grpc 1.53.1 → 1.54.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (689) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +78 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/support/port_platform.h +4 -4
  6. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  7. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  8. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  9. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  10. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  11. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  12. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  13. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  14. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  16. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  17. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
  18. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  19. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  20. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  21. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  22. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  24. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  25. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  26. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  27. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  28. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  29. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  30. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  31. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  32. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  33. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  34. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  35. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  36. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  37. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  38. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  39. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  40. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  41. data/src/core/ext/gcp/metadata_query.cc +142 -0
  42. data/src/core/ext/gcp/metadata_query.h +82 -0
  43. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  44. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
  45. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
  46. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
  47. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  48. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  49. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
  52. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
  53. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
  56. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
  57. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
  58. data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
  59. data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
  60. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  61. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  62. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  63. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  64. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  65. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  67. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  68. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  69. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  70. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  71. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  72. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  73. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  74. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  75. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  76. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  77. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  78. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  79. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  80. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  81. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  82. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  83. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  84. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  85. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  86. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  87. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  88. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  89. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  90. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  91. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  92. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  94. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  95. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  96. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  97. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  98. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  99. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  100. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  101. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  102. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  103. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  104. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  105. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  106. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  107. data/src/core/ext/xds/xds_client_stats.h +24 -20
  108. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  109. data/src/core/ext/xds/xds_endpoint.h +9 -1
  110. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  111. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  112. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  113. data/src/core/lib/channel/call_finalization.h +1 -1
  114. data/src/core/lib/channel/call_tracer.cc +51 -0
  115. data/src/core/lib/channel/call_tracer.h +101 -38
  116. data/src/core/lib/channel/connected_channel.cc +483 -1050
  117. data/src/core/lib/channel/context.h +8 -1
  118. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  119. data/src/core/lib/channel/promise_based_filter.h +27 -13
  120. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  121. data/src/core/lib/config/config_vars.cc +151 -0
  122. data/src/core/lib/config/config_vars.h +127 -0
  123. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  124. data/src/core/lib/config/load_config.cc +66 -0
  125. data/src/core/lib/config/load_config.h +49 -0
  126. data/src/core/lib/debug/trace.cc +5 -6
  127. data/src/core/lib/debug/trace.h +0 -5
  128. data/src/core/lib/event_engine/event_engine.cc +37 -2
  129. data/src/core/lib/event_engine/handle_containers.h +7 -22
  130. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  131. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  132. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  133. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  134. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  135. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  136. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
  137. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  138. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  139. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  140. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  141. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  142. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  143. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  144. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  145. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  146. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  147. data/src/core/lib/experiments/config.cc +3 -10
  148. data/src/core/lib/experiments/experiments.cc +7 -0
  149. data/src/core/lib/experiments/experiments.h +9 -1
  150. data/src/core/lib/gpr/log.cc +15 -28
  151. data/src/core/lib/gprpp/fork.cc +8 -14
  152. data/src/core/lib/gprpp/orphanable.h +4 -3
  153. data/src/core/lib/gprpp/per_cpu.h +9 -3
  154. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  155. data/src/core/lib/gprpp/ref_counted.h +33 -34
  156. data/src/core/lib/gprpp/thd.h +16 -0
  157. data/src/core/lib/gprpp/time.cc +1 -0
  158. data/src/core/lib/gprpp/time.h +4 -4
  159. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  160. data/src/core/lib/iomgr/call_combiner.h +2 -2
  161. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  162. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  163. data/src/core/lib/iomgr/ev_posix.h +0 -3
  164. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  165. data/src/core/lib/iomgr/iomgr.cc +4 -8
  166. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  167. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  168. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  169. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  170. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  171. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  172. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
  173. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  174. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  175. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  176. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  177. data/src/core/lib/promise/activity.cc +22 -6
  178. data/src/core/lib/promise/activity.h +61 -24
  179. data/src/core/lib/promise/cancel_callback.h +77 -0
  180. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  181. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  182. data/src/core/lib/promise/for_each.h +176 -0
  183. data/src/core/lib/promise/if.h +9 -0
  184. data/src/core/lib/promise/interceptor_list.h +23 -2
  185. data/src/core/lib/promise/latch.h +89 -3
  186. data/src/core/lib/promise/loop.h +13 -9
  187. data/src/core/lib/promise/map.h +7 -0
  188. data/src/core/lib/promise/party.cc +286 -0
  189. data/src/core/lib/promise/party.h +499 -0
  190. data/src/core/lib/promise/pipe.h +197 -57
  191. data/src/core/lib/promise/poll.h +48 -0
  192. data/src/core/lib/promise/promise.h +2 -2
  193. data/src/core/lib/resource_quota/arena.cc +19 -3
  194. data/src/core/lib/resource_quota/arena.h +119 -5
  195. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  196. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  197. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  198. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  199. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  200. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  201. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  202. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  203. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  204. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  205. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  206. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  207. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  208. data/src/core/lib/slice/slice.cc +1 -1
  209. data/src/core/lib/surface/builtins.cc +2 -0
  210. data/src/core/lib/surface/call.cc +926 -1024
  211. data/src/core/lib/surface/call.h +10 -0
  212. data/src/core/lib/surface/lame_client.cc +1 -0
  213. data/src/core/lib/surface/validate_metadata.cc +42 -43
  214. data/src/core/lib/surface/validate_metadata.h +0 -9
  215. data/src/core/lib/surface/version.cc +2 -2
  216. data/src/core/lib/transport/batch_builder.cc +179 -0
  217. data/src/core/lib/transport/batch_builder.h +468 -0
  218. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  219. data/src/core/lib/transport/bdp_estimator.h +10 -6
  220. data/src/core/lib/transport/custom_metadata.h +30 -0
  221. data/src/core/lib/transport/metadata_batch.cc +5 -2
  222. data/src/core/lib/transport/metadata_batch.h +17 -113
  223. data/src/core/lib/transport/parsed_metadata.h +6 -16
  224. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  225. data/src/core/lib/transport/transport.cc +30 -2
  226. data/src/core/lib/transport/transport.h +70 -14
  227. data/src/core/lib/transport/transport_impl.h +7 -0
  228. data/src/core/lib/transport/transport_op_string.cc +52 -42
  229. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  230. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  231. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  232. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  233. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  234. data/src/core/tsi/ssl_transport_security.cc +4 -2
  235. data/src/ruby/lib/grpc/version.rb +1 -1
  236. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  237. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  238. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  239. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  240. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  241. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  242. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  243. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  244. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  245. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  246. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  247. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  248. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  249. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  250. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  251. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  252. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  253. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  254. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  255. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  256. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  257. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  258. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  259. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  260. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  261. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  262. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  263. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  264. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  265. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  266. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  267. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  268. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  269. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  288. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  289. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  290. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  291. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  292. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  293. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  294. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  295. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  296. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  297. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  298. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  299. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  300. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  301. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  302. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  303. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  304. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  305. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  306. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  307. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  308. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  309. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  310. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  311. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  312. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  313. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  314. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  315. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  316. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  317. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  318. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  319. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  320. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  321. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  322. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  323. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  324. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  325. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  326. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  327. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  328. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  329. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  330. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  331. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  332. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  333. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  334. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  335. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  336. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  337. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  338. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  339. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  340. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  341. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  342. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  343. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  344. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  345. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  346. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  347. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  348. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  349. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  350. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  351. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  352. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  353. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  354. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  355. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  363. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  364. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  365. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  366. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  367. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  368. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  369. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  370. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  371. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  372. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  373. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  396. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  403. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  446. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  447. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  448. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  449. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  450. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  451. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  452. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  454. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  455. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  456. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  457. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  458. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  459. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  460. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  461. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  462. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  463. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  464. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  465. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  466. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  467. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  468. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  469. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  470. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  471. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  472. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  473. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  474. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  475. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  476. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  477. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  478. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  479. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  480. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  481. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  482. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  483. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  484. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  485. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  486. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  487. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  488. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  489. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  490. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  491. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  532. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  533. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  534. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  535. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  536. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  557. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  558. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  559. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  560. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  561. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  562. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  563. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  564. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  565. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  566. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  567. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  568. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  569. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  570. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  571. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  572. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  573. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  574. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  575. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  576. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  577. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  578. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  579. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  580. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  581. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  582. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  583. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  584. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  585. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  586. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  587. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  588. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  589. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  591. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  592. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  593. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  594. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  595. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  596. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  597. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  598. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  599. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  600. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  601. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  602. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  603. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  604. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  605. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  606. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  607. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  608. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  609. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  610. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  611. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  612. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  613. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  614. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  615. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  616. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  617. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  618. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  619. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  620. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  621. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  622. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  623. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  624. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  625. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  630. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  631. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  632. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  633. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  634. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  635. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  636. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  637. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  638. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  639. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  640. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  641. metadata +103 -70
  642. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  643. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  644. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
  645. data/src/core/lib/gprpp/global_config.h +0 -93
  646. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  647. data/src/core/lib/gprpp/global_config_env.h +0 -133
  648. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  649. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  650. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  651. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  652. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  653. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  654. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  655. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  656. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  657. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  658. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  659. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  660. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  661. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  662. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  663. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  664. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  665. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  666. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  667. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  668. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  669. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  670. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  671. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  672. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  673. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  674. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  675. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  676. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  677. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  678. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  679. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  680. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  681. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  682. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  683. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  684. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  685. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  686. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  687. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  688. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  689. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -20,20 +20,24 @@
20
20
  #include <openssl/aead.h>
21
21
  #include <openssl/aes.h>
22
22
  #include <openssl/bn.h>
23
- #include <openssl/des.h>
23
+ #include <openssl/ctrdrbg.h>
24
24
  #include <openssl/dh.h>
25
25
  #include <openssl/digest.h>
26
26
  #include <openssl/ec.h>
27
27
  #include <openssl/ecdsa.h>
28
28
  #include <openssl/ec_key.h>
29
+ #include <openssl/hmac.h>
29
30
  #include <openssl/nid.h>
30
31
  #include <openssl/rsa.h>
31
32
  #include <openssl/sha.h>
32
33
 
33
34
  #include "../../internal.h"
35
+ #include "../dh/internal.h"
34
36
  #include "../ec/internal.h"
35
37
  #include "../ecdsa/internal.h"
36
38
  #include "../rand/internal.h"
39
+ #include "../rsa/internal.h"
40
+ #include "../service_indicator/internal.h"
37
41
  #include "../tls/internal.h"
38
42
 
