grpc 1.53.1 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -52,7 +52,6 @@
|
|
52
52
|
#include <string.h>
|
53
53
|
|
54
54
|
#include <openssl/mem.h>
|
55
|
-
#include <openssl/cpu.h>
|
56
55
|
|
57
56
|
#include "internal.h"
|
58
57
|
#include "../../internal.h"
|
@@ -133,81 +132,107 @@ void gcm_init_ssse3(u128 Htable[16], const uint64_t H[2]) {
|
|
133
132
|
(*gcm_ghash_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len)
|
134
133
|
#endif // GCM_FUNCREF
|
135
134
|
|
135
|
+
#if defined(HW_GCM) && defined(OPENSSL_X86_64)
|
136
|
+
static size_t hw_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
137
|
+
const AES_KEY *key, uint8_t ivec[16],
|
138
|
+
uint64_t *Xi) {
|
139
|
+
return aesni_gcm_encrypt(in, out, len, key, ivec, Xi);
|
140
|
+
}
|
141
|
+
|
142
|
+
static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
143
|
+
const AES_KEY *key, uint8_t ivec[16],
|
144
|
+
uint64_t *Xi) {
|
145
|
+
return aesni_gcm_decrypt(in, out, len, key, ivec, Xi);
|
146
|
+
}
|
147
|
+
#endif // HW_GCM && X86_64
|
148
|
+
|
149
|
+
#if defined(HW_GCM) && defined(OPENSSL_AARCH64)
|
150
|
+
|
151
|
+
static size_t hw_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
152
|
+
const AES_KEY *key, uint8_t ivec[16],
|
153
|
+
uint64_t *Xi) {
|
154
|
+
const size_t len_blocks = len & kSizeTWithoutLower4Bits;
|
155
|
+
if (!len_blocks) {
|
156
|
+
return 0;
|
157
|
+
}
|
158
|
+
aes_gcm_enc_kernel(in, len_blocks * 8, out, Xi, ivec, key);
|
159
|
+
return len_blocks;
|
160
|
+
}
|
161
|
+
|
162
|
+
static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
163
|
+
const AES_KEY *key, uint8_t ivec[16],
|
164
|
+
uint64_t *Xi) {
|
165
|
+
const size_t len_blocks = len & kSizeTWithoutLower4Bits;
|
166
|
+
if (!len_blocks) {
|
167
|
+
return 0;
|
168
|
+
}
|
169
|
+
aes_gcm_dec_kernel(in, len_blocks * 8, out, Xi, ivec, key);
|
170
|
+
return len_blocks;
|
171
|
+
}
|
172
|
+
|
173
|
+
#endif // HW_GCM && AARCH64
|
174
|
+
|
136
175
|
void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
|
137
176
|
u128 *out_key, u128 out_table[16], int *out_is_avx,
|
138
177
|
const uint8_t gcm_key[16]) {
|
139
178
|
*out_is_avx = 0;
|
140
179
|
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
OPENSSL_memcpy(H.c, gcm_key, 16);
|
147
|
-
|
148
|
-
// H is stored in host byte order
|
149
|
-
H.u[0] = CRYPTO_bswap8(H.u[0]);
|
150
|
-
H.u[1] = CRYPTO_bswap8(H.u[1]);
|
151
|
-
|
152
|
-
OPENSSL_memcpy(out_key, H.c, 16);
|
180
|
+
// H is stored in host byte order.
