grpc 1.53.1 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +78 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -12
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +116 -58
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +222 -118
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +113 -295
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +0 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +277 -451
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -14
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +1 -9
- data/src/core/ext/transport/chttp2/transport/internal.h +16 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +42 -43
- data/src/core/lib/surface/validate_metadata.h +0 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +5 -2
- data/src/core/lib/transport/metadata_batch.h +17 -113
- data/src/core/lib/transport/parsed_metadata.h +6 -16
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +103 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -29
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -20,20 +20,24 @@
|
|
20
20
|
#include <openssl/aead.h>
|
21
21
|
#include <openssl/aes.h>
|
22
22
|
#include <openssl/bn.h>
|
23
|
-
#include <openssl/
|
23
|
+
#include <openssl/ctrdrbg.h>
|
24
24
|
#include <openssl/dh.h>
|
25
25
|
#include <openssl/digest.h>
|
26
26
|
#include <openssl/ec.h>
|
27
27
|
#include <openssl/ecdsa.h>
|
28
28
|
#include <openssl/ec_key.h>
|
29
|
+
#include <openssl/hmac.h>
|
29
30
|
#include <openssl/nid.h>
|
30
31
|
#include <openssl/rsa.h>
|
31
32
|
#include <openssl/sha.h>
|
32
33
|
|
33
34
|
#include "../../internal.h"
|
35
|
+
#include "../dh/internal.h"
|
34
36
|
#include "../ec/internal.h"
|
35
37
|
#include "../ecdsa/internal.h"
|
36
38
|
#include "../rand/internal.h"
|
39
|
+
#include "../rsa/internal.h"
|
40
|
+
#include "../service_indicator/internal.h"
|
37
41
|
#include "../tls/internal.h"
|
38
42
|
|
39
43
|
|
@@ -47,21 +51,6 @@ int BORINGSSL_self_test(void) {
|
|
47
51
|
|
48
52
|
#else
|
49
53
|
|
50
|
-
#if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID)
|
51
|
-
// FIPS builds on Android will test for flag files, named after the module hash,
|
52
|
-
// in /dev/boringssl/selftest/. If such a flag file exists, it's assumed that
|
53
|
-
// self-tests have already passed and thus do not need to be repeated. (The
|
54
|
-
// integrity tests always run, however.)
|
55
|
-
//
|
56
|
-
// If self-tests complete successfully and the environment variable named in
|
57
|
-
// |kFlagWriteEnableEnvVar| is present, then the flag file will be created. The
|
58
|
-
// flag file isn't written without the environment variable being set in order
|
59
|
-
// to avoid SELinux violations on Android.
|
60
|
-
#define BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
|
61
|
-
static const char kFlagPrefix[] = "/dev/boringssl/selftest/";
|
62
|
-
static const char kFlagWriteEnableEnvVar[] = "BORINGSSL_SELF_TEST_CREATE_FLAG";
|
63
|
-
#endif
|
64
|
-
|
65
54
|
static void hexdump(const uint8_t *in, size_t len) {
|
66
55
|
for (size_t i = 0; i < len; i++) {
|
67
56
|
fprintf(stderr, "%02x", in[i]);
|
@@ -71,7 +60,7 @@ static void hexdump(const uint8_t *in, size_t len) {
|
|
71
60
|
static int check_test(const void *expected, const void *actual,
|
72
61
|
size_t expected_len, const char *name) {
|
73
62
|
if (OPENSSL_memcmp(actual, expected, expected_len) != 0) {
|
74
|
-
fprintf(stderr, "%s failed.\nExpected:
|
63
|
+
fprintf(stderr, "%s failed.\nExpected: ", name);
|
75
64
|
hexdump(expected, expected_len);
|
76
65
|
fprintf(stderr, "\nCalculated: ");
|
77
66
|
hexdump(actual, expected_len);
|
@@ -87,6 +76,28 @@ static int set_bignum(BIGNUM **out, const uint8_t *in, size_t len) {
|
|
87
76
|
return *out != NULL;
|
88
77
|
}
|
89
78
|
|
79
|
+
static int serialize_ecdsa_sig(uint8_t *out, size_t out_len,
|
80
|
+
const ECDSA_SIG *sig) {
|
81
|
+
if ((out_len & 1) || //
|
82
|
+
!BN_bn2bin_padded(out, out_len / 2, sig->r) ||
|
83
|
+
!BN_bn2bin_padded(out + out_len / 2, out_len / 2, sig->s)) {
|
84
|
+
return 0;
|
85
|
+
}
|
86
|
+
return 1;
|
87
|
+
}
|
88
|
+
|
89
|
+
static ECDSA_SIG *parse_ecdsa_sig(const uint8_t *in, size_t in_len) {
|
90
|
+
ECDSA_SIG *ret = ECDSA_SIG_new();
|
91
|
+
if (!ret || //
|
92
|
+
(in_len & 1) ||
|
93
|
+
BN_bin2bn(in, in_len/2, ret->r) == NULL ||
|
94
|
+
BN_bin2bn(in + in_len/2, in_len/2, ret->s) == NULL) {
|
95
|
+
ECDSA_SIG_free(ret);
|
96
|
+
ret = NULL;
|
97
|
+
}
|
98
|
+
return ret;
|
99
|
+
}
|
100
|
+
|
90
101
|
static RSA *self_test_rsa_key(void) {
|
91
102
|
static const uint8_t kN[] = {
|
92
103
|
0xd3, 0x3a, 0x62, 0x9f, 0x07, 0x77, 0xb0, 0x18, 0xf3, 0xff, 0xfe, 0xcc,
|
@@ -289,195 +300,188 @@ err:
|
|
289
300
|
return NULL;
|
290
301
|
}
|
291
302
|
|
292
|
-
#if defined(OPENSSL_ANDROID)
|
293
|
-
#define MODULE_DIGEST_SIZE SHA256_DIGEST_LENGTH
|
294
|
-
#else
|
295
|
-
#define MODULE_DIGEST_SIZE SHA512_DIGEST_LENGTH
|
296
|
-
#endif
|
297
303
|
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
if (module_hash_len != MODULE_DIGEST_SIZE) {
|
304
|
-
fprintf(stderr,
|
305
|
-
"module hash of length %zu does not match expected length %d\n",
|
306
|
-
module_hash_len, MODULE_DIGEST_SIZE);
|
307
|
-
BORINGSSL_FIPS_abort();
|
308
|
-
}
|
309
|
-
|
310
|
-
// Test whether the flag file exists.