39
43
 
@@ -47,21 +51,6 @@ int BORINGSSL_self_test(void) {
47
51
 
48
52
  #else
49
53
 
50
- #if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID)
51
- // FIPS builds on Android will test for flag files, named after the module hash,
52
- // in /dev/boringssl/selftest/. If such a flag file exists, it's assumed that
53
- // self-tests have already passed and thus do not need to be repeated. (The
54
- // integrity tests always run, however.)
55
- //
56
- // If self-tests complete successfully and the environment variable named in
57
- // |kFlagWriteEnableEnvVar| is present, then the flag file will be created. The
58
- // flag file isn't written without the environment variable being set in order
59
- // to avoid SELinux violations on Android.
60
- #define BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
61
- static const char kFlagPrefix[] = "/dev/boringssl/selftest/";
62
- static const char kFlagWriteEnableEnvVar[] = "BORINGSSL_SELF_TEST_CREATE_FLAG";
63
- #endif
64
-
65
54
  static void hexdump(const uint8_t *in, size_t len) {
66
55
  for (size_t i = 0; i < len; i++) {
67
56
  fprintf(stderr, "%02x", in[i]);
@@ -71,7 +60,7 @@ static void hexdump(const uint8_t *in, size_t len) {
71
60
  static int check_test(const void *expected, const void *actual,
72
61
  size_t expected_len, const char *name) {
73
62
  if (OPENSSL_memcmp(actual, expected, expected_len) != 0) {
74
- fprintf(stderr, "%s failed.\nExpected: ", name);
63
+ fprintf(stderr, "%s failed.\nExpected: ", name);
75
64
  hexdump(expected, expected_len);
76
65
  fprintf(stderr, "\nCalculated: ");
77
66
  hexdump(actual, expected_len);
@@ -87,6 +76,28 @@ static int set_bignum(BIGNUM **out, const uint8_t *in, size_t len) {
87
76
  return *out != NULL;
88
77
  }
89
78
 
79
+ static int serialize_ecdsa_sig(uint8_t *out, size_t out_len,
80
+ const ECDSA_SIG *sig) {
81
+ if ((out_len & 1) || //
82
+ !BN_bn2bin_padded(out, out_len / 2, sig->r) ||
83
+ !BN_bn2bin_padded(out + out_len / 2, out_len / 2, sig->s)) {
84
+ return 0;
85
+ }
86
+ return 1;
87
+ }
88
+
89
+ static ECDSA_SIG *parse_ecdsa_sig(const uint8_t *in, size_t in_len) {
90
+ ECDSA_SIG *ret = ECDSA_SIG_new();
91
+ if (!ret || //
92
+ (in_len & 1) ||
93
+ BN_bin2bn(in, in_len/2, ret->r) == NULL ||
94
+ BN_bin2bn(in + in_len/2, in_len/2, ret->s) == NULL) {
95
+ ECDSA_SIG_free(ret);
96
+ ret = NULL;
97
+ }
98
+ return ret;
99
+ }
100
+
90
101
  static RSA *self_test_rsa_key(void) {
91
102
  static const uint8_t kN[] = {
92
103
  0xd3, 0x3a, 0x62, 0x9f, 0x07, 0x77, 0xb0, 0x18, 0xf3, 0xff, 0xfe, 0xcc,
@@ -289,195 +300,188 @@ err:
289
300
  return NULL;
290
301
  }
291
302
 
292
- #if defined(OPENSSL_ANDROID)
293
- #define MODULE_DIGEST_SIZE SHA256_DIGEST_LENGTH
294
- #else
295
- #define MODULE_DIGEST_SIZE SHA512_DIGEST_LENGTH
296
- #endif
297
303
 
298
- int boringssl_fips_self_test(
299
- const uint8_t *module_hash, size_t module_hash_len) {
300
- #if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)
301
- char flag_path[sizeof(kFlagPrefix) + 2 * MODULE_DIGEST_SIZE];
302
- if (module_hash_len != 0) {
303
- if (module_hash_len != MODULE_DIGEST_SIZE) {
304
- fprintf(stderr,
305
- "module hash of length %zu does not match expected length %d\n",
306
- module_hash_len, MODULE_DIGEST_SIZE);
307
- BORINGSSL_FIPS_abort();
308
- }
309
-
310
- // Test whether the flag file exists.
311
- memcpy(flag_path, kFlagPrefix, sizeof(kFlagPrefix) - 1);
312
- static const char kHexTable[17] = "0123456789abcdef";
313
- for (size_t i = 0; i < MODULE_DIGEST_SIZE; i++) {
314
- flag_path[sizeof(kFlagPrefix) - 1 + 2 * i] =
315
- kHexTable[module_hash[i] >> 4];
316
- flag_path[sizeof(kFlagPrefix) - 1 + 2 * i + 1] =
317
- kHexTable[module_hash[i] & 15];
318
- }
319
- flag_path[sizeof(flag_path) - 1] = 0;
320
-
321
- if (access(flag_path, F_OK) == 0) {
322
- // Flag file found. Skip self-tests.
323
- return 1;
324
- }
325
- }
326
- #endif // BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
304
+ // Lazy self-tests
305
+ //
306
+ // Self tests that are slow are deferred until the corresponding algorithm is
307
+ // actually exercised, in FIPS mode. (In non-FIPS mode these tests are only run
308
+ // when requested by |BORINGSSL_self_test|.)
327
309
 
