
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_ofb) {
|
640
650
|
memset(out, 0, sizeof(EVP_CIPHER));
|
641
651
|
|
642
652
|
out->nid = NID_aes_128_ofb128;
|
@@ -649,7 +659,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_ofb_generic) {
|
|
649
659
|
out->cipher = aes_ofb_cipher;
|
650
660
|
}
|
651
661
|
|
652
|
-
|
662
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_gcm) {
|
653
663
|
memset(out, 0, sizeof(EVP_CIPHER));
|
654
664
|
|
655
665
|
out->nid = NID_aes_128_gcm;
|
@@ -666,7 +676,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_gcm_generic) {
|
|
666
676
|
out->ctrl = aes_gcm_ctrl;
|
667
677
|
}
|
668
678
|
|
669
|
-
|
679
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_cbc) {
|
670
680
|
memset(out, 0, sizeof(EVP_CIPHER));
|
671
681
|
|
672
682
|
out->nid = NID_aes_192_cbc;
|
@@ -679,7 +689,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_cbc_generic) {
|
|
679
689
|
out->cipher = aes_cbc_cipher;
|
680
690
|
}
|
681
691
|
|
682
|
-
|
692
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_ctr) {
|
683
693
|
memset(out, 0, sizeof(EVP_CIPHER));
|
684
694
|
|
685
695
|
out->nid = NID_aes_192_ctr;
|
@@ -704,7 +714,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_ecb_generic) {
|
|
704
714
|
out->cipher = aes_ecb_cipher;
|
705
715
|
}
|
706
716
|
|
707
|
-
|
717
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_ofb) {
|
708
718
|
memset(out, 0, sizeof(EVP_CIPHER));
|
709
719
|
|
710
720
|
out->nid = NID_aes_192_ofb128;
|
@@ -717,7 +727,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_ofb_generic) {
|
|
717
727
|
out->cipher = aes_ofb_cipher;
|
718
728
|
}
|
719
729
|
|
720
|
-
|
730
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_gcm) {
|
721
731
|
memset(out, 0, sizeof(EVP_CIPHER));
|
722
732
|
|
723
733
|
out->nid = NID_aes_192_gcm;
|
@@ -734,7 +744,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_gcm_generic) {
|
|
734
744
|
out->ctrl = aes_gcm_ctrl;
|
735
745
|
}
|
736
746
|
|
737
|
-
|
747
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_cbc) {
|
738
748
|
memset(out, 0, sizeof(EVP_CIPHER));
|
739
749
|
|
740
750
|
out->nid = NID_aes_256_cbc;
|
@@ -747,7 +757,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_cbc_generic) {
|
|
747
757
|
out->cipher = aes_cbc_cipher;
|
748
758
|
}
|
749
759
|
|
750
|
-
|
760
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_ctr) {
|
751
761
|
memset(out, 0, sizeof(EVP_CIPHER));
|
752
762
|
|
753
763
|
out->nid = NID_aes_256_ctr;
|
@@ -772,7 +782,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_ecb_generic) {
|
|
772
782
|
out->cipher = aes_ecb_cipher;
|
773
783
|
}
|
774
784
|
|
775
|
-
|
785
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_ofb) {
|
776
786
|
memset(out, 0, sizeof(EVP_CIPHER));
|
777
787
|
|
778
788
|
out->nid = NID_aes_256_ofb128;
|
@@ -785,7 +795,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_ofb_generic) {
|
|
785