|
311
|
-
memcpy(flag_path, kFlagPrefix, sizeof(kFlagPrefix) - 1);
|
312
|
-
static const char kHexTable[17] = "0123456789abcdef";
|
313
|
-
for (size_t i = 0; i < MODULE_DIGEST_SIZE; i++) {
|
314
|
-
flag_path[sizeof(kFlagPrefix) - 1 + 2 * i] =
|
315
|
-
kHexTable[module_hash[i] >> 4];
|
316
|
-
flag_path[sizeof(kFlagPrefix) - 1 + 2 * i + 1] =
|
317
|
-
kHexTable[module_hash[i] & 15];
|
318
|
-
}
|
319
|
-
flag_path[sizeof(flag_path) - 1] = 0;
|
320
|
-
|
321
|
-
if (access(flag_path, F_OK) == 0) {
|
322
|
-
// Flag file found. Skip self-tests.
|
323
|
-
return 1;
|
324
|
-
}
|
325
|
-
}
|
326
|
-
#endif // BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
|
304
|
+
// Lazy self-tests
|
305
|
+
//
|
306
|
+
// Self tests that are slow are deferred until the corresponding algorithm is
|
307
|
+
// actually exercised, in FIPS mode. (In non-FIPS mode these tests are only run
|
308
|
+
// when requested by |BORINGSSL_self_test|.)
|
327
309
|
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
0xa4, 0xbc, 0xb2, 0xae, 0xbe, 0x93, 0xd1, 0xb7, 0xfe, 0x65, 0xc1, 0x82,
|
348
|
-
0x2a, 0xb6, 0x71, 0x5f, 0x1a, 0x7c, 0xe0, 0x1b, 0x2b, 0xe2, 0x53, 0xfa,
|
349
|
-
0xa0, 0x47, 0xfa, 0xd7, 0x8f, 0xb1, 0x4a, 0xc4, 0xdc, 0x89, 0xf9, 0xb4,
|
350
|
-
0x14, 0x4d, 0xde, 0x95, 0xea, 0x29, 0x69, 0x76, 0x81, 0xa3, 0x5c, 0x33,
|
351
|
-
0xd8, 0x37, 0xd8, 0xfa, 0x47, 0x19, 0x46, 0x2f, 0xf1, 0x90, 0xb7, 0x61,
|
352
|
-
0x8f, 0x6f, 0xdd, 0x31, 0x3f, 0x6a, 0x64,
|
353
|
-
#if !defined(BORINGSSL_FIPS_BREAK_AES_GCM)
|
354
|
-
0x0d
|
355
|
-
#else
|
356
|
-
0x00
|
357
|
-
#endif
|
310
|
+
static int boringssl_self_test_rsa(void) {
|
311
|
+
int ret = 0;
|
312
|
+
uint8_t output[256];
|
313
|
+
|
314
|
+
RSA *const rsa_key = self_test_rsa_key();
|
315
|
+
if (rsa_key == NULL) {
|
316
|
+
fprintf(stderr, "RSA key construction failed\n");
|
317
|
+
goto err;
|
318
|
+
}
|
319
|
+
// Disable blinding for the power-on tests because it's not needed and
|
320
|
+
// triggers an entropy draw.