328
- static const uint8_t kAESKey[16] = "BoringCrypto Key";
329
- static const uint8_t kAESIV[16] = {0};
330
- static const uint8_t kPlaintext[64] =
331
- "BoringCryptoModule FIPS KAT Encryption and Decryption Plaintext!";
332
- static const uint8_t kAESCBCCiphertext[64] = {
333
- 0x87, 0x2d, 0x98, 0xc2, 0xcc, 0x31, 0x5b, 0x41, 0xe0, 0xfa, 0x7b,
334
- 0x0a, 0x71, 0xc0, 0x42, 0xbf, 0x4f, 0x61, 0xd0, 0x0d, 0x58, 0x8c,
335
- 0xf7, 0x05, 0xfb, 0x94, 0x89, 0xd3, 0xbc, 0xaa, 0x1a, 0x50, 0x45,
336
- 0x1f, 0xc3, 0x8c, 0xb8, 0x98, 0x86, 0xa3, 0xe3, 0x6c, 0xfc, 0xad,
337
- 0x3a, 0xb5, 0x59, 0x27, 0x7d, 0x21, 0x07, 0xca, 0x4c, 0x1d, 0x55,
338
- 0x34, 0xdd, 0x5a, 0x2d, 0xc4, 0xb4, 0xf5, 0xa8,
339
- #if !defined(BORINGSSL_FIPS_BREAK_AES_CBC)
340
- 0x35
341
- #else
342
- 0x00
343
- #endif
344
- };
345
- static const uint8_t kAESGCMCiphertext[80] = {
346
- 0x4a, 0xd8, 0xe7, 0x7d, 0x78, 0xd7, 0x7d, 0x5e, 0xb2, 0x11, 0xb6, 0xc9,
347
- 0xa4, 0xbc, 0xb2, 0xae, 0xbe, 0x93, 0xd1, 0xb7, 0xfe, 0x65, 0xc1, 0x82,
348
- 0x2a, 0xb6, 0x71, 0x5f, 0x1a, 0x7c, 0xe0, 0x1b, 0x2b, 0xe2, 0x53, 0xfa,
349
- 0xa0, 0x47, 0xfa, 0xd7, 0x8f, 0xb1, 0x4a, 0xc4, 0xdc, 0x89, 0xf9, 0xb4,
350
- 0x14, 0x4d, 0xde, 0x95, 0xea, 0x29, 0x69, 0x76, 0x81, 0xa3, 0x5c, 0x33,
351
- 0xd8, 0x37, 0xd8, 0xfa, 0x47, 0x19, 0x46, 0x2f, 0xf1, 0x90, 0xb7, 0x61,
352
- 0x8f, 0x6f, 0xdd, 0x31, 0x3f, 0x6a, 0x64,
353
- #if !defined(BORINGSSL_FIPS_BREAK_AES_GCM)
354
- 0x0d
355
- #else
356
- 0x00
357
- #endif
310
+ static int boringssl_self_test_rsa(void) {
311
+ int ret = 0;
312
+ uint8_t output[256];
313
+
314
+ RSA *const rsa_key = self_test_rsa_key();
315
+ if (rsa_key == NULL) {
316
+ fprintf(stderr, "RSA key construction failed\n");
317
+ goto err;
318
+ }
319
+ // Disable blinding for the power-on tests because it's not needed and
320
+ // triggers an entropy draw.
321
+ rsa_key->flags |= RSA_FLAG_NO_BLINDING;
322
+
323
+ // RSA Sign KAT
324
+
325
+ static const uint8_t kRSASignDigest[32] = {
326
+ 0xd2, 0xb5, 0x6e, 0x53, 0x30, 0x6f, 0x72, 0x0d, 0x79, 0x29, 0xd8,
327
+ 0x70, 0x8b, 0xf4, 0x6f, 0x1c, 0x22, 0x30, 0x03, 0x05, 0x58, 0x2b,
328
+ 0x11, 0x5b, 0xed, 0xca, 0xc7, 0x22, 0xd8, 0xaa, 0x5a, 0xb2,
358
329
  };
359
- static const DES_cblock kDESKey1 = {"BCMDESK1"};
360
- static const DES_cblock kDESKey2 = {"BCMDESK2"};
361
- static const DES_cblock kDESKey3 = {"BCMDESK3"};
362
- static const DES_cblock kDESIV = {"BCMDESIV"};
363
- static const uint8_t kDESCiphertext[64] = {
364
- 0xa4, 0x30, 0x7a, 0x4c, 0x1f, 0x60, 0x16, 0xd7, 0x4f, 0x41, 0xe1,
365
- 0xbb, 0x27, 0xc4, 0x27, 0x37, 0xd4, 0x7f, 0xb9, 0x10, 0xf8, 0xbc,
366
- 0xaf, 0x93, 0x91, 0xb8, 0x88, 0x24, 0xb1, 0xf6, 0xf8, 0xbd, 0x31,
367
- 0x96, 0x06, 0x76, 0xde, 0x32, 0xcd, 0x29, 0x29, 0xba, 0x70, 0x5f,
368
- 0xea, 0xc0, 0xcb, 0xde, 0xc7, 0x75, 0x90, 0xe0, 0x0f, 0x5e, 0x2c,
369
- 0x0d, 0x49, 0x20, 0xd5, 0x30, 0x83, 0xf8, 0x08,
370
- #if !defined(BORINGSSL_FIPS_BREAK_DES)
371
- 0x5a
372
- #else
373
- 0x00
374
- #endif
330
+ static const uint8_t kRSASignSignature[256] = {
331
+ 0x64, 0xce, 0xdd, 0x91, 0x27, 0xb0, 0x4f, 0xb9, 0x14, 0xea, 0xc0, 0xb4,
332
+ 0xa2, 0x06, 0xc5, 0xd8, 0x40, 0x0f, 0x6c, 0x54, 0xac, 0xf7, 0x02, 0xde,
333
+ 0x26, 0xbb, 0xfd, 0x33, 0xe5, 0x2f, 0x4d, 0xb1, 0x53, 0xc4, 0xff, 0xd0,
334
+ 0x5f, 0xea, 0x15, 0x89, 0x83, 0x4c, 0xe3, 0x80, 0x0b, 0xe9, 0x13, 0x82,
335
+ 0x1d, 0x71, 0x92, 0x1a, 0x03, 0x60, 0x2c, 0xaf, 0xe2, 0x16, 0xc7, 0x43,
336
+ 0x3f, 0xde, 0x6b, 0x94, 0xfd, 0x6e, 0x08, 0x7b, 0x11, 0xf1, 0x34, 0x52,
337
+ 0xe5, 0xc0, 0x97, 0x66, 0x4a, 0xe0, 0x91, 0x45, 0xc8, 0xb1, 0x3d, 0x6a,
338
+ 0x54, 0xc1, 0x32, 0x0f, 0x32, 0xad, 0x25, 0x11, 0x3e, 0x49, 0xad, 0x41,
339
+ 0xce, 0x7b, 0xca, 0x95, 0x6b, 0x54, 0x5e, 0x86, 0x1b, 0xce, 0xfa, 0x2a,
340
+ 0x60, 0xe8, 0xfa, 0xbb, 0x23, 0xb2, 0x41, 0xbc, 0x7c, 0x98, 0xec, 0x73,
341
+ 0x20, 0xed, 0xb3, 0xcf, 0xab, 0x07, 0x24, 0x85, 0x6a, 0x2a, 0x61, 0x76,
342
+ 0x28, 0xf8, 0x00, 0x80, 0xeb, 0xd9, 0x3a, 0x63, 0xe2, 0x01, 0xb1, 0xee,
343
+ 0x6d, 0xe9, 0x73, 0xe9, 0xb6, 0x75, 0x2e, 0xf9, 0x81, 0xd9, 0xa8, 0x79,
344
+ 0xf6, 0x8f, 0xe3, 0x02, 0x7d, 0xf6, 0xea, 0xdc, 0x35, 0xe4, 0x62, 0x0d,
345
+ 0x91, 0xba, 0x3e, 0x7d, 0x8b, 0x82, 0xbf, 0x15, 0x74, 0x6a, 0x4e, 0x29,
346
+ 0xf8, 0x9b, 0x2c, 0x94, 0x8d, 0xa7, 0x00, 0x4d, 0x7b, 0xbf, 0x35, 0x07,
347
+ 0xeb, 0xdd, 0x10, 0xef, 0xd5, 0x2f, 0xe6, 0x98, 0x4b, 0x7e, 0x24, 0x80,
348
+ 0xe2, 0x01, 0xf2, 0x66, 0xb7, 0xd3, 0x93, 0xfe, 0x2a, 0xb3, 0x74, 0xed,
349
+ 0xec, 0x4b, 0xb1, 0x5f, 0x5f, 0xee, 0x85, 0x44, 0xa7, 0x26, 0xdf, 0xc1,
350
+ 0x2e, 0x7a, 0xf3, 0xa5, 0x8f, 0xf8, 0x64, 0xda, 0x65, 0xad, 0x91, 0xe2,
351
+ 0x90, 0x94, 0x20, 0x16, 0xb8, 0x61, 0xa5, 0x0a, 0x7d, 0xb4, 0xbf, 0xc0,
352
+ 0x10, 0xaf, 0x72, 0x67,
375
353
  };
376
- static const uint8_t kPlaintextSHA1[20] = {
377
- 0xc6, 0xf8, 0xc9, 0x63, 0x1c, 0x14, 0x23, 0x62, 0x9b, 0xbd,
378
- 0x55, 0x82, 0xf4, 0xd6, 0x1d, 0xf2, 0xab, 0x7d, 0xc8,
379
- #if !defined(BORINGSSL_FIPS_BREAK_SHA_1)
380
- 0x28
381
- #else
382
- 0x00
383
- #endif
354
+
355
+ unsigned sig_len;
356
+ if (!rsa_sign_no_self_test(NID_sha256, kRSASignDigest, sizeof(kRSASignDigest),
357
+ output, &sig_len, rsa_key) ||
358
+ !check_test(kRSASignSignature, output, sizeof(kRSASignSignature),
359
+ "RSA-sign KAT")) {
360
+ fprintf(stderr, "RSA signing test failed.\n");
361
+ goto err;
362
+ }
363
+
364
+ // RSA Verify KAT
365
+
366
+ static const uint8_t kRSAVerifyDigest[32] = {
367
+ 0x09, 0x65, 0x2f, 0xd8, 0xed, 0x9d, 0xc2, 0x6d, 0xbc, 0xbf, 0xf2,
368
+ 0xa7, 0xa5, 0xed, 0xe1, 0x37, 0x13, 0x78, 0x21, 0x36, 0xcf, 0x8d,
369
+ 0x22, 0x3d, 0xab, 0x93, 0xb4, 0x12, 0xa8, 0xb5, 0x15, 0x53,
384
370
  };
385
- static const uint8_t kPlaintextSHA256[32] = {
386
- 0x37, 0xbd, 0x70, 0x53, 0x72, 0xfc, 0xd4, 0x03, 0x79, 0x70, 0xfb,
387
- 0x06, 0x95, 0xb1, 0x2a, 0x82, 0x48, 0xe1, 0x3e, 0xf2, 0x33, 0xfb,
388
- 0xef, 0x29, 0x81, 0x22, 0x45, 0x40, 0x43, 0x70, 0xce,
389
- #if !defined(BORINGSSL_FIPS_BREAK_SHA_256)
390
- 0x0f
391
- #else
392
- 0x00
393
- #endif
371
+ static const uint8_t kRSAVerifySignature[256] = {
372
+ 0xab, 0xe2, 0xcb, 0xc1, 0x3d, 0x6b, 0xd3, 0x9d, 0x48, 0xdb, 0x53, 0x34,
373
+ 0xdd, 0xbf, 0x8d, 0x07, 0x0a, 0x93, 0xbd, 0xcb, 0x10, 0x4e, 0x2c, 0xc5,
374
+ 0xd0, 0xee, 0x48, 0x6e, 0xe2, 0x95, 0xf6, 0xb3, 0x1b, 0xda, 0x12, 0x6c,
375
+ 0x41, 0x89, 0x0b, 0x98, 0xb7, 0x3e, 0x70, 0xe6, 0xb6, 0x5d, 0x82, 0xf9,
376
+ 0x5c, 0x66, 0x31, 0x21, 0x75, 0x5a, 0x90, 0x74, 0x4c, 0x8d, 0x1c, 0x21,
377
+ 0x14, 0x8a, 0x19, 0x60, 0xbe, 0x0e, 0xca, 0x44, 0x6e, 0x9f, 0xf4, 0x97,
378
+ 0xf1, 0x34, 0x5c, 0x53, 0x7e, 0xf8, 0x11, 0x9b, 0x9a, 0x43, 0x98, 0xe9,
379
+ 0x5c, 0x5c, 0x6d, 0xe2, 0xb1, 0xc9, 0x55, 0x90, 0x5c, 0x52, 0x99, 0xd8,
380
+ 0xce, 0x7a, 0x3b, 0x6a, 0xb7, 0x63, 0x80, 0xd9, 0xba, 0xbd, 0xd1, 0x5f,
381
+ 0x61, 0x02, 0x37, 0xe1, 0xf3, 0xf2, 0xaa, 0x1c, 0x1f, 0x1e, 0x77, 0x0b,
382
+ 0x62, 0xfb, 0xb5, 0x96, 0x38, 0x1b, 0x2e, 0xbd, 0xd7, 0x7e, 0xce, 0xf9,
383
+ 0xc9, 0x0d, 0x4c, 0x92, 0xf7, 0xb6, 0xb0, 0x5f, 0xed, 0x29, 0x36, 0x28,
384
+ 0x5f, 0xa9, 0x48, 0x26, 0xe6, 0x20, 0x55, 0x32, 0x2a, 0x33, 0xb6, 0xf0,
385
+ 0x4c, 0x74, 0xce, 0x69, 0xe5, 0xd8, 0xd7, 0x37, 0xfb, 0x83, 0x8b, 0x79,
386
+ 0xd2, 0xd4, 0x8e, 0x3d, 0xaf, 0x71, 0x38, 0x75, 0x31, 0x88, 0x25, 0x31,
387
+ 0xa9, 0x5a, 0xc9, 0x64, 0xd0, 0x2e, 0xa4, 0x13, 0xbf, 0x85, 0x95, 0x29,
388
+ 0x82, 0xbb, 0xc0, 0x89, 0x52, 0x7d, 0xaf, 0xf5, 0xb8, 0x45, 0xc9, 0xa0,
389
+ 0xf4, 0xd1, 0x4e, 0xf1, 0x95, 0x6d, 0x9c, 0x3a, 0xca, 0xe8, 0x82, 0xd1,
390
+ 0x2d, 0xa6, 0x6d, 0xa0, 0xf3, 0x57, 0x94, 0xf5, 0xee, 0x32, 0x23, 0x23,
391
+ 0x33, 0x51, 0x7d, 0xb9, 0x31, 0x52, 0x32, 0xa1, 0x83, 0xb9, 0x91, 0x65,
392
+ 0x4d, 0xbe, 0xa4, 0x16, 0x15, 0x34, 0x5c, 0x88, 0x53, 0x25, 0x92, 0x67,
393
+ 0x44, 0xa5, 0x39, 0x15,
394
394
  };
395
- static const uint8_t kPlaintextSHA512[64] = {
396
- 0x08, 0x6a, 0x1c, 0x84, 0x61, 0x9d, 0x8e, 0xb3, 0xc0, 0x97, 0x4e,
397
- 0xa1, 0x9f, 0x9c, 0xdc, 0xaf, 0x3b, 0x5c, 0x31, 0xf0, 0xf2, 0x74,
398
- 0xc3, 0xbd, 0x6e, 0xd6, 0x1e, 0xb2, 0xbb, 0x34, 0x74, 0x72, 0x5c,
399
- 0x51, 0x29, 0x8b, 0x87, 0x3a, 0xa3, 0xf2, 0x25, 0x23, 0xd4, 0x1c,
400
- 0x82, 0x1b, 0xfe, 0xd3, 0xc6, 0xee, 0xb5, 0xd6, 0xaf, 0x07, 0x7b,
401
- 0x98, 0xca, 0xa7, 0x01, 0xf3, 0x94, 0xf3, 0x68,
402
- #if !defined(BORINGSSL_FIPS_BREAK_SHA_512)
403
- 0x14
404
- #else
405
- 0x00
406
- #endif
395
+ if (!rsa_verify_no_self_test(NID_sha256, kRSAVerifyDigest,
396
+ sizeof(kRSAVerifyDigest), kRSAVerifySignature,
397
+ sizeof(kRSAVerifySignature), rsa_key)) {
398
+ fprintf(stderr, "RSA-verify KAT failed.\n");
399
+ goto err;
400
+ }
401
+
402
+ ret = 1;
403
+
404
+ err:
405
+ RSA_free(rsa_key);
406
+
407
+ return ret;
408
+ }
409
+
410
+ static int boringssl_self_test_ecc(void) {
411
+ int ret = 0;
412
+ EC_KEY *ec_key = NULL;
413
+ EC_GROUP *ec_group = NULL;
414
+ EC_POINT *ec_point_in = NULL;
415
+ EC_POINT *ec_point_out = NULL;
416
+ BIGNUM *ec_scalar = NULL;
417
+ ECDSA_SIG *sig = NULL;
418
+
419
+ ec_key = self_test_ecdsa_key();
420
+ if (ec_key == NULL) {