|
181
|
+
uint64_t H[2] = {CRYPTO_load_u64_be(gcm_key),
|
182
|
+
CRYPTO_load_u64_be(gcm_key + 8)};
|
183
|
+
out_key->hi = H[0];
|
184
|
+
out_key->lo = H[1];
|
153
185
|
|
154
186
|
#if defined(GHASH_ASM_X86_64)
|
155
187
|
if (crypto_gcm_clmul_enabled()) {
|
156
|
-
if ((
|
157
|
-
gcm_init_avx(out_table, H
|
188
|
+
if (CRYPTO_is_AVX_capable() && CRYPTO_is_MOVBE_capable()) {
|
189
|
+
gcm_init_avx(out_table, H);
|
158
190
|
*out_mult = gcm_gmult_avx;
|
159
191
|
*out_hash = gcm_ghash_avx;
|
160
192
|
*out_is_avx = 1;
|
161
193
|
return;
|
162
194
|
}
|
163
|
-
gcm_init_clmul(out_table, H
|
195
|
+
gcm_init_clmul(out_table, H);
|
164
196
|
*out_mult = gcm_gmult_clmul;
|
165
197
|
*out_hash = gcm_ghash_clmul;
|
166
198
|
return;
|
167
199
|
}
|
168
|
-
if (
|
169
|
-
gcm_init_ssse3(out_table, H
|
200
|
+
if (CRYPTO_is_SSSE3_capable()) {
|
201
|
+
gcm_init_ssse3(out_table, H);
|
170
202
|
*out_mult = gcm_gmult_ssse3;
|
171
203
|
*out_hash = gcm_ghash_ssse3;
|
172
204
|
return;
|
173
205
|
}
|
174
206
|
#elif defined(GHASH_ASM_X86)
|
175
207
|
if (crypto_gcm_clmul_enabled()) {
|
176
|
-
gcm_init_clmul(out_table, H
|
208
|
+
gcm_init_clmul(out_table, H);
|
177
209
|
*out_mult = gcm_gmult_clmul;
|
178
210
|
*out_hash = gcm_ghash_clmul;
|
179
211
|
return;
|
180
212
|
}
|
181
|
-
if (
|
182
|
-
gcm_init_ssse3(out_table, H
|
213
|
+
if (CRYPTO_is_SSSE3_capable()) {
|
214
|
+
gcm_init_ssse3(out_table, H);
|
183
215
|
*out_mult = gcm_gmult_ssse3;
|
184
216
|
*out_hash = gcm_ghash_ssse3;
|
185
217
|
return;
|
186
218
|
}
|
187
219
|
#elif defined(GHASH_ASM_ARM)
|
188
220
|
if (gcm_pmull_capable()) {
|
189
|
-
gcm_init_v8(out_table, H
|
221
|
+
gcm_init_v8(out_table, H);
|
190
222
|
*out_mult = gcm_gmult_v8;
|
191
223
|
*out_hash = gcm_ghash_v8;
|
192
224
|
return;
|
193
225
|
}
|
194
226
|
|
195
227
|
if (gcm_neon_capable()) {
|
196
|
-
gcm_init_neon(out_table, H
|
228
|
+
gcm_init_neon(out_table, H);
|
197
229
|
*out_mult = gcm_gmult_neon;
|
198
230
|
*out_hash = gcm_ghash_neon;
|
199
231
|
return;
|
200
232
|
}
|
201
|
-
#elif defined(GHASH_ASM_PPC64LE)
|
202
|
-
if (CRYPTO_is_PPC64LE_vcrypto_capable()) {
|
203
|
-
gcm_init_p8(out_table, H.u);
|
204
|
-
*out_mult = gcm_gmult_p8;
|
205
|
-
*out_hash = gcm_ghash_p8;
|
206
|
-
return;
|
207
|
-
}
|
208
233
|
#endif
|
209
234
|
|
210
|
-
gcm_init_nohw(out_table, H
|
235
|
+
gcm_init_nohw(out_table, H);
|
211
236
|
*out_mult = gcm_gmult_nohw;
|
212
237
|
*out_hash = gcm_ghash_nohw;
|
213
238
|
}
|
@@ -225,7 +250,12 @@ void CRYPTO_gcm128_init_key(GCM128_KEY *gcm_key, const AES_KEY *aes_key,
|
|
225
250
|
CRYPTO_ghash_init(&gcm_key->gmult, &gcm_key->ghash, &gcm_key->H,
|
226
251
|
gcm_key->Htable, &is_avx, ghash_key);
|
227
252
|
|
228
|
-
|
253
|
+
#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM)
|
254
|
+
gcm_key->use_hw_gcm_crypt = (gcm_pmull_capable() && block_is_hwaes) ? 1 :
|
255
|
+
0;
|
256
|
+
#else
|
257
|
+
gcm_key->use_hw_gcm_crypt = (is_avx && block_is_hwaes) ? 1 : 0;
|
258
|
+
#endif
|
229
259
|
}
|
230
260
|
|
231
261
|
void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
@@ -552,12 +582,12 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
552
582
|
}
|
553
583
|
}
|
554
584
|
|
555
|
-
#if defined(
|
585
|
+
#if defined(HW_GCM)
|
556
586
|
// Check |len| to work around a C language bug. See https://crbug.com/1019588.