|
321
|
+
rsa_key->flags |= RSA_FLAG_NO_BLINDING;
|
322
|
+
|
323
|
+
// RSA Sign KAT
|
324
|
+
|
325
|
+
static const uint8_t kRSASignDigest[32] = {
|
326
|
+
0xd2, 0xb5, 0x6e, 0x53, 0x30, 0x6f, 0x72, 0x0d, 0x79, 0x29, 0xd8,
|
327
|
+
0x70, 0x8b, 0xf4, 0x6f, 0x1c, 0x22, 0x30, 0x03, 0x05, 0x58, 0x2b,
|
328
|
+
0x11, 0x5b, 0xed, 0xca, 0xc7, 0x22, 0xd8, 0xaa, 0x5a, 0xb2,
|
358
329
|
};
|
359
|
-
static const
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
364
|
-
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
374
|
-
|
330
|
+
static const uint8_t kRSASignSignature[256] = {
|
331
|
+
0x64, 0xce, 0xdd, 0x91, 0x27, 0xb0, 0x4f, 0xb9, 0x14, 0xea, 0xc0, 0xb4,
|
332
|
+
0xa2, 0x06, 0xc5, 0xd8, 0x40, 0x0f, 0x6c, 0x54, 0xac, 0xf7, 0x02, 0xde,
|
333
|
+
0x26, 0xbb, 0xfd, 0x33, 0xe5, 0x2f, 0x4d, 0xb1, 0x53, 0xc4, 0xff, 0xd0,
|
334
|
+
0x5f, 0xea, 0x15, 0x89, 0x83, 0x4c, 0xe3, 0x80, 0x0b, 0xe9, 0x13, 0x82,
|
335
|
+
0x1d, 0x71, 0x92, 0x1a, 0x03, 0x60, 0x2c, 0xaf, 0xe2, 0x16, 0xc7, 0x43,
|
336
|
+
0x3f, 0xde, 0x6b, 0x94, 0xfd, 0x6e, 0x08, 0x7b, 0x11, 0xf1, 0x34, 0x52,
|
337
|
+
0xe5, 0xc0, 0x97, 0x66, 0x4a, 0xe0, 0x91, 0x45, 0xc8, 0xb1, 0x3d, 0x6a,
|
338
|
+
0x54, 0xc1, 0x32, 0x0f, 0x32, 0xad, 0x25, 0x11, 0x3e, 0x49, 0xad, 0x41,
|
339
|
+
0xce, 0x7b, 0xca, 0x95, 0x6b, 0x54, 0x5e, 0x86, 0x1b, 0xce, 0xfa, 0x2a,
|
340
|
+
0x60, 0xe8, 0xfa, 0xbb, 0x23, 0xb2, 0x41, 0xbc, 0x7c, 0x98, 0xec, 0x73,
|
341
|
+
0x20, 0xed, 0xb3, 0xcf, 0xab, 0x07, 0x24, 0x85, 0x6a, 0x2a, 0x61, 0x76,
|
342
|
+
0x28, 0xf8, 0x00, 0x80, 0xeb, 0xd9, 0x3a, 0x63, 0xe2, 0x01, 0xb1, 0xee,
|
343
|
+
0x6d, 0xe9, 0x73, 0xe9, 0xb6, 0x75, 0x2e, 0xf9, 0x81, 0xd9, 0xa8, 0x79,
|
344
|
+
0xf6, 0x8f, 0xe3, 0x02, 0x7d, 0xf6, 0xea, 0xdc, 0x35, 0xe4, 0x62, 0x0d,
|
345
|
+
0x91, 0xba, 0x3e, 0x7d, 0x8b, 0x82, 0xbf, 0x15, 0x74, 0x6a, 0x4e, 0x29,
|
346
|
+
0xf8, 0x9b, 0x2c, 0x94, 0x8d, 0xa7, 0x00, 0x4d, 0x7b, 0xbf, 0x35, 0x07,
|
347
|
+
0xeb, 0xdd, 0x10, 0xef, 0xd5, 0x2f, 0xe6, 0x98, 0x4b, 0x7e, 0x24, 0x80,
|
348
|
+
0xe2, 0x01, 0xf2, 0x66, 0xb7, 0xd3, 0x93, 0xfe, 0x2a, 0xb3, 0x74, 0xed,
|
349
|
+
0xec, 0x4b, 0xb1, 0x5f, 0x5f, 0xee, 0x85, 0x44, 0xa7, 0x26, 0xdf, 0xc1,
|
350
|
+
0x2e, 0x7a, 0xf3, 0xa5, 0x8f, 0xf8, 0x64, 0xda, 0x65, 0xad, 0x91, 0xe2,
|
351
|
+
0x90, 0x94, 0x20, 0x16, 0xb8, 0x61, 0xa5, 0x0a, 0x7d, 0xb4, 0xbf, 0xc0,
|
352
|
+
0x10, 0xaf, 0x72, 0x67,
|
375
353
|
};
|
376
|
-
|
377
|
-
|
378
|
-
|
379
|
-
|
380
|
-
|
381
|
-
|
382
|
-
|
383
|
-
|
354
|
+
|
355
|
+
unsigned sig_len;
|
356
|
+
if (!rsa_sign_no_self_test(NID_sha256, kRSASignDigest, sizeof(kRSASignDigest),
|
357
|
+
output, &sig_len, rsa_key) ||
|
358
|
+
!check_test(kRSASignSignature, output, sizeof(kRSASignSignature),
|
359
|
+
"RSA-sign KAT")) {
|
360
|
+
fprintf(stderr, "RSA signing test failed.\n");
|
361
|
+
goto err;
|
362
|
+
}
|
363
|
+
|
364
|
+