795
|
out->cipher = aes_ofb_cipher;
|
786
796
|
}
|
787
797
|
|
788
|
-
|
798
|
+
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_gcm) {
|
789
799
|
memset(out, 0, sizeof(EVP_CIPHER));
|
790
800
|
|
791
801
|
out->nid = NID_aes_256_gcm;
|
@@ -870,26 +880,6 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_hw_256_ecb) {
|
|
870
880
|
|
871
881
|
#endif // HWAES_ECB
|
872
882
|
|
873
|
-
#define EVP_CIPHER_FUNCTION(keybits, mode) \
|
874
|
-
const EVP_CIPHER *EVP_aes_##keybits##_##mode(void) { \
|
875
|
-
return aes_##keybits##_##mode##_generic(); \
|
876
|
-
}
|
877
|
-
|
878
|
-
EVP_CIPHER_FUNCTION(128, cbc)
|
879
|
-
EVP_CIPHER_FUNCTION(128, ctr)
|
880
|
-
EVP_CIPHER_FUNCTION(128, ofb)
|
881
|
-
EVP_CIPHER_FUNCTION(128, gcm)
|
882
|
-
|
883
|
-
EVP_CIPHER_FUNCTION(192, cbc)
|
884
|
-
EVP_CIPHER_FUNCTION(192, ctr)
|
885
|
-
EVP_CIPHER_FUNCTION(192, ofb)
|
886
|
-
EVP_CIPHER_FUNCTION(192, gcm)
|
887
|
-
|
888
|
-
EVP_CIPHER_FUNCTION(256, cbc)
|
889
|
-
EVP_CIPHER_FUNCTION(256, ctr)
|
890
|
-
EVP_CIPHER_FUNCTION(256, ofb)
|
891
|
-
EVP_CIPHER_FUNCTION(256, gcm)
|
892
|
-
|
893
883
|
EVP_ECB_CIPHER_FUNCTION(128)
|
894
884
|
EVP_ECB_CIPHER_FUNCTION(192)
|
895
885
|
EVP_ECB_CIPHER_FUNCTION(256)
|
@@ -941,14 +931,12 @@ static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx,
|
|
941
931
|
return 1;
|
942
932
|
}
|
943
933
|
|
944
|
-
|
945
|
-
|
946
|
-
|
947
|
-
|
948
|
-
|
949
|
-
|
950
|
-
"AEAD state has insufficient alignment");
|
951
|
-
#endif
|
934
|
+
static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
|
935
|
+
sizeof(struct aead_aes_gcm_ctx),
|
936
|
+
"AEAD state is too small");
|
937
|
+
static_assert(alignof(union evp_aead_ctx_st_state) >=
|
938
|
+
alignof(struct aead_aes_gcm_ctx),
|
939
|
+
"AEAD state has insufficient alignment");
|
952
940
|
|
953
941
|
static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
954
942
|
size_t key_len, size_t requested_tag_len) {
|
@@ -1100,9 +1088,14 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
1100
1088
|
const uint8_t *in_tag, size_t in_tag_len,
|
1101
1089
|
const uint8_t *ad, size_t ad_len) {
|
1102
1090
|
struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *)&ctx->state;
|
1103
|
-
|
1104
|
-
|
1105
|
-
|
1091
|
+
if (!aead_aes_gcm_open_gather_impl(gcm_ctx, out, nonce, nonce_len, in, in_len,
|
1092
|
+
in_tag, in_tag_len, ad, ad_len,
|
1093
|
+
ctx->tag_len)) {
|
1094
|
+
return 0;
|
1095
|
+
}
|
1096
|
+
|
1097
|
+
AEAD_GCM_verify_service_indicator(ctx);
|
1098
|
+
return 1;
|
1106
1099
|
}
|
1107
1100
|
|
1108
1101
|
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm) {
|
@@ -1187,7 +1180,12 @@ static int aead_aes_gcm_seal_scatter_randnonce(
|
|
1187
1180
|
return 0;
|
1188
1181
|
}
|
1189
1182
|
|
1183
|
+
// |RAND_bytes| calls within the fipsmodule should be wrapped with state lock
|
1184
|
+
// functions to avoid updating the service indicator with the DRBG functions.