421
+ fprintf(stderr, "ECDSA KeyGen failed\n");
422
+ goto err;
423
+ }
424
+
425
+ // ECDSA Sign/Verify KAT
426
+
427
+ static const uint8_t kECDSASignDigest[32] = {
428
+ 0x1e, 0x35, 0x93, 0x0b, 0xe8, 0x60, 0xd0, 0x94, 0x2c, 0xa7, 0xbb,
429
+ 0xd6, 0xf6, 0xde, 0xd8, 0x7f, 0x15, 0x7e, 0x4d, 0xe2, 0x4f, 0x81,
430
+ 0xed, 0x4b, 0x87, 0x5c, 0x0e, 0x01, 0x8e, 0x89, 0xa8, 0x1f,
407
431
  };
408
- static const uint8_t kRSASignature[256] = {
409
- 0x62, 0x66, 0x4b, 0xe3, 0xb1, 0xd2, 0x83, 0xf1, 0xa8, 0x56, 0x2b, 0x33,
410
- 0x60, 0x1e, 0xdb, 0x1e, 0x06, 0xf7, 0xa7, 0x1e, 0xa8, 0xef, 0x03, 0x4d,
411
- 0x0c, 0xf6, 0x83, 0x75, 0x7a, 0xf0, 0x14, 0xc7, 0xe2, 0x94, 0x3a, 0xb5,
412
- 0x67, 0x56, 0xa5, 0x48, 0x7f, 0x3a, 0xa5, 0xbf, 0xf7, 0x1d, 0x44, 0xa6,
413
- 0x34, 0xed, 0x9b, 0xd6, 0x51, 0xaa, 0x2c, 0x4e, 0xce, 0x60, 0x5f, 0xe9,
414
- 0x0e, 0xd5, 0xcd, 0xeb, 0x23, 0x27, 0xf8, 0xfb, 0x45, 0xe5, 0x34, 0x63,
415
- 0x77, 0x7f, 0x2e, 0x80, 0xcf, 0x9d, 0x2e, 0xfc, 0xe2, 0x50, 0x75, 0x29,
416
- 0x46, 0xf4, 0xaf, 0x91, 0xed, 0x36, 0xe1, 0x5e, 0xef, 0x66, 0xa1, 0xff,
417
- 0x27, 0xfc, 0x87, 0x7e, 0x60, 0x84, 0x0f, 0x54, 0x51, 0x56, 0x0f, 0x68,
418
- 0x99, 0xc0, 0x3f, 0xeb, 0xa5, 0xa0, 0x46, 0xb0, 0x86, 0x02, 0xb0, 0xc8,
419
- 0xe8, 0x46, 0x13, 0x06, 0xcd, 0xb7, 0x8a, 0xd0, 0x3b, 0x46, 0xd0, 0x14,
420
- 0x64, 0x53, 0x9b, 0x5b, 0x5e, 0x02, 0x45, 0xba, 0x6e, 0x7e, 0x0a, 0xb9,
421
- 0x9e, 0x62, 0xb7, 0xd5, 0x7a, 0x87, 0xea, 0xd3, 0x24, 0xa5, 0xef, 0xb3,
422
- 0xdc, 0x05, 0x9c, 0x04, 0x60, 0x4b, 0xde, 0xa8, 0x90, 0x08, 0x7b, 0x6a,
423
- 0x5f, 0xb4, 0x3f, 0xda, 0xc5, 0x1f, 0x6e, 0xd6, 0x15, 0xde, 0x65, 0xa4,
424
- 0x6e, 0x62, 0x9d, 0x8f, 0xa8, 0xbe, 0x86, 0xf6, 0x09, 0x90, 0x40, 0xa5,
425
- 0xf4, 0x23, 0xc5, 0xf6, 0x38, 0x86, 0x0d, 0x1c, 0xed, 0x4a, 0x0a, 0xae,
426
- 0xa4, 0x26, 0xc2, 0x2e, 0xd3, 0x13, 0x66, 0x61, 0xea, 0x35, 0x01, 0x0e,
427
- 0x13, 0xda, 0x78, 0x20, 0xae, 0x59, 0x5f, 0x9b, 0xa9, 0x6c, 0xf9, 0x1b,
428
- 0xdf, 0x76, 0x53, 0xc8, 0xa7, 0xf5, 0x63, 0x6d, 0xf3, 0xff, 0xfd, 0xaf,
429
- 0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d,
430
- 0xd2, 0x0c, 0xb1,
431
- #if !defined(BORINGSSL_FIPS_BREAK_RSA_SIG)
432
- 0x64
433
- #else
434
- 0x00
435
- #endif
432
+ static const uint8_t kECDSASignSig[64] = {
433
+ 0x67, 0x80, 0xc5, 0xfc, 0x70, 0x27, 0x5e, 0x2c, 0x70, 0x61, 0xa0,
434
+ 0xe7, 0x87, 0x7b, 0xb1, 0x74, 0xde, 0xad, 0xeb, 0x98, 0x87, 0x02,
435
+ 0x7f, 0x3f, 0xa8, 0x36, 0x54, 0x15, 0x8b, 0xa7, 0xf5, 0x0c, 0x68,
436
+ 0x04, 0x73, 0x40, 0x94, 0xb2, 0xd1, 0x90, 0xac, 0x2d, 0x0c, 0xd7,
437
+ 0xa5, 0x7f, 0x2f, 0x2e, 0xb2, 0x62, 0xb0, 0x09, 0x16, 0xe1, 0xa6,
438
+ 0x70, 0xb5, 0xbb, 0x0d, 0xfd, 0x8e, 0x0c, 0x02, 0x3f,
436
439
  };
437
- const uint8_t kDRBGEntropy[48] =
438
- "BCM Known Answer Test DBRG Initial Entropy ";
439
- const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
440
- const uint8_t kDRBGAD[16] = "BCM DRBG KAT AD ";
441
- const uint8_t kDRBGOutput[64] = {
442
- 0x1d, 0x63, 0xdf, 0x05, 0x51, 0x49, 0x22, 0x46, 0xcd, 0x9b, 0xc5,
443
- 0xbb, 0xf1, 0x5d, 0x44, 0xae, 0x13, 0x78, 0xb1, 0xe4, 0x7c, 0xf1,
444
- 0x96, 0x33, 0x3d, 0x60, 0xb6, 0x29, 0xd4, 0xbb, 0x6b, 0x44, 0xf9,
445
- 0xef, 0xd9, 0xf4, 0xa2, 0xba, 0x48, 0xea, 0x39, 0x75, 0x59, 0x32,
446
- 0xf7, 0x31, 0x2c, 0x98, 0x14, 0x2b, 0x49, 0xdf, 0x02, 0xb6, 0x5d,
447
- 0x71, 0x09, 0x50, 0xdb, 0x23, 0xdb, 0xe5, 0x22,
448
- #if !defined(BORINGSSL_FIPS_BREAK_DRBG)
449
- 0x95
450
- #else
451
- 0x00
452
- #endif
440
+
441
+ // The 'k' value for ECDSA is fixed to avoid an entropy draw.
442
+ uint8_t ecdsa_k[32] = {0};
443
+ ecdsa_k[31] = 42;
444
+
445
+ sig = ecdsa_sign_with_nonce_for_known_answer_test(
446
+ kECDSASignDigest, sizeof(kECDSASignDigest), ec_key, ecdsa_k,
447
+ sizeof(ecdsa_k));
448
+
449
+ uint8_t ecdsa_sign_output[64];
450
+ if (sig == NULL ||
451
+ !serialize_ecdsa_sig(ecdsa_sign_output, sizeof(ecdsa_sign_output), sig) ||
452
+ !check_test(kECDSASignSig, ecdsa_sign_output, sizeof(ecdsa_sign_output),
453
+ "ECDSA-sign signature")) {
454
+ fprintf(stderr, "ECDSA-sign KAT failed.\n");
455
+ goto err;
456
+ }
457
+
458
+ static const uint8_t kECDSAVerifyDigest[32] = {
459
+ 0x78, 0x7c, 0x50, 0x5c, 0x60, 0xc9, 0xe4, 0x13, 0x6c, 0xe4, 0x48,
460
+ 0xba, 0x93, 0xff, 0x71, 0xfa, 0x9c, 0x18, 0xf4, 0x17, 0x09, 0x4f,
461
+ 0xdf, 0x5a, 0xe2, 0x75, 0xc0, 0xcc, 0xd2, 0x67, 0x97, 0xad,
453
462
  };
454
- const uint8_t kDRBGEntropy2[48] =
455
- "BCM Known Answer Test DBRG Reseed Entropy ";
456
- const uint8_t kDRBGReseedOutput[64] = {
457
- 0xa4, 0x77, 0x05, 0xdb, 0x14, 0x11, 0x76, 0x71, 0x42, 0x5b, 0xd8,
458
- 0xd7, 0xa5, 0x4f, 0x8b, 0x39, 0xf2, 0x10, 0x4a, 0x50, 0x5b, 0xa2,
459
- 0xc8, 0xf0, 0xbb, 0x3e, 0xa1, 0xa5, 0x90, 0x7d, 0x54, 0xd9, 0xc6,
460
- 0xb0, 0x96, 0xc0, 0x2b, 0x7e, 0x9b, 0xc9, 0xa1, 0xdd, 0x78, 0x2e,
461
- 0xd5, 0xa8, 0x66, 0x16, 0xbd, 0x18, 0x3c, 0xf2, 0xaa, 0x7a, 0x2b,
462
- 0x37, 0xf9, 0xab, 0x35, 0x64, 0x15, 0x01, 0x3f, 0xc4,
463
- };
464
- const uint8_t kECDSASigR[32] = {
463
+ static const uint8_t kECDSAVerifySig[64] = {
465
464
  0x67, 0x80, 0xc5, 0xfc, 0x70, 0x27, 0x5e, 0x2c, 0x70, 0x61, 0xa0,
466
465
  0xe7, 0x87, 0x7b, 0xb1, 0x74, 0xde, 0xad, 0xeb, 0x98, 0x87, 0x02,
467
- 0x7f, 0x3f, 0xa8, 0x36, 0x54, 0x15, 0x8b, 0xa7, 0xf5,
468
- #if !defined(BORINGSSL_FIPS_BREAK_ECDSA_SIG)
469
- 0x0c,
470
- #else
471
- 0x00,
472
- #endif
473
- };
474
- const uint8_t kECDSASigS[32] = {
475
- 0xa5, 0x93, 0xe0, 0x23, 0x91, 0xe7, 0x4b, 0x8d, 0x77, 0x25, 0xa6,
476
- 0xba, 0x4d, 0xd9, 0x86, 0x77, 0xda, 0x7d, 0x8f, 0xef, 0xc4, 0x1a,
477
- 0xf0, 0xcc, 0x81, 0xe5, 0xea, 0x3f, 0xc2, 0x41, 0x7f, 0xd8,
466
+ 0x7f, 0x3f, 0xa8, 0x36, 0x54, 0x15, 0x8b, 0xa7, 0xf5, 0x0c, 0x2d,
467
+ 0x36, 0xe5, 0x79, 0x97, 0x90, 0xbf, 0xbe, 0x21, 0x83, 0xd3, 0x3e,
468
+ 0x96, 0xf3, 0xc5, 0x1f, 0x6a, 0x23, 0x2f, 0x2a, 0x24, 0x48, 0x8c,
469
+ 0x8e, 0x5f, 0x64, 0xc3, 0x7e, 0xa2, 0xcf, 0x05, 0x29,
478
470
  };
471
+
472
+ ECDSA_SIG_free(sig);
473
+ sig = parse_ecdsa_sig(kECDSAVerifySig, sizeof(kECDSAVerifySig));
474
+ if (!sig ||
475
+ !ecdsa_do_verify_no_self_test(kECDSAVerifyDigest,
476
+ sizeof(kECDSAVerifyDigest), sig, ec_key)) {
477
+ fprintf(stderr, "ECDSA-verify KAT failed.\n");
478
+ goto err;
479
+ }
480
+
481
+ // Primitive Z Computation KAT (IG 9.6).
482
+
479
483
  // kP256Point is SHA256("Primitive Z Computation KAT")×G within P-256.
480
- const uint8_t kP256Point[65] = {
484
+ static const uint8_t kP256Point[65] = {
481
485
  0x04, 0x4e, 0xc1, 0x94, 0x8c, 0x5c, 0xf4, 0x37, 0x35, 0x0d, 0xa3,
482
486
  0xf9, 0x55, 0xf9, 0x8b, 0x26, 0x23, 0x5c, 0x43, 0xe0, 0x83, 0x51,
483
487
  0x2b, 0x0d, 0x4b, 0x56, 0x24, 0xc3, 0xe4, 0xa5, 0xa8, 0xe2, 0xe9,
@@ -486,50 +490,64 @@ int boringssl_fips_self_test(
486
490
  0x79, 0x93, 0x7c, 0x0b, 0x92, 0x2b, 0x7f, 0x17, 0xa5, 0x80,
487
491
  };
488
492
  // kP256Scalar is SHA256("Primitive Z Computation KAT scalar").
489
- const uint8_t kP256Scalar[32] = {
493
+ static const uint8_t kP256Scalar[32] = {
490
494
  0xe7, 0x60, 0x44, 0x91, 0x26, 0x9a, 0xfb, 0x5b, 0x10, 0x2d, 0x6e,
491
495
  0xa5, 0x2c, 0xb5, 0x9f, 0xeb, 0x70, 0xae, 0xde, 0x6c, 0xe3, 0xbf,
492
496
  0xb3, 0xe0, 0x10, 0x54, 0x85, 0xab, 0xd8, 0x61, 0xd7, 0x7b,
493
497
  };
494
498
  // kP256PointResult is |kP256Scalar|×|kP256Point|.
495
- const uint8_t kP256PointResult[65] = {
499
+ static const uint8_t kP256PointResult[65] = {
496
500
  0x04, 0xf1, 0x63, 0x00, 0x88, 0xc5, 0xd5, 0xe9, 0x05, 0x52, 0xac,
497
501
  0xb6, 0xec, 0x68, 0x76, 0xb8, 0x73, 0x7f, 0x0f, 0x72, 0x34, 0xe6,
498
502
  0xbb, 0x30, 0x32, 0x22, 0x37, 0xb6, 0x2a, 0x80, 0xe8, 0x9e, 0x6e,
499
503
  0x6f, 0x36, 0x02, 0xe7, 0x21, 0xd2, 0x31, 0xdb, 0x94, 0x63, 0xb7,
500
504
  0xd8, 0x19, 0x0e, 0xc2, 0xc0, 0xa7, 0x2f, 0x15, 0x49, 0x1a, 0xa2,
501
- 0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a,
502
- #if !defined(BORINGSSL_FIPS_BREAK_Z_COMPUTATION)
503
- 0x0c,
504
- #else
505
- 0x00,
506
- #endif
507
- };
508
- const uint8_t kTLSOutput[32] = {
509
- 0x67, 0x85, 0xde, 0x60, 0xfc, 0x0a, 0x83, 0xe9, 0xa2, 0x2a, 0xb3,
510
- 0xf0, 0x27, 0x0c, 0xba, 0xf7, 0xfa, 0x82, 0x3d, 0x14, 0x77, 0x1d,
511
- 0x86, 0x29, 0x79, 0x39, 0x77, 0x8a, 0xd5, 0x0e, 0x9d,
512
- #if !defined(BORINGSSL_FIPS_BREAK_TLS_KDF)
513
- 0x32,
514
- #else
515
- 0x00,
516
- #endif
517
- };
518
- const uint8_t kTLSSecret[32] = {
519
- 0xbf, 0xe4, 0xb7, 0xe0, 0x26, 0x55, 0x5f, 0x6a, 0xdf, 0x5d, 0x27,
520
- 0xd6, 0x89, 0x99, 0x2a, 0xd6, 0xf7, 0x65, 0x66, 0x07, 0x4b, 0x55,
521
- 0x5f, 0x64, 0x55, 0xcd, 0xd5, 0x77, 0xa4, 0xc7, 0x09, 0x61,
522
- };
523
- const char kTLSLabel[] = "FIPS self test";
524
- const uint8_t kTLSSeed1[16] = {
525
- 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
526
- 0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65,
527
- };
528
- const uint8_t kTLSSeed2[16] = {
529
- 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
530
- 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
505
+ 0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a, 0x0c,
531
506
  };
532
507
 