// RSA Verify KAT
|
365
|
+
|
366
|
+
static const uint8_t kRSAVerifyDigest[32] = {
|
367
|
+
0x09, 0x65, 0x2f, 0xd8, 0xed, 0x9d, 0xc2, 0x6d, 0xbc, 0xbf, 0xf2,
|
368
|
+
0xa7, 0xa5, 0xed, 0xe1, 0x37, 0x13, 0x78, 0x21, 0x36, 0xcf, 0x8d,
|
369
|
+
0x22, 0x3d, 0xab, 0x93, 0xb4, 0x12, 0xa8, 0xb5, 0x15, 0x53,
|
384
370
|
};
|
385
|
-
static const uint8_t
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
371
|
+
static const uint8_t kRSAVerifySignature[256] = {
|
372
|
+
0xab, 0xe2, 0xcb, 0xc1, 0x3d, 0x6b, 0xd3, 0x9d, 0x48, 0xdb, 0x53, 0x34,
|
373
|
+
0xdd, 0xbf, 0x8d, 0x07, 0x0a, 0x93, 0xbd, 0xcb, 0x10, 0x4e, 0x2c, 0xc5,
|
374
|
+
0xd0, 0xee, 0x48, 0x6e, 0xe2, 0x95, 0xf6, 0xb3, 0x1b, 0xda, 0x12, 0x6c,
|
375
|
+
0x41, 0x89, 0x0b, 0x98, 0xb7, 0x3e, 0x70, 0xe6, 0xb6, 0x5d, 0x82, 0xf9,
|
376
|
+
0x5c, 0x66, 0x31, 0x21, 0x75, 0x5a, 0x90, 0x74, 0x4c, 0x8d, 0x1c, 0x21,
|
377
|
+
0x14, 0x8a, 0x19, 0x60, 0xbe, 0x0e, 0xca, 0x44, 0x6e, 0x9f, 0xf4, 0x97,
|
378
|
+
0xf1, 0x34, 0x5c, 0x53, 0x7e, 0xf8, 0x11, 0x9b, 0x9a, 0x43, 0x98, 0xe9,
|
379
|
+
0x5c, 0x5c, 0x6d, 0xe2, 0xb1, 0xc9, 0x55, 0x90, 0x5c, 0x52, 0x99, 0xd8,
|
380
|
+
0xce, 0x7a, 0x3b, 0x6a, 0xb7, 0x63, 0x80, 0xd9, 0xba, 0xbd, 0xd1, 0x5f,
|
381
|
+
0x61, 0x02, 0x37, 0xe1, 0xf3, 0xf2, 0xaa, 0x1c, 0x1f, 0x1e, 0x77, 0x0b,
|
382
|
+
0x62, 0xfb, 0xb5, 0x96, 0x38, 0x1b, 0x2e, 0xbd, 0xd7, 0x7e, 0xce, 0xf9,
|
383
|
+
0xc9, 0x0d, 0x4c, 0x92, 0xf7, 0xb6, 0xb0, 0x5f, 0xed, 0x29, 0x36, 0x28,
|
384
|
+
0x5f, 0xa9, 0x48, 0x26, 0xe6, 0x20, 0x55, 0x32, 0x2a, 0x33, 0xb6, 0xf0,
|
385
|
+
0x4c, 0x74, 0xce, 0x69, 0xe5, 0xd8, 0xd7, 0x37, 0xfb, 0x83, 0x8b, 0x79,
|
386
|
+
0xd2, 0xd4, 0x8e, 0x3d, 0xaf, 0x71, 0x38, 0x75, 0x31, 0x88, 0x25, 0x31,
|
387
|
+
0xa9, 0x5a, 0xc9, 0x64, 0xd0, 0x2e, 0xa4, 0x13, 0xbf, 0x85, 0x95, 0x29,
|
388
|
+
0x82, 0xbb, 0xc0, 0x89, 0x52, 0x7d, 0xaf, 0xf5, 0xb8, 0x45, 0xc9, 0xa0,
|
389
|
+
0xf4, 0xd1, 0x4e, 0xf1, 0x95, 0x6d, 0x9c, 0x3a, 0xca, 0xe8, 0x82, 0xd1,
|
390
|
+
0x2d, 0xa6, 0x6d, 0xa0, 0xf3, 0x57, 0x94, 0xf5, 0xee, 0x32, 0x23, 0x23,
|
391
|
+
0x33, 0x51, 0x7d, 0xb9, 0x31, 0x52, 0x32, 0xa1, 0x83, 0xb9, 0x91, 0x65,
|
392
|
+
0x4d, 0xbe, 0xa4, 0x16, 0x15, 0x34, 0x5c, 0x88, 0x53, 0x25, 0x92, 0x67,
|
393
|
+
0x44, 0xa5, 0x39, 0x15,
|
394
394
|
};
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
|
395
|
+
if (!rsa_verify_no_self_test(NID_sha256, kRSAVerifyDigest,
|
396
|
+
sizeof(kRSAVerifyDigest), kRSAVerifySignature,
|
397
|
+
sizeof(kRSAVerifySignature), rsa_key)) {
|
398
|
+
fprintf(stderr, "RSA-verify KAT failed.\n");
|
399
|
+
goto err;
|
400
|
+
}
|
401
|
+
|
402
|
+
ret = 1;
|
403
|
+
|
404
|
+
err:
|
405
|
+
RSA_free(rsa_key);
|
406
|
+
|
407
|
+
return ret;
|
408
|
+
}
|
409
|
+
|
410
|
+
static int boringssl_self_test_ecc(void) {
|
411
|
+
int ret = 0;
|
412
|
+
EC_KEY *ec_key = NULL;
|
413
|
+
EC_GROUP *ec_group = NULL;