|
1185
|
+
FIPS_service_indicator_lock_state();
|
1190
1186
|
RAND_bytes(nonce, sizeof(nonce));
|
1187
|
+
FIPS_service_indicator_unlock_state();
|
1188
|
+
|
1191
1189
|
const struct aead_aes_gcm_ctx *gcm_ctx =
|
1192
1190
|
(const struct aead_aes_gcm_ctx *)&ctx->state;
|
1193
1191
|
if (!aead_aes_gcm_seal_scatter_impl(gcm_ctx, out, out_tag, out_tag_len,
|
@@ -1202,6 +1200,7 @@ static int aead_aes_gcm_seal_scatter_randnonce(
|
|
1202
1200
|
memcpy(out_tag + *out_tag_len, nonce, sizeof(nonce));
|
1203
1201
|
*out_tag_len += sizeof(nonce);
|
1204
1202
|
|
1203
|
+
AEAD_GCM_verify_service_indicator(ctx);
|
1205
1204
|
return 1;
|
1206
1205
|
}
|
1207
1206
|
|
@@ -1224,10 +1223,15 @@ static int aead_aes_gcm_open_gather_randnonce(
|
|
1224
1223
|
|
1225
1224
|
const struct aead_aes_gcm_ctx *gcm_ctx =
|
1226
1225
|
(const struct aead_aes_gcm_ctx *)&ctx->state;
|
1227
|
-
|
1226
|
+
if (!aead_aes_gcm_open_gather_impl(
|
1228
1227
|
gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag,
|
1229
1228
|
in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len,
|
1230
|
-
ctx->tag_len - AES_GCM_NONCE_LENGTH)
|
1229
|
+
ctx->tag_len - AES_GCM_NONCE_LENGTH)) {
|
1230
|
+
return 0;
|
1231
|
+
}
|
1232
|
+
|
1233
|
+
AEAD_GCM_verify_service_indicator(ctx);
|
1234
|
+
return 1;
|
1231
1235
|
}
|
1232
1236
|
|
1233
1237
|
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_randnonce) {
|
@@ -1265,14 +1269,12 @@ struct aead_aes_gcm_tls12_ctx {
|
|
1265
1269
|
uint64_t min_next_nonce;
|
1266
1270
|
};
|
1267
1271
|
|
1268
|
-
|
1269
|
-
|
1270
|
-
|
1271
|
-
|
1272
|
-
|
1273
|
-
|
1274
|
-
"AEAD state has insufficient alignment");
|
1275
|
-
#endif
|
1272
|
+
static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
|
1273
|
+
sizeof(struct aead_aes_gcm_tls12_ctx),
|
1274
|
+
"AEAD state is too small");
|
1275
|
+
static_assert(alignof(union evp_aead_ctx_st_state) >=
|
1276
|
+
alignof(struct aead_aes_gcm_tls12_ctx),
|
1277
|
+
"AEAD state has insufficient alignment");
|
1276
1278
|
|
1277
1279
|
static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
1278
1280
|
size_t key_len, size_t requested_tag_len) {
|
@@ -1305,21 +1307,23 @@ static int aead_aes_gcm_tls12_seal_scatter(
|
|
1305
1307
|
}
|
1306
1308
|
|
1307
1309
|
// The given nonces must be strictly monotonically increasing.