508
+ ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
509
+ if (ec_group == NULL) {
510
+ fprintf(stderr, "Failed to create P-256 group.\n");
511
+ goto err;
512
+ }
513
+ ec_point_in = EC_POINT_new(ec_group);
514
+ ec_point_out = EC_POINT_new(ec_group);
515
+ ec_scalar = BN_new();
516
+ uint8_t z_comp_result[65];
517
+ if (ec_point_in == NULL || ec_point_out == NULL || ec_scalar == NULL ||
518
+ !EC_POINT_oct2point(ec_group, ec_point_in, kP256Point, sizeof(kP256Point),
519
+ NULL) ||
520
+ !BN_bin2bn(kP256Scalar, sizeof(kP256Scalar), ec_scalar) ||
521
+ !ec_point_mul_no_self_test(ec_group, ec_point_out, NULL, ec_point_in,
522
+ ec_scalar, NULL) ||
523
+ !EC_POINT_point2oct(ec_group, ec_point_out, POINT_CONVERSION_UNCOMPRESSED,
524
+ z_comp_result, sizeof(z_comp_result), NULL) ||
525
+ !check_test(kP256PointResult, z_comp_result, sizeof(z_comp_result),
526
+ "Z Computation Result")) {
527
+ fprintf(stderr, "Z-computation KAT failed.\n");
528
+ goto err;
529
+ }
530
+
531
+ ret = 1;
532
+
533
+ err:
534
+ EC_KEY_free(ec_key);
535
+ EC_POINT_free(ec_point_in);
536
+ EC_POINT_free(ec_point_out);
537
+ EC_GROUP_free(ec_group);
538
+ BN_free(ec_scalar);
539
+ ECDSA_SIG_free(sig);
540
+
541
+ return ret;
542
+ }
543
+
544
+ static int boringssl_self_test_ffdh(void) {
545
+ int ret = 0;
546
+ DH *dh = NULL;
547
+ BIGNUM *ffdhe2048_value = NULL;
548
+
549
+ // FFC Diffie-Hellman KAT
550
+
533
551
  // kFFDHE2048PublicValueData is an arbitrary public value, mod
534
552
  // kFFDHE2048Data. (The private key happens to be 4096.)
535
553
  static const BN_ULONG kFFDHE2048PublicValueData[] = {
@@ -550,8 +568,7 @@ int boringssl_fips_self_test(
550
568
  TOBN(0xbae7b0b3, 0x6e362dc0), TOBN(0xa57c73bd, 0xdc70fb82),
551
569
  TOBN(0xfaff50d2, 0x9d573457), TOBN(0x352bd399, 0xbe84058e),
552
570
  };
553
-
554
- const uint8_t kDHOutput[2048 / 8] = {
571
+ static const uint8_t kDHOutput[2048 / 8] = {
555
572
  0x2a, 0xe6, 0xd3, 0xa6, 0x13, 0x58, 0x8e, 0xce, 0x53, 0xaa, 0xf6, 0x5d,
556
573
  0x9a, 0xae, 0x02, 0x12, 0xf5, 0x80, 0x3d, 0x06, 0x09, 0x76, 0xac, 0x57,
557
574
  0x37, 0x9e, 0xab, 0x38, 0x62, 0x25, 0x05, 0x1d, 0xf3, 0xa9, 0x39, 0x60,
@@ -573,23 +590,150 @@ int boringssl_fips_self_test(
573
590
  0x06, 0x80, 0x2a, 0x4e, 0x5a, 0xf0, 0x1e, 0xaa, 0xcb, 0xab, 0x06, 0x0e,
574
591
  0x27, 0x0f, 0xd9, 0x88, 0xd9, 0x01, 0xe3, 0x07, 0xeb, 0xdf, 0xc3, 0x12,
575
592
  0xe3, 0x40, 0x88, 0x7b, 0x5f, 0x59, 0x78, 0x6e, 0x26, 0x20, 0xc3, 0xdf,
576
- 0xc8, 0xe4, 0x5e,
577
- #if !defined(BORINGSSL_FIPS_BREAK_FFC_DH)
578
- 0xb8,
579
- #else
580
- 0x00,
581
- #endif
593
+ 0xc8, 0xe4, 0x5e, 0xb8,
594
+ };
595
+
596
+ ffdhe2048_value = BN_new();
597
+ if (ffdhe2048_value) {
598
+ bn_set_static_words(ffdhe2048_value, kFFDHE2048PublicValueData,
599
+ OPENSSL_ARRAY_SIZE(kFFDHE2048PublicValueData));
600
+ }
601
+
602
+ dh = self_test_dh();
603
+ uint8_t dh_out[sizeof(kDHOutput)];
604
+ if (dh == NULL || ffdhe2048_value == NULL || sizeof(dh_out) != DH_size(dh) ||
605
+ dh_compute_key_padded_no_self_test(dh_out, ffdhe2048_value, dh) !=
606
+ sizeof(dh_out) ||
607
+ !check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH")) {
608
+ fprintf(stderr, "FFDH failed.\n");
609
+ goto err;
610
+ }
611
+
612
+ ret = 1;
613
+
614
+ err:
615
+ DH_free(dh);
616
+ BN_free(ffdhe2048_value);
617
+
618
+ return ret;
619
+ }
620
+
621
+ #if defined(BORINGSSL_FIPS)
622
+
623
+ static void run_self_test_rsa(void) {
624
+ FIPS_service_indicator_lock_state();
625
+ if (!boringssl_self_test_rsa()) {
626
+ BORINGSSL_FIPS_abort();
627
+ }
628
+ FIPS_service_indicator_unlock_state();
629
+ }
630
+
631
+ DEFINE_STATIC_ONCE(g_self_test_once_rsa);
632
+
633
+ void boringssl_ensure_rsa_self_test(void) {
634
+ CRYPTO_once(g_self_test_once_rsa_bss_get(), run_self_test_rsa);
635
+ }
636
+
637
+ static void run_self_test_ecc(void) {
638
+ FIPS_service_indicator_lock_state();
639
+ if (!boringssl_self_test_ecc()) {
640
+ BORINGSSL_FIPS_abort();
641
+ }
642
+ FIPS_service_indicator_unlock_state();
643
+ }
644
+
645
+ DEFINE_STATIC_ONCE(g_self_test_once_ecc);
646
+
647
+ void boringssl_ensure_ecc_self_test(void) {
648
+ CRYPTO_once(g_self_test_once_ecc_bss_get(), run_self_test_ecc);
649
+ }
650
+
651
+ static void run_self_test_ffdh(void) {
652
+ FIPS_service_indicator_lock_state();
653
+ if (!boringssl_self_test_ffdh()) {
654
+ BORINGSSL_FIPS_abort();
655
+ }
656
+ FIPS_service_indicator_unlock_state();
657
+ }
658
+
659
+ DEFINE_STATIC_ONCE(g_self_test_once_ffdh);
660
+
661
+ void boringssl_ensure_ffdh_self_test(void) {
662
+ CRYPTO_once(g_self_test_once_ffdh_bss_get(), run_self_test_ffdh);
663
+ }
664
+
665
+ #endif // BORINGSSL_FIPS
666
+
667
+
668
+ // Startup self tests.
669
+ //
670
+ // These tests are run at process start when in FIPS mode.
671
+
672
+ int boringssl_self_test_sha256(void) {
673
+ static const uint8_t kInput[16] = {
674
+ 0xff, 0x3b, 0x85, 0x7d, 0xa7, 0x23, 0x6a, 0x2b,
675
+ 0xaa, 0x0f, 0x39, 0x6b, 0x51, 0x52, 0x22, 0x17,
676
+ };
677
+ static const uint8_t kPlaintextSHA256[32] = {
678
+ 0x7f, 0xe4, 0xd5, 0xf1, 0xa1, 0xe3, 0x82, 0x87, 0xd9, 0x58, 0xf5,
679
+ 0x11, 0xc7, 0x1d, 0x5e, 0x27, 0x5e, 0xcc, 0xd2, 0x66, 0xcf, 0xb9,
680
+ 0xc8, 0xc6, 0x60, 0xd8, 0x92, 0x1e, 0x57, 0xfd, 0x46, 0x75,
681
+ };
682
+ uint8_t output[SHA256_DIGEST_LENGTH];
683
+
684
+ // SHA-256 KAT
685
+ SHA256(kInput, sizeof(kInput), output);
686
+ return check_test(kPlaintextSHA256, output, sizeof(kPlaintextSHA256),
687
+ "SHA-256 KAT");
688
+ }
689
+
690
+ int boringssl_self_test_sha512(void) {
691
+ static const uint8_t kInput[16] = {
692
+ 0x21, 0x25, 0x12, 0xf8, 0xd2, 0xad, 0x83, 0x22,
693
+ 0x78, 0x1c, 0x6c, 0x4d, 0x69, 0xa9, 0xda, 0xa1,
694
+ };
695
+ static const uint8_t kPlaintextSHA512[64] = {
696
+ 0x29, 0x3c, 0x94, 0x35, 0x4e, 0x98, 0x83, 0xe5, 0xc2, 0x78, 0x36,
697
+ 0x7a, 0xe5, 0x18, 0x90, 0xbf, 0x35, 0x41, 0x01, 0x64, 0x19, 0x8d,
698
+ 0x26, 0xeb, 0xe1, 0xf8, 0x2f, 0x04, 0x8e, 0xfa, 0x8b, 0x2b, 0xc6,
699
+ 0xb2, 0x9d, 0x5d, 0x46, 0x76, 0x5a, 0xc8, 0xb5, 0x25, 0xa3, 0xea,
700
+ 0x52, 0x84, 0x47, 0x6d, 0x6d, 0xf4, 0xc9, 0x71, 0xf3, 0x3d, 0x89,
701
+ 0x4c, 0x3b, 0x20, 0x8c, 0x5b, 0x75, 0xe8, 0xf8, 0x7c,
702
+ };
703
+ uint8_t output[SHA512_DIGEST_LENGTH];
704
+
705
+ // SHA-512 KAT
706
+ SHA512(kInput, sizeof(kInput), output);
707
+ return check_test(kPlaintextSHA512, output, sizeof(kPlaintextSHA512),
708
+ "SHA-512 KAT");
709
+ }
710
+
711
+ int boringssl_self_test_hmac_sha256(void) {
712
+ static const uint8_t kInput[16] = {
713
+ 0xda, 0xd9, 0x12, 0x93, 0xdf, 0xcf, 0x2a, 0x7c,
714
+ 0x8e, 0xcd, 0x13, 0xfe, 0x35, 0x3f, 0xa7, 0x5b,
582
715
  };
716
+ static const uint8_t kPlaintextHMACSHA256[32] = {
717
+ 0x36, 0x5f, 0x5b, 0xd5, 0xf5, 0xeb, 0xfd, 0xc7, 0x6e, 0x53, 0xa5,
718
+ 0x73, 0x6d, 0x73, 0x20, 0x13, 0xaa, 0xd3, 0xbc, 0x86, 0x4b, 0xb8,
719
+ 0x84, 0x94, 0x16, 0x46, 0x88, 0x9c, 0x48, 0xee, 0xa9, 0x0e,
720
+ };
721
+ uint8_t output[EVP_MAX_MD_SIZE];
722
+
723
+ unsigned output_len;
724
+ HMAC(EVP_sha256(), kInput, sizeof(kInput), kInput, sizeof(kInput), output,
725
+ &output_len);
726
+ return output_len == sizeof(kPlaintextHMACSHA256) &&
727
+ check_test(kPlaintextHMACSHA256, output, sizeof(kPlaintextHMACSHA256),
728
+ "HMAC-SHA-256 KAT");
729
+ }
730
+
731
+ static int boringssl_self_test_fast(void) {
732
+ static const uint8_t kAESKey[16] = "BoringCrypto Key";
733
+ static const uint8_t kAESIV[16] = {0};
583
734
 