|
557
|
-
if (ctx->gcm_key.
|
558
|
-
// |
|
587
|
+
if (ctx->gcm_key.use_hw_gcm_crypt && len > 0) {
|
588
|
+
// |hw_gcm_encrypt| may not process all the input given to it. It may
|
559
589
|
// not process *any* of its input if it is deemed too small.
|
560
|
-
size_t bulk =
|
590
|
+
size_t bulk = hw_gcm_encrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);
|
561
591
|
in += bulk;
|
562
592
|
out += bulk;
|
563
593
|
len -= bulk;
|
@@ -640,12 +670,12 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
640
670
|
}
|
641
671
|
}
|
642
672
|
|
643
|
-
#if defined(
|
673
|
+
#if defined(HW_GCM)
|
644
674
|
// Check |len| to work around a C language bug. See https://crbug.com/1019588.
|
645
|
-
if (ctx->gcm_key.
|
646
|
-
// |
|
675
|
+
if (ctx->gcm_key.use_hw_gcm_crypt && len > 0) {
|
676
|
+
// |hw_gcm_decrypt| may not process all the input given to it. It may
|
647
677
|
// not process *any* of its input if it is deemed too small.
|
648
|
-
size_t bulk =
|
678
|
+
size_t bulk = hw_gcm_decrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);
|
649
679
|
in += bulk;
|
650
680
|
out += bulk;
|
651
681
|
len -= bulk;
|
@@ -723,9 +753,7 @@ void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) {
|
|
723
753
|
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
724
754
|
int crypto_gcm_clmul_enabled(void) {
|
725
755
|
#if defined(GHASH_ASM_X86) || defined(GHASH_ASM_X86_64)
|
726
|
-
|
727
|
-
return (ia32cap[0] & (1 << 24)) && // check FXSR bit
|
728
|
-
(ia32cap[1] & (1 << 1)); // check PCLMULQDQ bit
|
756
|
+
return CRYPTO_is_FXSR_capable() && CRYPTO_is_PCLMUL_capable();
|
729
757
|
#else
|
730
758
|
return 0;
|
731
759
|
#endif
|
@@ -52,7 +52,6 @@
|
|
52
52
|
#include <openssl/base.h>
|
53
53
|
|
54
54
|
#include <openssl/aes.h>
|
55
|
-
#include <openssl/cpu.h>
|
56
55
|
|
57
56
|
#include <stdlib.h>
|
58
57
|
#include <string.h>
|
@@ -137,9 +136,9 @@ typedef struct gcm128_key_st {
|
|
137
136
|
|
138
137
|
block128_f block;
|
139
138
|
|
140
|
-
//
|
141
|
-
//
|
142
|
-
unsigned
|
139
|
+
// use_hw_gcm_crypt is true if this context should use platform-specific
|
140
|
+
// assembly to process GCM data.