|
1308
|
-
uint64_t given_counter
|
1309
|
-
|
1310
|
-
|
1311
|
-
given_counter = CRYPTO_bswap8(given_counter);
|
1312
|
-
if (given_counter == UINT64_MAX ||
|
1313
|
-
given_counter < gcm_ctx->min_next_nonce) {
|
1310
|
+
uint64_t given_counter =
|
1311
|
+
CRYPTO_load_u64_be(nonce + nonce_len - sizeof(uint64_t));
|
1312
|
+
if (given_counter == UINT64_MAX || given_counter < gcm_ctx->min_next_nonce) {
|
1314
1313
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE);
|
1315
1314
|
return 0;
|
1316
1315
|
}
|
1317
1316
|
|
1318
1317
|
gcm_ctx->min_next_nonce = given_counter + 1;
|
1319
1318
|
|
1320
|
-
|
1321
|
-
|
1322
|
-
|
1319
|
+
if (!aead_aes_gcm_seal_scatter(ctx, out, out_tag, out_tag_len,
|
1320
|
+
max_out_tag_len, nonce, nonce_len, in, in_len,
|
1321
|
+
extra_in, extra_in_len, ad, ad_len)) {
|
1322
|
+
return 0;
|
1323
|
+
}
|
1324
|
+
|
1325
|
+
AEAD_GCM_verify_service_indicator(ctx);
|
1326
|
+
return 1;
|
1323
1327
|
}
|
1324
1328
|
|
1325
1329
|
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls12) {
|
@@ -1359,14 +1363,12 @@ struct aead_aes_gcm_tls13_ctx {
|
|
1359
1363
|
uint8_t first;
|
1360
1364
|
};
|
1361
1365
|
|
1362
|
-
|
1363
|
-
|
1364
|
-
|
1365
|
-
|
1366
|
-
|
1367
|
-
|
1368
|
-
"AEAD state has insufficient alignment");
|
1369
|
-
#endif
|
1366
|
+
static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
|
1367
|
+
sizeof(struct aead_aes_gcm_tls13_ctx),
|
1368
|
+
"AEAD state is too small");
|
1369
|
+
static_assert(alignof(union evp_aead_ctx_st_state) >=
|
1370
|
+
alignof(struct aead_aes_gcm_tls13_ctx),
|
1371
|
+
"AEAD state has insufficient alignment");
|
1370
1372
|
|
1371
1373
|
static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
1372
1374
|
size_t key_len, size_t requested_tag_len) {
|
@@ -1402,10 +1404,8 @@ static int aead_aes_gcm_tls13_seal_scatter(
|
|
1402
1404
|
// The given nonces must be strictly monotonically increasing. See
|
1403
1405
|
// https://tools.ietf.org/html/rfc8446#section-5.3 for details of the TLS 1.3
|
1404
1406
|
// nonce construction.
|
1405
|
-
uint64_t given_counter
|
1406
|
-
|
1407
|
-
sizeof(given_counter));
|
1408
|
-
given_counter = CRYPTO_bswap8(given_counter);
|
1407
|
+
uint64_t given_counter =
|
1408
|
+
CRYPTO_load_u64_be(nonce + nonce_len - sizeof(uint64_t));
|
1409
1409
|
|
1410
1410
|
if (gcm_ctx->first) {
|
1411
1411
|
// In the first call the sequence number will be zero and therefore the
|
@@ -1423,9 +1423,14 @@ static int aead_aes_gcm_tls13_seal_scatter(
|
|
1423
1423
|
|
1424
1424
|
gcm_ctx->min_next_nonce = given_counter + 1;
|
1425
1425
|
|
1426
|
-
|
1427
|
-
|
1428
|
-
|
1426
|
+
if (!aead_aes_gcm_seal_scatter(ctx, out, out_tag, out_tag_len,
|
1427
|
+
max_out_tag_len, nonce, nonce_len, in, in_len,
|
1428
|
+
extra_in, extra_in_len, ad, ad_len)) {
|
1429
|
+
return 0;
|
1430
|
+
}
|
1431
|
+
|
1432
|
+
AEAD_GCM_verify_service_indicator(ctx);
|
1433
|
+
return 1;
|
1429
1434
|
}
|
1430
1435
|
|
1431
1436
|
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls13) {
|
@@ -1463,8 +1468,6 @@ int EVP_has_aes_hardware(void) {
|
|
1463
1468
|
return hwaes_capable() && crypto_gcm_clmul_enabled();
|
1464
1469
|
#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
1465
1470
|
return hwaes_capable() && CRYPTO_is_ARMv8_PMULL_capable();
|
1466
|
-
#elif defined(OPENSSL_PPC64LE)
|
1467
|
-
return CRYPTO_is_PPC64LE_vcrypto_capable();
|
1468
1471
|
#else
|
1469
1472
|
return 0;
|
1470
1473
|
#endif
|