584
735
  EVP_AEAD_CTX aead_ctx;
585
736
  EVP_AEAD_CTX_zero(&aead_ctx);
586
- RSA *rsa_key = NULL;
587
- EC_KEY *ec_key = NULL;
588
- EC_GROUP *ec_group = NULL;
589
- EC_POINT *ec_point_in = NULL;
590
- EC_POINT *ec_point_out = NULL;
591
- BIGNUM *ec_scalar = NULL;
592
- ECDSA_SIG *sig = NULL;
593
737
  int ret = 0;
594
738
 
595
739
  AES_KEY aes_key;
@@ -597,28 +741,48 @@ int boringssl_fips_self_test(
597
741
  uint8_t output[256];
598
742
 
599
743
  // AES-CBC Encryption KAT
744
+ static const uint8_t kAESCBCEncPlaintext[32] = {
745
+ 0x07, 0x86, 0x09, 0xa6, 0xc5, 0xac, 0x25, 0x44, 0x69, 0x9a, 0xdf,
746
+ 0x68, 0x2f, 0xa3, 0x77, 0xf9, 0xbe, 0x8a, 0xb6, 0xae, 0xf5, 0x63,
747
+ 0xe8, 0xc5, 0x6a, 0x36, 0xb8, 0x4f, 0x55, 0x7f, 0xad, 0xd3,
748
+ };
749
+ static const uint8_t kAESCBCEncCiphertext[sizeof(kAESCBCEncPlaintext)] = {
750
+ 0x56, 0x46, 0xc1, 0x41, 0xf4, 0x13, 0xd6, 0xff, 0x62, 0x92, 0x41,
751
+ 0x7a, 0x26, 0xc6, 0x86, 0xbd, 0x30, 0x5f, 0xb6, 0x57, 0xa7, 0xd2,
752
+ 0x50, 0x3a, 0xc5, 0x5e, 0x8e, 0x93, 0x40, 0xf2, 0x10, 0xd8,
753
+ };
600
754
  memcpy(aes_iv, kAESIV, sizeof(kAESIV));
601
755
  if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
602
756
  fprintf(stderr, "AES_set_encrypt_key failed.\n");
603
757
  goto err;
604
758
  }
605
- AES_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &aes_key, aes_iv,
606
- AES_ENCRYPT);
607
- if (!check_test(kAESCBCCiphertext, output, sizeof(kAESCBCCiphertext),
608
- "AES-CBC Encryption KAT")) {
759
+ AES_cbc_encrypt(kAESCBCEncPlaintext, output, sizeof(kAESCBCEncPlaintext),
760
+ &aes_key, aes_iv, AES_ENCRYPT);
761
+ if (!check_test(kAESCBCEncCiphertext, output, sizeof(kAESCBCEncCiphertext),
762
+ "AES-CBC-encrypt KAT")) {
609
763
  goto err;
610
764
  }
611
765
 