|
141
|
+
unsigned use_hw_gcm_crypt:1;
|
143
142
|
} GCM128_KEY;
|
144
143
|
|
145
144
|
// GCM128_CONTEXT contains state for a single GCM operation. The structure
|
@@ -254,10 +253,6 @@ void gcm_gmult_clmul(uint64_t Xi[2], const u128 Htable[16]);
|
|
254
253
|
void gcm_ghash_clmul(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
|
255
254
|
size_t len);
|
256
255
|
|
257
|
-
OPENSSL_INLINE char gcm_ssse3_capable(void) {
|
258
|
-
return (OPENSSL_ia32cap_get()[1] & (1 << (41 - 32))) != 0;
|
259
|
-
}
|
260
|
-
|
261
256
|
// |gcm_gmult_ssse3| and |gcm_ghash_ssse3| require |Htable| to be
|
262
257
|
// 16-byte-aligned, but |gcm_init_ssse3| does not.
|
263
258
|
void gcm_init_ssse3(u128 Htable[16], const uint64_t Xi[2]);
|
@@ -272,7 +267,7 @@ void gcm_gmult_avx(uint64_t Xi[2], const u128 Htable[16]);
|
|
272
267
|
void gcm_ghash_avx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in,
|
273
268
|
size_t len);
|
274
269
|
|
275
|
-
#define
|
270
|
+
#define HW_GCM
|
276
271
|
size_t aesni_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
277
272
|
const AES_KEY *key, uint8_t ivec[16], uint64_t *Xi);
|
278
273
|
size_t aesni_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
@@ -284,6 +279,7 @@ size_t aesni_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
|
284
279
|
#endif // OPENSSL_X86
|
285
280
|
|
286
281
|
#elif defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
282
|
+
|
287
283
|
#define GHASH_ASM_ARM
|
288
284
|
#define GCM_FUNCREF
|
289
285
|
|
@@ -303,13 +299,15 @@ void gcm_gmult_neon(uint64_t Xi[2], const u128 Htable[16]);
|
|
303
299
|
void gcm_ghash_neon(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
|
304
300
|
size_t len);
|
305
301
|
|
306
|
-
#
|
307
|
-
#define
|
308
|
-
|
309
|
-
void
|
310
|
-
void
|
311
|
-
void
|
312
|
-
|
302
|
+
#if defined(OPENSSL_AARCH64)
|
303
|
+
#define HW_GCM
|
304
|
+
// These functions are defined in aesv8-gcm-armv8.pl.
|
305
|
+
void aes_gcm_enc_kernel(const uint8_t *in, uint64_t in_bits, void *out,
|
306
|
+
void *Xi, uint8_t *ivec, const AES_KEY *key);
|
307
|
+
void aes_gcm_dec_kernel(const uint8_t *in, uint64_t in_bits, void *out,
|
308
|
+
void *Xi, uint8_t *ivec, const AES_KEY *key);
|
309
|
+
#endif
|
310
|
+
|
313
311
|
#endif
|
314
312
|
#endif // OPENSSL_NO_ASM
|
315
313
|
|
@@ -46,16 +46,13 @@
|
|
46
46
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
47
47
|
* ==================================================================== */
|
48
48
|
|
49
|
-
#include <openssl/type_check.h>
|
50
|
-
|
51
49
|
#include <assert.h>
|
52
50
|
#include <string.h>
|
53
51
|
|
54
52
|
#include "internal.h"
|
55
53
|
|
56
54
|
|
57
|
-
|
58
|
-
"block cannot be divided into size_t");
|
55
|
+
static_assert(16 % sizeof(size_t) == 0, "block cannot be divided into size_t");
|
59
56
|
|
60
57
|
void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
61
58
|
const AES_KEY *key, uint8_t ivec[16], unsigned *num,
|
@@ -12,13 +12,15 @@
|
|
12
12
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
13
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
14
|
|
15
|
-
#include <openssl/
|
15
|
+
#include <openssl/ctrdrbg.h>
|
16
|
+
|
17
|
+
#include <assert.h>
|
16
18
|
|
17
|
-
#include <openssl/type_check.h>
|
18
19
|
#include <openssl/mem.h>
|
19
20
|
|
20
21
|
#include "internal.h"
|
21
22
|
#include "../cipher/internal.h"
|
23
|
+
#include "../service_indicator/internal.h"
|
22
24
|
|
23
25
|
|
24
26
|
// Section references in this file refer to SP 800-90Ar1:
|
@@ -27,6 +29,21 @@
|
|
27
29
|
// See table 3.