|
414
|
+
EC_POINT *ec_point_in = NULL;
|
415
|
+
EC_POINT *ec_point_out = NULL;
|
416
|
+
BIGNUM *ec_scalar = NULL;
|
417
|
+
ECDSA_SIG *sig = NULL;
|
418
|
+
|
419
|
+
ec_key = self_test_ecdsa_key();
|
420
|
+
if (ec_key == NULL) {
|
421
|
+
fprintf(stderr, "ECDSA KeyGen failed\n");
|
422
|
+
goto err;
|
423
|
+
}
|
424
|
+
|
425
|
+
// ECDSA Sign/Verify KAT
|
426
|
+
|
427
|
+
static const uint8_t kECDSASignDigest[32] = {
|
428
|
+
0x1e, 0x35, 0x93, 0x0b, 0xe8, 0x60, 0xd0, 0x94, 0x2c, 0xa7, 0xbb,
|
429
|
+
0xd6, 0xf6, 0xde, 0xd8, 0x7f, 0x15, 0x7e, 0x4d, 0xe2, 0x4f, 0x81,
|
430
|
+
0xed, 0x4b, 0x87, 0x5c, 0x0e, 0x01, 0x8e, 0x89, 0xa8, 0x1f,
|
407
431
|
};
|
408
|
-
static const uint8_t
|
409
|
-
|
410
|
-
|
411
|
-
|
412
|
-
|
413
|
-
|
414
|
-
|
415
|
-
0x77, 0x7f, 0x2e, 0x80, 0xcf, 0x9d, 0x2e, 0xfc, 0xe2, 0x50, 0x75, 0x29,
|
416
|
-
0x46, 0xf4, 0xaf, 0x91, 0xed, 0x36, 0xe1, 0x5e, 0xef, 0x66, 0xa1, 0xff,
|
417
|
-
0x27, 0xfc, 0x87, 0x7e, 0x60, 0x84, 0x0f, 0x54, 0x51, 0x56, 0x0f, 0x68,
|
418
|
-
0x99, 0xc0, 0x3f, 0xeb, 0xa5, 0xa0, 0x46, 0xb0, 0x86, 0x02, 0xb0, 0xc8,
|
419
|
-
0xe8, 0x46, 0x13, 0x06, 0xcd, 0xb7, 0x8a, 0xd0, 0x3b, 0x46, 0xd0, 0x14,
|
420
|
-
0x64, 0x53, 0x9b, 0x5b, 0x5e, 0x02, 0x45, 0xba, 0x6e, 0x7e, 0x0a, 0xb9,
|
421
|
-
0x9e, 0x62, 0xb7, 0xd5, 0x7a, 0x87, 0xea, 0xd3, 0x24, 0xa5, 0xef, 0xb3,
|
422
|
-
0xdc, 0x05, 0x9c, 0x04, 0x60, 0x4b, 0xde, 0xa8, 0x90, 0x08, 0x7b, 0x6a,
|
423
|
-
0x5f, 0xb4, 0x3f, 0xda, 0xc5, 0x1f, 0x6e, 0xd6, 0x15, 0xde, 0x65, 0xa4,
|
424
|
-
0x6e, 0x62, 0x9d, 0x8f, 0xa8, 0xbe, 0x86, 0xf6, 0x09, 0x90, 0x40, 0xa5,
|
425
|
-
0xf4, 0x23, 0xc5, 0xf6, 0x38, 0x86, 0x0d, 0x1c, 0xed, 0x4a, 0x0a, 0xae,
|
426
|
-
0xa4, 0x26, 0xc2, 0x2e, 0xd3, 0x13, 0x66, 0x61, 0xea, 0x35, 0x01, 0x0e,
|
427
|
-
0x13, 0xda, 0x78, 0x20, 0xae, 0x59, 0x5f, 0x9b, 0xa9, 0x6c, 0xf9, 0x1b,
|
428
|
-
0xdf, 0x76, 0x53, 0xc8, 0xa7, 0xf5, 0x63, 0x6d, 0xf3, 0xff, 0xfd, 0xaf,
|
429
|
-
0x75, 0x4b, 0xac, 0x67, 0xb1, 0x3c, 0xbf, 0x5e, 0xde, 0x73, 0x02, 0x6d,
|
430
|
-
0xd2, 0x0c, 0xb1,
|
431
|
-
#if !defined(BORINGSSL_FIPS_BREAK_RSA_SIG)
|
432
|
-
0x64
|
433
|
-
#else
|
434
|
-
0x00
|
435
|
-
#endif
|
432
|
+
static const uint8_t kECDSASignSig[64] = {
|
433
|
+
0x67, 0x80, 0xc5, 0xfc, 0x70, 0x27, 0x5e, 0x2c, 0x70, 0x61, 0xa0,
|
434
|
+
0xe7, 0x87, 0x7b, 0xb1, 0x74, 0xde, 0xad, 0xeb, 0x98, 0x87, 0x02,
|
435
|
+
0x7f, 0x3f, 0xa8, 0x36, 0x54, 0x15, 0x8b, 0xa7, 0xf5, 0x0c, 0x68,
|
436
|
+
0x04, 0x73, 0x40, 0x94, 0xb2, 0xd1, 0x90, 0xac, 0x2d, 0x0c, 0xd7,
|
437
|
+
0xa5, 0x7f, 0x2f, 0x2e, 0xb2, 0x62, 0xb0, 0x09, 0x16, 0xe1, 0xa6,
|
438
|
+
0x70, 0xb5, 0xbb, 0x0d, 0xfd, 0x8e, 0x0c, 0x02, 0x3f,
|
436
439
|
};
|
437
|
-
|
438
|
-
|
439
|
-
|
440
|
-
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
|
440
|
+
|
441
|
+
// The 'k' value for ECDSA is fixed to avoid an entropy draw.