612
766
  // AES-CBC Decryption KAT
767
+ static const uint8_t kAESCBCDecCiphertext[32] = {
768
+ 0x34, 0x7a, 0xa5, 0xa0, 0x24, 0xb2, 0x82, 0x57, 0xb3, 0x65, 0x10,
769
+ 0xbe, 0x58, 0x3d, 0x4f, 0x47, 0xad, 0xb7, 0xbb, 0xee, 0xdc, 0x60,
770
+ 0x05, 0xbb, 0xbd, 0x0d, 0x0a, 0x9f, 0x06, 0xbb, 0x7b, 0x10,
771
+ };
772
+ static const uint8_t kAESCBCDecPlaintext[sizeof(kAESCBCDecCiphertext)] = {
773
+ 0x51, 0xa7, 0xa0, 0x1f, 0x6b, 0x79, 0x6c, 0xcd, 0x48, 0x03, 0xa1,
774
+ 0x41, 0xdc, 0x56, 0xa6, 0xc2, 0x16, 0xb5, 0xd1, 0xd3, 0xb7, 0x06,
775
+ 0xb2, 0x25, 0x6f, 0xa6, 0xd0, 0xd2, 0x0e, 0x6f, 0x19, 0xb5,
776
+ };
613
777
  memcpy(aes_iv, kAESIV, sizeof(kAESIV));
614
778
  if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
615
779
  fprintf(stderr, "AES_set_decrypt_key failed.\n");
616
780
  goto err;
617
781
  }
618
- AES_cbc_encrypt(kAESCBCCiphertext, output, sizeof(kAESCBCCiphertext),
782
+ AES_cbc_encrypt(kAESCBCDecCiphertext, output, sizeof(kAESCBCDecCiphertext),
619
783
  &aes_key, aes_iv, AES_DECRYPT);
620
- if (!check_test(kPlaintext, output, sizeof(kPlaintext),
621
- "AES-CBC Decryption KAT")) {
784
+ if (!check_test(kAESCBCDecPlaintext, output, sizeof(kAESCBCDecPlaintext),
785
+ "AES-CBC-decrypt KAT")) {
622
786
  goto err;
623
787
  }
624
788
 
@@ -632,194 +796,115 @@ int boringssl_fips_self_test(
632
796
  }
633
797
 
634
798
  // AES-GCM Encryption KAT
799
+ static const uint8_t kAESGCMEncPlaintext[32] = {
800
+ 0x8f, 0xcc, 0x40, 0x99, 0x80, 0x8e, 0x75, 0xca, 0xaf, 0xf5, 0x82,
801
+ 0x89, 0x88, 0x48, 0xa8, 0x8d, 0x80, 0x8b, 0x55, 0xab, 0x4e, 0x93,
802
+ 0x70, 0x79, 0x7d, 0x94, 0x0b, 0xe8, 0xcc, 0x1d, 0x78, 0x84,
803
+ };
804
+ static const uint8_t kAESGCMCiphertext[sizeof(kAESGCMEncPlaintext) + 16] = {
805
+ 0x87, 0x7b, 0xd5, 0x8d, 0x96, 0x3e, 0x4b, 0xe6, 0x64, 0x94, 0x40, 0x2f,
806
+ 0x61, 0x9b, 0x7e, 0x56, 0x52, 0x7d, 0xa4, 0x5a, 0xf9, 0xa6, 0xe2, 0xdb,
807
+ 0x1c, 0x63, 0x2e, 0x97, 0x93, 0x0f, 0xfb, 0xed, 0xb5, 0x9e, 0x1c, 0x20,
808
+ 0xb2, 0xb0, 0x58, 0xda, 0x48, 0x07, 0x2d, 0xbd, 0x96, 0x0d, 0x34, 0xc6,
809
+ };
635
810
  if (!EVP_AEAD_CTX_seal(&aead_ctx, output, &out_len, sizeof(output), nonce,
636
811
  EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
637
- kPlaintext, sizeof(kPlaintext), NULL, 0) ||
812
+ kAESGCMEncPlaintext, sizeof(kAESGCMEncPlaintext), NULL,
813
+ 0) ||
638
814
  !check_test(kAESGCMCiphertext, output, sizeof(kAESGCMCiphertext),
639
- "AES-GCM Encryption KAT")) {
815
+ "AES-GCM-encrypt KAT")) {
640
816
  fprintf(stderr, "EVP_AEAD_CTX_seal for AES-128-GCM failed.\n");
641
817
  goto err;
642
818
  }
643
819
 
644
820
  // AES-GCM Decryption KAT
821
+ static const uint8_t kAESGCMDecCiphertext[48] = {
822
+ 0x35, 0xf3, 0x05, 0x8f, 0x87, 0x57, 0x60, 0xff, 0x09, 0xd3, 0x12, 0x0f,
823
+ 0x70, 0xc4, 0xbc, 0x9e, 0xd7, 0xa8, 0x68, 0x72, 0xe1, 0x34, 0x52, 0x20,
824
+ 0x21, 0x76, 0xf7, 0x37, 0x1a, 0xe0, 0x4f, 0xaa, 0xe1, 0xdd, 0x39, 0x19,
825
+ 0x20, 0xf5, 0xd1, 0x39, 0x53, 0xd8, 0x96, 0x78, 0x59, 0x94, 0x82, 0x3c,
826
+ };
827
+ static const uint8_t kAESGCMDecPlaintext[sizeof(kAESGCMDecCiphertext) - 16] =
828
+ {
829
+ 0x3d, 0x44, 0x90, 0x9b, 0x91, 0xe7, 0x5e, 0xd3, 0xc2, 0xb2, 0xd0,
830
+ 0xa9, 0x99, 0x17, 0x6a, 0x45, 0x05, 0x5e, 0x99, 0x83, 0x56, 0x01,
831
+ 0xc0, 0x82, 0x40, 0x81, 0xd2, 0x48, 0x45, 0xf2, 0xcc, 0xc3,
832
+ };
645
833
  if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
646
834
  EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
647
- kAESGCMCiphertext, sizeof(kAESGCMCiphertext), NULL,
648
- 0) ||
649
- !check_test(kPlaintext, output, sizeof(kPlaintext),
650
- "AES-GCM Decryption KAT")) {
651
- fprintf(stderr, "EVP_AEAD_CTX_open for AES-128-GCM failed.\n");
652
- goto err;
653
- }
654
-
655
- DES_key_schedule des1, des2, des3;
656
- DES_cblock des_iv;
657
- DES_set_key(&kDESKey1, &des1);
658
- DES_set_key(&kDESKey2, &des2);
659
- DES_set_key(&kDESKey3, &des3);
660
-
661
- // 3DES Encryption KAT
662
- memcpy(&des_iv, &kDESIV, sizeof(des_iv));
663
- DES_ede3_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &des1, &des2,
664
- &des3, &des_iv, DES_ENCRYPT);
665
- if (!check_test(kDESCiphertext, output, sizeof(kDESCiphertext),
666
- "3DES Encryption KAT")) {
667
- goto err;
668
- }
669
-
670
- // 3DES Decryption KAT
671
- memcpy(&des_iv, &kDESIV, sizeof(des_iv));
672
- DES_ede3_cbc_encrypt(kDESCiphertext, output, sizeof(kDESCiphertext), &des1,
673
- &des2, &des3, &des_iv, DES_DECRYPT);
674
- if (!check_test(kPlaintext, output, sizeof(kPlaintext),
675
- "3DES Decryption KAT")) {
835
+ kAESGCMDecCiphertext, sizeof(kAESGCMDecCiphertext),
836
+ NULL, 0) ||
837
+ !check_test(kAESGCMDecPlaintext, output, sizeof(kAESGCMDecPlaintext),
838
+ "AES-GCM-decrypt KAT")) {
839
+ fprintf(stderr,
840
+ "AES-GCM-decrypt KAT failed because EVP_AEAD_CTX_open failed.\n");
676
841
  goto err;
677
842
  }
678
843
 
679
844
  // SHA-1 KAT
680
- SHA1(kPlaintext, sizeof(kPlaintext), output);
681
- if (!check_test(kPlaintextSHA1, output, sizeof(kPlaintextSHA1),
845
+ static const uint8_t kSHA1Input[16] = {
846
+ 0x13, 0x2f, 0xd9, 0xba, 0xd5, 0xc1, 0x82, 0x62,
847
+ 0x63, 0xba, 0xfb, 0xb6, 0x99, 0xf7, 0x07, 0xa5,
848
+ };
849
+ static const uint8_t kSHA1Digest[20] = {
850
+ 0x94, 0x19, 0x55, 0x93, 0x0a, 0x58, 0x29, 0x38, 0xeb, 0xf5,
851
+ 0x09, 0x11, 0x6d, 0x1a, 0xfd, 0x0f, 0x1e, 0x11, 0xe3, 0xcb,
852
+ };
853
+ SHA1(kSHA1Input, sizeof(kSHA1Input), output);
854
+ if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest),
682
855
  "SHA-1 KAT")) {
683
856
  goto err;
684
857
  }
685
858
 
686
- // SHA-256 KAT
687
- SHA256(kPlaintext, sizeof(kPlaintext), output);
688
- if (!check_test(kPlaintextSHA256, output, sizeof(kPlaintextSHA256),
689
- "SHA-256 KAT")) {
690
- goto err;
691
- }
692
-
693
- // SHA-512 KAT
694
- SHA512(kPlaintext, sizeof(kPlaintext), output);
695
- if (!check_test(kPlaintextSHA512, output, sizeof(kPlaintextSHA512),
696
- "SHA-512 KAT")) {
697
- goto err;
698
- }
699
-
700
- rsa_key = self_test_rsa_key();
701
- if (rsa_key == NULL) {
702
- fprintf(stderr, "RSA KeyGen failed\n");
703
- goto err;
704
- }
705
-
706
- // RSA Sign KAT
707
- unsigned sig_len;
708
-
709
- // Disable blinding for the power-on tests because it's not needed and
710
- // triggers an entropy draw.
711
- rsa_key->flags |= RSA_FLAG_NO_BLINDING;
712
-
713
- if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output,
714
- &sig_len, rsa_key) ||
715
- !check_test(kRSASignature, output, sizeof(kRSASignature),
716
- "RSA Sign KAT")) {
717
- fprintf(stderr, "RSA signing test failed.\n");
718
- goto err;
719
- }
720
-
721
- // RSA Verify KAT
722
- if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256),
723
- kRSASignature, sizeof(kRSASignature), rsa_key)) {
724
- fprintf(stderr, "RSA Verify KAT failed.\n");
725
- goto err;
726
- }
727
-
728
- ec_key = self_test_ecdsa_key();
729
- if (ec_key == NULL) {
730
- fprintf(stderr, "ECDSA KeyGen failed\n");
731
- goto err;
732
- }
733
-
734
- // ECDSA Sign/Verify KAT
735
-
736
- // The 'k' value for ECDSA is fixed to avoid an entropy draw.
737
- uint8_t ecdsa_k[32] = {0};
738
- ecdsa_k[31] = 42;
739
-
740
- sig = ecdsa_sign_with_nonce_for_known_answer_test(
741
- kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key, ecdsa_k,
742
- sizeof(ecdsa_k));
743
-
744
- uint8_t ecdsa_r_bytes[sizeof(kECDSASigR)];
745
- uint8_t ecdsa_s_bytes[sizeof(kECDSASigS)];
746
- if (sig == NULL ||
747
- BN_num_bytes(sig->r) != sizeof(ecdsa_r_bytes) ||
748
- !BN_bn2bin(sig->r, ecdsa_r_bytes) ||
749
- BN_num_bytes(sig->s) != sizeof(ecdsa_s_bytes) ||
750
- !BN_bn2bin(sig->s, ecdsa_s_bytes) ||
751
- !check_test(kECDSASigR, ecdsa_r_bytes, sizeof(kECDSASigR), "ECDSA R") ||
752
- !check_test(kECDSASigS, ecdsa_s_bytes, sizeof(kECDSASigS), "ECDSA S")) {
753
- fprintf(stderr, "ECDSA signature KAT failed.\n");
754
- goto err;
755
- }
756
-
757
- if (!ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
758
- ec_key)) {
759
- fprintf(stderr, "ECDSA verification KAT failed.\n");
760
- goto err;
761
- }
762
-
763
- // Primitive Z Computation KAT (IG 9.6).
764
- ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
765
- if (ec_group == NULL) {
766
- fprintf(stderr, "Failed to create P-256 group.\n");
767
- goto err;
768
- }
769
- ec_point_in = EC_POINT_new(ec_group);
770
- ec_point_out = EC_POINT_new(ec_group);
771
- ec_scalar = BN_new();
772
- uint8_t z_comp_result[65];
773
- if (ec_point_in == NULL || ec_point_out == NULL || ec_scalar == NULL ||
774
- !EC_POINT_oct2point(ec_group, ec_point_in, kP256Point, sizeof(kP256Point),
775
- NULL) ||
776
- !BN_bin2bn(kP256Scalar, sizeof(kP256Scalar), ec_scalar) ||
777
- !EC_POINT_mul(ec_group, ec_point_out, NULL, ec_point_in, ec_scalar,
778
- NULL) ||
779
- !EC_POINT_point2oct(ec_group, ec_point_out, POINT_CONVERSION_UNCOMPRESSED,
780
- z_comp_result, sizeof(z_comp_result), NULL) ||
781
- !check_test(kP256PointResult, z_comp_result, sizeof(z_comp_result),
782
- "Z Computation Result")) {
783
- fprintf(stderr, "Z Computation KAT failed.\n");
784
- goto err;
785
- }
786
-
787
- // FFC Diffie-Hellman KAT
788
-
789
- BIGNUM *const ffdhe2048_value = BN_new();
790
- DH *const dh = self_test_dh();
791
- int dh_ok = 0;
792
- if (ffdhe2048_value && dh) {
793
- bn_set_static_words(ffdhe2048_value, kFFDHE2048PublicValueData,
794
- OPENSSL_ARRAY_SIZE(kFFDHE2048PublicValueData));
795
-
796
- uint8_t dh_out[sizeof(kDHOutput)];
797
- dh_ok =
798
- sizeof(dh_out) == DH_size(dh) &&
799
- DH_compute_key_padded(dh_out, ffdhe2048_value, dh) == sizeof(dh_out) &&
800
- check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH");
801
- }
802
-
803
- BN_free(ffdhe2048_value);
804
- DH_free(dh);
805
- if (!dh_ok) {
806
- fprintf(stderr, "FFDH failed.\n");
859
+ if (!boringssl_self_test_sha256() ||
860
+ !boringssl_self_test_sha512() ||
861
+ !boringssl_self_test_hmac_sha256()) {
807
862
  goto err;
808
863
  }
809
864
 