|
28
30
|
static const uint64_t kMaxReseedCount = UINT64_C(1) << 48;
|
29
31
|
|
32
|
+
CTR_DRBG_STATE *CTR_DRBG_new(const uint8_t entropy[CTR_DRBG_ENTROPY_LEN],
|
33
|
+
const uint8_t *personalization,
|
34
|
+
size_t personalization_len) {
|
35
|
+
CTR_DRBG_STATE *drbg = OPENSSL_malloc(sizeof(CTR_DRBG_STATE));
|
36
|
+
if (drbg == NULL ||
|
37
|
+
!CTR_DRBG_init(drbg, entropy, personalization, personalization_len)) {
|
38
|
+
CTR_DRBG_free(drbg);
|
39
|
+
return NULL;
|
40
|
+
}
|
41
|
+
|
42
|
+
return drbg;
|
43
|
+
}
|
44
|
+
|
45
|
+
void CTR_DRBG_free(CTR_DRBG_STATE *state) { OPENSSL_free(state); }
|
46
|
+
|
30
47
|
int CTR_DRBG_init(CTR_DRBG_STATE *drbg,
|
31
48
|
const uint8_t entropy[CTR_DRBG_ENTROPY_LEN],
|
32
49
|
const uint8_t *personalization, size_t personalization_len) {
|
@@ -58,20 +75,20 @@ int CTR_DRBG_init(CTR_DRBG_STATE *drbg,
|
|
58
75
|
}
|
59
76
|
|
60
77
|
drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, seed_material, 32);
|
61
|
-
OPENSSL_memcpy(drbg->counter
|
78
|
+
OPENSSL_memcpy(drbg->counter, seed_material + 32, 16);
|
62
79
|
drbg->reseed_counter = 1;
|
63
80
|
|
64
81
|
return 1;
|
65
82
|
}
|
66
83
|
|
67
|
-
|
68
|
-
|
84
|
+
static_assert(CTR_DRBG_ENTROPY_LEN % AES_BLOCK_SIZE == 0,
|
85
|
+
"not a multiple of AES block size");
|
69
86
|
|
70
87
|
// ctr_inc adds |n| to the last four bytes of |drbg->counter|, treated as a
|
71
88
|
// big-endian number.
|
72
89
|
static void ctr32_add(CTR_DRBG_STATE *drbg, uint32_t n) {
|
73
|
-
drbg->counter
|
74
|
-
|
90
|
+
uint32_t ctr = CRYPTO_load_u32_be(drbg->counter + 12);
|
91
|
+
CRYPTO_store_u32_be(drbg->counter + 12, ctr + n);
|
75
92
|
}
|
76
93
|
|
77
94
|
static int ctr_drbg_update(CTR_DRBG_STATE *drbg, const uint8_t *data,
|
@@ -86,7 +103,7 @@ static int ctr_drbg_update(CTR_DRBG_STATE *drbg, const uint8_t *data,
|
|
86
103
|
uint8_t temp[CTR_DRBG_ENTROPY_LEN];
|
87
104
|
for (size_t i = 0; i < CTR_DRBG_ENTROPY_LEN; i += AES_BLOCK_SIZE) {
|
88
105
|
ctr32_add(drbg, 1);
|
89
|
-
drbg->block(drbg->counter
|
106
|
+
drbg->block(drbg->counter, temp + i, &drbg->ks);
|
90
107
|
}
|
91
108
|
|
92
109
|
for (size_t i = 0; i < data_len; i++) {
|
@@ -94,7 +111,7 @@ static int ctr_drbg_update(CTR_DRBG_STATE *drbg, const uint8_t *data,
|
|
94
111
|
}
|
95
112
|
|
96
113
|
drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, temp, 32);
|
97
|
-
OPENSSL_memcpy(drbg->counter
|
114
|
+
OPENSSL_memcpy(drbg->counter, temp + 32, 16);
|
98
115
|
|
99
116
|
return 1;
|
100
117
|
}
|