|
442
|
+
uint8_t ecdsa_k[32] = {0};
|
443
|
+
ecdsa_k[31] = 42;
|
444
|
+
|
445
|
+
sig = ecdsa_sign_with_nonce_for_known_answer_test(
|
446
|
+
kECDSASignDigest, sizeof(kECDSASignDigest), ec_key, ecdsa_k,
|
447
|
+
sizeof(ecdsa_k));
|
448
|
+
|
449
|
+
uint8_t ecdsa_sign_output[64];
|
450
|
+
if (sig == NULL ||
|
451
|
+
!serialize_ecdsa_sig(ecdsa_sign_output, sizeof(ecdsa_sign_output), sig) ||
|
452
|
+
!check_test(kECDSASignSig, ecdsa_sign_output, sizeof(ecdsa_sign_output),
|
453
|
+
"ECDSA-sign signature")) {
|
454
|
+
fprintf(stderr, "ECDSA-sign KAT failed.\n");
|
455
|
+
goto err;
|
456
|
+
}
|
457
|
+
|
458
|
+
static const uint8_t kECDSAVerifyDigest[32] = {
|
459
|
+
0x78, 0x7c, 0x50, 0x5c, 0x60, 0xc9, 0xe4, 0x13, 0x6c, 0xe4, 0x48,
|
460
|
+
0xba, 0x93, 0xff, 0x71, 0xfa, 0x9c, 0x18, 0xf4, 0x17, 0x09, 0x4f,
|
461
|
+
0xdf, 0x5a, 0xe2, 0x75, 0xc0, 0xcc, 0xd2, 0x67, 0x97, 0xad,
|
453
462
|
};
|
454
|
-
const uint8_t
|
455
|
-
"BCM Known Answer Test DBRG Reseed Entropy ";
|
456
|
-
const uint8_t kDRBGReseedOutput[64] = {
|
457
|
-
0xa4, 0x77, 0x05, 0xdb, 0x14, 0x11, 0x76, 0x71, 0x42, 0x5b, 0xd8,
|
458
|
-
0xd7, 0xa5, 0x4f, 0x8b, 0x39, 0xf2, 0x10, 0x4a, 0x50, 0x5b, 0xa2,
|
459
|
-
0xc8, 0xf0, 0xbb, 0x3e, 0xa1, 0xa5, 0x90, 0x7d, 0x54, 0xd9, 0xc6,
|
460
|
-
0xb0, 0x96, 0xc0, 0x2b, 0x7e, 0x9b, 0xc9, 0xa1, 0xdd, 0x78, 0x2e,
|
461
|
-
0xd5, 0xa8, 0x66, 0x16, 0xbd, 0x18, 0x3c, 0xf2, 0xaa, 0x7a, 0x2b,
|
462
|
-
0x37, 0xf9, 0xab, 0x35, 0x64, 0x15, 0x01, 0x3f, 0xc4,
|
463
|
-
};
|
464
|
-
const uint8_t kECDSASigR[32] = {
|
463
|
+
static const uint8_t kECDSAVerifySig[64] = {
|
465
464
|
0x67, 0x80, 0xc5, 0xfc, 0x70, 0x27, 0x5e, 0x2c, 0x70, 0x61, 0xa0,
|
466
465
|
0xe7, 0x87, 0x7b, 0xb1, 0x74, 0xde, 0xad, 0xeb, 0x98, 0x87, 0x02,
|
467
|
-
0x7f, 0x3f, 0xa8, 0x36, 0x54, 0x15, 0x8b, 0xa7, 0xf5,
|
468
|
-
|
469
|
-
|
470
|
-
|
471
|
-
0x00,
|
472
|
-
#endif
|
473
|
-
};
|
474
|
-
const uint8_t kECDSASigS[32] = {
|
475
|
-
0xa5, 0x93, 0xe0, 0x23, 0x91, 0xe7, 0x4b, 0x8d, 0x77, 0x25, 0xa6,
|
476
|
-
0xba, 0x4d, 0xd9, 0x86, 0x77, 0xda, 0x7d, 0x8f, 0xef, 0xc4, 0x1a,
|
477
|
-
0xf0, 0xcc, 0x81, 0xe5, 0xea, 0x3f, 0xc2, 0x41, 0x7f, 0xd8,
|
466
|
+
0x7f, 0x3f, 0xa8, 0x36, 0x54, 0x15, 0x8b, 0xa7, 0xf5, 0x0c, 0x2d,
|
467
|
+
0x36, 0xe5, 0x79, 0x97, 0x90, 0xbf, 0xbe, 0x21, 0x83, 0xd3, 0x3e,
|
468
|
+
0x96, 0xf3, 0xc5, 0x1f, 0x6a, 0x23, 0x2f, 0x2a, 0x24, 0x48, 0x8c,
|
469
|
+
0x8e, 0x5f, 0x64, 0xc3, 0x7e, 0xa2, 0xcf, 0x05, 0x29,
|
478
470
|
};
|
471
|
+
|
472
|
+
ECDSA_SIG_free(sig);
|
473
|
+
sig = parse_ecdsa_sig(kECDSAVerifySig, sizeof(kECDSAVerifySig));
|
474
|
+
if (!sig ||
|
475
|
+
!ecdsa_do_verify_no_self_test(kECDSAVerifyDigest,
|
476
|
+
sizeof(kECDSAVerifyDigest), sig, ec_key)) {
|
477
|
+
fprintf(stderr, "ECDSA-verify KAT failed.\n");
|
478
|
+
goto err;
|
479
|
+
}
|
480
|
+
|
481
|
+
// Primitive Z Computation KAT (IG 9.6).