810
865
  // DBRG KAT
866
+ static const uint8_t kDRBGEntropy[48] = {
867
+ 0xc4, 0xda, 0x07, 0x40, 0xd5, 0x05, 0xf1, 0xee, 0x28, 0x0b, 0x95, 0xe5,
868
+ 0x8c, 0x49, 0x31, 0xac, 0x6d, 0xe8, 0x46, 0xa0, 0x15, 0x2f, 0xbb, 0x4a,
869
+ 0x3f, 0x17, 0x4c, 0xf4, 0x78, 0x7a, 0x4f, 0x1a, 0x40, 0xc2, 0xb5, 0x0b,
870
+ 0xab, 0xe1, 0x4a, 0xae, 0x53, 0x0b, 0xe5, 0x88, 0x6d, 0x91, 0x0a, 0x27,
871
+ };
872
+ static const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
873
+ static const uint8_t kDRBGAD[16] = "BCM DRBG KAT AD ";
874
+ static const uint8_t kDRBGOutput[64] = {
875
+ 0x19, 0x1f, 0x2b, 0x49, 0x76, 0x85, 0xfd, 0x51, 0xb6, 0x56, 0xbc,
876
+ 0x1c, 0x7d, 0xd5, 0xdd, 0x44, 0x76, 0xa3, 0x5e, 0x17, 0x9b, 0x8e,
877
+ 0xb8, 0x98, 0x65, 0x12, 0xca, 0x35, 0x6c, 0xa0, 0x6f, 0xa0, 0x22,
878
+ 0xe4, 0xf6, 0xd8, 0x43, 0xed, 0x4e, 0x2d, 0x97, 0x39, 0x43, 0x3b,
879
+ 0x57, 0xfc, 0x23, 0x3f, 0x71, 0x0a, 0xe0, 0xed, 0xfe, 0xd5, 0xb8,
880
+ 0x67, 0x7a, 0x00, 0x39, 0xb2, 0x6e, 0xa9, 0x25, 0x97,
881
+ };
882
+ static const uint8_t kDRBGEntropy2[48] = {
883
+ 0xc7, 0x16, 0x1c, 0xa3, 0x6c, 0x23, 0x09, 0xb7, 0x16, 0xe9, 0x85, 0x9b,
884
+ 0xb9, 0x6c, 0x6d, 0x49, 0xbd, 0xc8, 0x35, 0x21, 0x03, 0xa1, 0x8c, 0xd2,
885
+ 0x4e, 0xf4, 0x2e, 0xc9, 0x7e, 0xf4, 0x6b, 0xf4, 0x46, 0xeb, 0x1a, 0x45,
886
+ 0x76, 0xc1, 0x86, 0xe9, 0x35, 0x18, 0x03, 0x76, 0x3a, 0x79, 0x12, 0xfe,
887
+ };
888
+ static const uint8_t kDRBGReseedOutput[64] = {
889
+ 0x00, 0xf2, 0x05, 0xaa, 0xfd, 0x11, 0x6c, 0x77, 0xbc, 0x81, 0x86,
890
+ 0x99, 0xca, 0x51, 0xcf, 0x80, 0x15, 0x9f, 0x02, 0x9e, 0x0b, 0xcd,
891
+ 0x26, 0xc8, 0x4b, 0x87, 0x8a, 0x15, 0x1a, 0xdd, 0xf2, 0xf3, 0xeb,
892
+ 0x94, 0x0b, 0x08, 0xc8, 0xc9, 0x57, 0xa4, 0x0b, 0x4b, 0x0f, 0x13,
893
+ 0xde, 0x7c, 0x0c, 0x6a, 0xac, 0x34, 0x4a, 0x9a, 0xf2, 0xd0, 0x83,
894
+ 0x02, 0x05, 0x17, 0xc9, 0x81, 0x8f, 0x2a, 0x81, 0x92,
895
+ };
811
896
  CTR_DRBG_STATE drbg;
812
897
  if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
813
898
  sizeof(kDRBGPersonalization)) ||
814
899
  !CTR_DRBG_generate(&drbg, output, sizeof(kDRBGOutput), kDRBGAD,
815
900
  sizeof(kDRBGAD)) ||
816
901
  !check_test(kDRBGOutput, output, sizeof(kDRBGOutput),
817
- "DBRG Generate KAT") ||
902
+ "DRBG Generate KAT") ||
818
903
  !CTR_DRBG_reseed(&drbg, kDRBGEntropy2, kDRBGAD, sizeof(kDRBGAD)) ||
819
904
  !CTR_DRBG_generate(&drbg, output, sizeof(kDRBGReseedOutput), kDRBGAD,
820
905
  sizeof(kDRBGAD)) ||
821
906
  !check_test(kDRBGReseedOutput, output, sizeof(kDRBGReseedOutput),
822
- "DRBG Reseed KAT")) {
907
+ "DRBG-reseed KAT")) {
823
908
  fprintf(stderr, "CTR-DRBG failed.\n");
824
909
  goto err;
825
910
  }
@@ -832,43 +917,59 @@ int boringssl_fips_self_test(
832
917
  }
833
918
 
834
919
  // TLS KDF KAT
920
+ static const uint8_t kTLSSecret[32] = {
921
+ 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82,
922
+ 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e,
923
+ 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31,
924
+ };
925
+ static const char kTLSLabel[] = "FIPS self test";
926
+ static const uint8_t kTLSSeed1[16] = {
927
+ 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
928
+ 0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65,
929
+ };
930
+ static const uint8_t kTLSSeed2[16] = {
931
+ 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
932
+ 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
933
+ };
934
+ static const uint8_t kTLSOutput[32] = {
935
+ 0xe2, 0x1d, 0xd6, 0xc2, 0x68, 0xc7, 0x57, 0x03, 0x2c, 0x2c, 0xeb,
936
+ 0xbb, 0xb8, 0xa9, 0x7d, 0xe9, 0xee, 0xe6, 0xc9, 0x47, 0x83, 0x0a,
937
+ 0xbd, 0x11, 0x60, 0x5d, 0xd5, 0x2c, 0x47, 0xb6, 0x05, 0x88,
938
+ };
835
939
  uint8_t tls_output[sizeof(kTLSOutput)];
836
940
  if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret,
837
941
  sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel),
838
942
  kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2,
839
943
  sizeof(kTLSSeed2)) ||
840
- !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS KDF KAT")) {
944
+ !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT")) {
841
945
  fprintf(stderr, "TLS KDF failed.\n");
842
946
  goto err;
843
947
  }
844
948
 
845
949
  ret = 1;
846
950
 
847
- #if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)
848
- // Tests were successful. Write flag file if requested.
849
- if (module_hash_len != 0 && getenv(kFlagWriteEnableEnvVar) != NULL) {
850
- const int fd = open(flag_path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
851
- if (fd >= 0) {
852
- close(fd);
853
- }
854
- }
855
- #endif // BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
856
-
857
951
  err:
858
952
  EVP_AEAD_CTX_cleanup(&aead_ctx);
859
- RSA_free(rsa_key);
860
- EC_KEY_free(ec_key);
861
- EC_POINT_free(ec_point_in);
862
- EC_POINT_free(ec_point_out);
863
- EC_GROUP_free(ec_group);
864
- BN_free(ec_scalar);
865
- ECDSA_SIG_free(sig);
866
953
 
867
954
  return ret;
868
955
  }
869
956
 
870
957
  int BORINGSSL_self_test(void) {
871
- return boringssl_fips_self_test(NULL, 0);
958
+ if (!boringssl_self_test_fast() ||
959
+ // When requested to run self tests, also run the lazy tests.
960
+ !boringssl_self_test_rsa() ||
961
+ !boringssl_self_test_ecc() ||
962
+ !boringssl_self_test_ffdh()) {
963
+ return 0;
964
+ }
965
+
966
+ return 1;
872
967
  }
873
968
 
969
+ #if defined(BORINGSSL_FIPS)
970
+ int boringssl_self_test_startup(void) {
971
+ return boringssl_self_test_fast();
972
+ }
973
+ #endif
974
+
874
975
  #endif // !_MSC_VER