@@ -166,12 +183,12 @@ int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out, size_t out_len,
|
|
166
183
|
if (drbg->ctr) {
|
167
184
|
OPENSSL_memset(out, 0, todo);
|
168
185
|
ctr32_add(drbg, 1);
|
169
|
-
drbg->ctr(out, out, num_blocks, &drbg->ks, drbg->counter
|
170
|
-
ctr32_add(drbg, num_blocks - 1);
|
186
|
+
drbg->ctr(out, out, num_blocks, &drbg->ks, drbg->counter);
|
187
|
+
ctr32_add(drbg, (uint32_t)(num_blocks - 1));
|
171
188
|
} else {
|
172
189
|
for (size_t i = 0; i < todo; i += AES_BLOCK_SIZE) {
|
173
190
|
ctr32_add(drbg, 1);
|
174
|
-
drbg->block(drbg->counter
|
191
|
+
drbg->block(drbg->counter, out + i, &drbg->ks);
|
175
192
|
}
|
176
193
|
}
|
177
194
|
|
@@ -182,7 +199,7 @@ int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out, size_t out_len,
|
|
182
199
|
if (out_len > 0) {
|
183
200
|
uint8_t block[AES_BLOCK_SIZE];
|
184
201
|
ctr32_add(drbg, 1);
|
185
|
-
drbg->block(drbg->counter
|
202
|
+
drbg->block(drbg->counter, block, &drbg->ks);
|
186
203
|
|
187
204
|
OPENSSL_memcpy(out, block, out_len);
|
188
205
|
}
|
@@ -194,6 +211,7 @@ int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out, size_t out_len,
|
|
194
211
|
}
|
195
212
|
|
196
213
|
drbg->reseed_counter++;
|
214
|
+
FIPS_service_indicator_update_state();
|
197
215
|
return 1;
|
198
216
|
}
|
199
217
|
|
@@ -21,18 +21,17 @@
|
|
21
21
|
#include "fork_detect.h"
|
22
22
|
|
23
23
|
#if defined(OPENSSL_LINUX)
|
24
|
+
#include <assert.h>
|
24
25
|
#include <sys/mman.h>
|
25
26
|
#include <unistd.h>
|
26
27
|
#include <stdlib.h>
|
27
28
|
|
28
|
-
#include <openssl/type_check.h>
|
29
|
-
|
30
29
|
#include "../delocate.h"
|
31
30
|
#include "../../internal.h"
|
32
31
|
|
33
32
|
|
34
33
|
#if defined(MADV_WIPEONFORK)
|
35
|
-
|
34
|
+
static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
|
36
35
|
#else
|
37
36
|
#define MADV_WIPEONFORK 18
|
38
37
|
#endif
|
@@ -41,10 +40,11 @@ DEFINE_STATIC_ONCE(g_fork_detect_once);
|
|
41
40
|
DEFINE_STATIC_MUTEX(g_fork_detect_lock);
|
42
41
|
DEFINE_BSS_GET(volatile char *, g_fork_detect_addr);
|
43
42
|
DEFINE_BSS_GET(uint64_t, g_fork_generation);
|
44
|
-
DEFINE_BSS_GET(int,
|
43
|
+
DEFINE_BSS_GET(int, g_force_madv_wipeonfork);
|
44
|
+
DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled);
|
45
45
|
|
46
46
|
static void init_fork_detect(void) {
|
47
|
-
if (*
|
47
|
+
if (*g_force_madv_wipeonfork_bss_get()) {
|
48
48
|
return;
|
49
49
|
}
|
50
50
|
|
@@ -94,7 +94,14 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
94
94
|
// not assume that it has exclusive access to it.