|
482
|
+
|
479
483
|
// kP256Point is SHA256("Primitive Z Computation KAT")×G within P-256.
|
480
|
-
const uint8_t kP256Point[65] = {
|
484
|
+
static const uint8_t kP256Point[65] = {
|
481
485
|
0x04, 0x4e, 0xc1, 0x94, 0x8c, 0x5c, 0xf4, 0x37, 0x35, 0x0d, 0xa3,
|
482
486
|
0xf9, 0x55, 0xf9, 0x8b, 0x26, 0x23, 0x5c, 0x43, 0xe0, 0x83, 0x51,
|
483
487
|
0x2b, 0x0d, 0x4b, 0x56, 0x24, 0xc3, 0xe4, 0xa5, 0xa8, 0xe2, 0xe9,
|
@@ -486,50 +490,64 @@ int boringssl_fips_self_test(
|
|
486
490
|
0x79, 0x93, 0x7c, 0x0b, 0x92, 0x2b, 0x7f, 0x17, 0xa5, 0x80,
|
487
491
|
};
|
488
492
|
// kP256Scalar is SHA256("Primitive Z Computation KAT scalar").
|
489
|
-
const uint8_t kP256Scalar[32] = {
|
493
|
+
static const uint8_t kP256Scalar[32] = {
|
490
494
|
0xe7, 0x60, 0x44, 0x91, 0x26, 0x9a, 0xfb, 0x5b, 0x10, 0x2d, 0x6e,
|
491
495
|
0xa5, 0x2c, 0xb5, 0x9f, 0xeb, 0x70, 0xae, 0xde, 0x6c, 0xe3, 0xbf,
|
492
496
|
0xb3, 0xe0, 0x10, 0x54, 0x85, 0xab, 0xd8, 0x61, 0xd7, 0x7b,
|
493
497
|
};
|
494
498
|
// kP256PointResult is |kP256Scalar|×|kP256Point|.
|
495
|
-
const uint8_t kP256PointResult[65] = {
|
499
|
+
static const uint8_t kP256PointResult[65] = {
|
496
500
|
0x04, 0xf1, 0x63, 0x00, 0x88, 0xc5, 0xd5, 0xe9, 0x05, 0x52, 0xac,
|
497
501
|
0xb6, 0xec, 0x68, 0x76, 0xb8, 0x73, 0x7f, 0x0f, 0x72, 0x34, 0xe6,
|
498
502
|
0xbb, 0x30, 0x32, 0x22, 0x37, 0xb6, 0x2a, 0x80, 0xe8, 0x9e, 0x6e,
|
499
503
|
0x6f, 0x36, 0x02, 0xe7, 0x21, 0xd2, 0x31, 0xdb, 0x94, 0x63, 0xb7,
|
500
504
|
0xd8, 0x19, 0x0e, 0xc2, 0xc0, 0xa7, 0x2f, 0x15, 0x49, 0x1a, 0xa2,
|
501
|
-
0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a,
|
502
|
-
#if !defined(BORINGSSL_FIPS_BREAK_Z_COMPUTATION)
|
503
|
-
0x0c,
|
504
|
-
#else
|
505
|
-
0x00,
|
506
|
-
#endif
|
507
|
-
};
|
508
|
-
const uint8_t kTLSOutput[32] = {
|
509
|
-
0x67, 0x85, 0xde, 0x60, 0xfc, 0x0a, 0x83, 0xe9, 0xa2, 0x2a, 0xb3,
|
510
|
-
0xf0, 0x27, 0x0c, 0xba, 0xf7, 0xfa, 0x82, 0x3d, 0x14, 0x77, 0x1d,
|
511
|
-
0x86, 0x29, 0x79, 0x39, 0x77, 0x8a, 0xd5, 0x0e, 0x9d,
|
512
|
-
#if !defined(BORINGSSL_FIPS_BREAK_TLS_KDF)
|
513
|
-
0x32,
|
514
|
-
#else
|
515
|
-
0x00,
|
516
|
-
#endif
|
517
|
-
};
|
518
|
-
const uint8_t kTLSSecret[32] = {
|
519
|
-
0xbf, 0xe4, 0xb7, 0xe0, 0x26, 0x55, 0x5f, 0x6a, 0xdf, 0x5d, 0x27,
|
520
|
-
0xd6, 0x89, 0x99, 0x2a, 0xd6, 0xf7, 0x65, 0x66, 0x07, 0x4b, 0x55,
|
521
|
-
0x5f, 0x64, 0x55, 0xcd, 0xd5, 0x77, 0xa4, 0xc7, 0x09, 0x61,
|
522
|
-
};
|
523
|
-
const char kTLSLabel[] = "FIPS self test";
|
524
|
-
const uint8_t kTLSSeed1[16] = {
|
525
|
-
0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
|
526
|
-
0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65,
|
527