|
95
95
|
volatile char *const flag_ptr = *g_fork_detect_addr_bss_get();
|
96
96
|
if (flag_ptr == NULL) {
|
97
|
-
// Our kernel is too old to support |MADV_WIPEONFORK
|
97
|
+
// Our kernel is too old to support |MADV_WIPEONFORK| or
|
98
|
+
// |g_force_madv_wipeonfork| is set.
|
99
|
+
if (*g_force_madv_wipeonfork_bss_get() &&
|
100
|
+
*g_force_madv_wipeonfork_enabled_bss_get()) {
|
101
|
+
// A constant generation number to simulate support, even if the kernel
|
102
|
+
// doesn't support it.
|
103
|
+
return 42;
|
104
|
+
}
|
98
105
|
return 0;
|
99
106
|
}
|
100
107
|
|
@@ -126,8 +133,9 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
126
133
|
return current_generation;
|
127
134
|
}
|
128
135
|
|
129
|
-
void
|
130
|
-
*
|
136
|
+
void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(int on) {
|
137
|
+
*g_force_madv_wipeonfork_bss_get() = 1;
|
138
|
+
*g_force_madv_wipeonfork_enabled_bss_get() = on;
|
131
139
|
}
|
132
140
|
|
133
141
|
#else // !OPENSSL_LINUX
|
@@ -38,9 +38,10 @@ extern "C" {
|
|
38
38
|
// should only be used as a hardening measure.
|
39
39
|
OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
|
40
40
|
|
41
|
-
//
|
41
|
+
// CRYPTO_fork_detect_force_madv_wipeonfork_for_testing is an internal detail
|
42
42
|
// used for testing purposes.
|
43
|
-
OPENSSL_EXPORT void
|
43
|
+
OPENSSL_EXPORT void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(
|
44
|
+
int on);
|
44
45
|
|
45
46
|
#if defined(__cplusplus)
|
46
47
|
} // extern C
|
@@ -30,8 +30,8 @@
|
|
30
30
|
#define EXPECTED_NR_getrandom 278
|
31
31
|
#elif defined(OPENSSL_ARM)
|
32
32
|
#define EXPECTED_NR_getrandom 384
|
33
|
-
#elif defined(
|
34
|
-
#define EXPECTED_NR_getrandom
|
33
|
+
#elif defined(OPENSSL_RISCV64)
|
34
|
+
#define EXPECTED_NR_getrandom 278
|
35
35
|
#endif
|
36
36
|
|
37
37
|
#if defined(EXPECTED_NR_getrandom)
|
@@ -16,7 +16,7 @@
|
|
16
16
|
#define OPENSSL_HEADER_CRYPTO_RAND_INTERNAL_H
|
17
17
|
|
18
18
|
#include <openssl/aes.h>
|
19
|
-
#include <openssl/
|
19
|
+
#include <openssl/ctrdrbg.h>
|
20
20
|
|
21
21
|
#include "../../internal.h"
|
22
22
|
#include "../modes/internal.h"
|
@@ -50,10 +50,10 @@ void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
|
|
50
50
|
int *out_used_cpu);
|
51
51
|
|
52
52
|
// RAND_load_entropy supplies |entropy_len| bytes of entropy to the module. The
|
53
|
-
// |
|
54
|
-
// CPU.
|
53
|
+
// |want_additional_input| parameter is true iff the entropy was obtained from
|
54
|
+
// a source other than the system, e.g. directly from the CPU.
|
55
55
|
void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
|
56
|
-
int
|
56
|
+
int want_additional_input);
|
57
57
|
|
58
58
|
// RAND_need_entropy is implemented outside of the FIPS module and is called
|
59
59
|
// when the module has stopped because it has run out of entropy.
|
@@ -96,20 +96,13 @@ int rand_fork_unsafe_buffering_enabled(void);
|
|
96
96
|
|
97
97
|
// CTR_DRBG_STATE contains the state of a CTR_DRBG based on AES-256. See SP
|
98
98
|
// 800-90Ar1.
|
99
|
-
|
99
|
+
struct ctr_drbg_state_st {
|
100
100
|
AES_KEY ks;
|
101
101
|
block128_f block;
|
102
102
|
ctr128_f ctr;
|
103
|
-
|
104
|
-
uint8_t bytes[16];
|
105
|
-
uint32_t words[4];
|
106
|
-
} counter;
|
103
|
+
uint8_t counter[16];
|
107
104
|
uint64_t reseed_counter;
|
108
|
-
}
|
109
|
-
|
110
|
-
// See SP 800-90Ar1, table 3.
|
111
|
-
#define CTR_DRBG_ENTROPY_LEN 48
|
112
|
-
#define CTR_DRBG_MAX_GENERATE_LENGTH 65536
|
105
|
+
};
|
113
106
|
|
114
107
|
// CTR_DRBG_init initialises |*drbg| given |CTR_DRBG_ENTROPY_LEN| bytes of
|
115
108
|
// entropy in |entropy| and, optionally, a personalization string up to
|
@@ -120,39 +113,17 @@ OPENSSL_EXPORT int CTR_DRBG_init(CTR_DRBG_STATE *drbg,
|
|
120
113
|
const uint8_t *personalization,
|
121
114
|
size_t personalization_len);
|
122
115
|
|
123
|
-
// CTR_DRBG_reseed reseeds |drbg| given |CTR_DRBG_ENTROPY_LEN| bytes of entropy
|
124
|
-
// in |entropy| and, optionally, up to |CTR_DRBG_ENTROPY_LEN| bytes of
|
125
|
-
// additional data. It returns one on success or zero on error.
|
126
|
-
OPENSSL_EXPORT int CTR_DRBG_reseed(CTR_DRBG_STATE *drbg,
|
127
|
-
const uint8_t entropy[CTR_DRBG_ENTROPY_LEN],
|
128
|
-
const uint8_t *additional_data,
|
129
|
-
size_t additional_data_len);
|
130
|
-
|
131
|
-
// CTR_DRBG_generate processes to up |CTR_DRBG_ENTROPY_LEN| bytes of additional
|
132
|
-
// data (if any) and then writes |out_len| random bytes to |out|, where
|
133
|
-
// |out_len| <= |CTR_DRBG_MAX_GENERATE_LENGTH|. It returns one on success or
|
134
|
-
// zero on error.
|
135
|
-
OPENSSL_EXPORT int CTR_DRBG_generate(CTR_DRBG_STATE *drbg, uint8_t *out,
|
136
|
-
size_t out_len,
|
137
|
-
const uint8_t *additional_data,
|
138
|
-
size_t additional_data_len);
|
139
|
-
|
140
|
-
// CTR_DRBG_clear zeroises the state of |drbg|.
|
141
|
-
OPENSSL_EXPORT void CTR_DRBG_clear(CTR_DRBG_STATE *drbg);
|
142
|
-
|
143
|
-
|
144
116
|
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
|
145
117
|
|
146
118
|
OPENSSL_INLINE int have_rdrand(void) {
|
147
|
-
return (
|
119
|
+
return CRYPTO_is_RDRAND_capable();
|
148
120
|
}
|
149
121
|
|
150
122
|
// have_fast_rdrand returns true if RDRAND is supported and it's reasonably
|
151
123
|
// fast. Concretely the latter is defined by whether the chip is Intel (fast) or
|
152
124
|
// not (assumed slow).
|
153
125
|
OPENSSL_INLINE int have_fast_rdrand(void) {
|
154
|
-
|
155
|
-
return (ia32cap[1] & (1u << 30)) && (ia32cap[0] & (1u << 30));
|
126
|
+
return CRYPTO_is_RDRAND_capable() && CRYPTO_is_intel_cpu();
|
156
127
|
}
|
157
128
|
|
158
129
|
// CRYPTO_rdrand writes eight bytes of random data from the hardware RNG to
|