|
-
};
|
528
|
-
const uint8_t kTLSSeed2[16] = {
|
529
|
-
0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
|
530
|
-
0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
|
505
|
+
0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a, 0x0c,
|
531
506
|
};
|
532
507
|
|
508
|
+
ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
|
509
|
+
if (ec_group == NULL) {
|
510
|
+
fprintf(stderr, "Failed to create P-256 group.\n");
|
511
|
+
goto err;
|
512
|
+
}
|
513
|
+
ec_point_in = EC_POINT_new(ec_group);
|
514
|
+
ec_point_out = EC_POINT_new(ec_group);
|
515
|
+
ec_scalar = BN_new();
|
516
|
+
uint8_t z_comp_result[65];
|
517
|
+
if (ec_point_in == NULL || ec_point_out == NULL || ec_scalar == NULL ||
|
518
|
+
!EC_POINT_oct2point(ec_group, ec_point_in, kP256Point, sizeof(kP256Point),
|
519
|
+
NULL) ||
|
520
|
+
!BN_bin2bn(kP256Scalar, sizeof(kP256Scalar), ec_scalar) ||
|
521
|
+
!ec_point_mul_no_self_test(ec_group, ec_point_out, NULL, ec_point_in,
|
522
|
+
ec_scalar, NULL) ||
|
523
|
+
!EC_POINT_point2oct(ec_group, ec_point_out, POINT_CONVERSION_UNCOMPRESSED,
|
524
|
+
z_comp_result, sizeof(z_comp_result), NULL) ||
|
525
|
+
!check_test(kP256PointResult, z_comp_result, sizeof(z_comp_result),
|
526
|
+
"Z Computation Result")) {
|
527
|
+
fprintf(stderr, "Z-computation KAT failed.\n");
|
528
|
+
goto err;
|
529
|
+
}
|
530
|
+
|
531
|
+
ret = 1;
|
532
|
+
|
533
|
+
err:
|
534
|
+
EC_KEY_free(ec_key);
|
535
|
+
EC_POINT_free(ec_point_in);
|
536
|
+
EC_POINT_free(ec_point_out);
|
537
|
+
EC_GROUP_free(ec_group);
|
538
|
+
BN_free(ec_scalar);
|
539
|
+
ECDSA_SIG_free(sig);
|
540
|
+
|
541
|
+
return ret;
|
542
|
+
}
|
543
|
+
|
544
|
+
static int boringssl_self_test_ffdh(void) {
|
545
|
+
int ret = 0;
|
546
|
+
DH *dh = NULL;
|
547
|
+
BIGNUM *ffdhe2048_value = NULL;
|
548
|
+
|
549
|
+
// FFC Diffie-Hellman KAT
|
550
|
+
|
533
551
|
// kFFDHE2048PublicValueData is an arbitrary public value, mod
|
534
552
|
// kFFDHE2048Data. (The private key happens to be 4096.)
|
535
553
|
static const BN_ULONG kFFDHE2048PublicValueData[] = {
|
@@ -550,8 +568,7 @@ int boringssl_fips_self_test(
|
|
550
568
|
TOBN(0xbae7b0b3, 0x6e362dc0), TOBN(0xa57c73bd, 0xdc70fb82),
|
551
569
|
TOBN(0xfaff50d2, 0x9d573457), TOBN(0x352bd399, 0xbe84058e),
|
552
570
|
};
|
553
|
-
|
554
|
-
const uint8_t kDHOutput[2048 / 8] = {
|
571
|
+
static const uint8_t kDHOutput[2048 / 8] = {
|
555
572
|
0x2a, 0xe6, 0xd3, 0xa6, 0x13, 0x58, 0x8e, 0xce, 0x53, 0xaa, 0xf6, 0x5d,
|
556
573
|
0x9a, 0xae, 0x02, 0x12, 0xf5, 0x80, 0x3d, 0x06, 0x09, 0x76, 0xac, 0x57,
|
557
574
|
0x37, 0x9e, 0xab, 0x38, 0x62, 0x25, 0x05, 0x1d, 0xf3, 0xa9, 0x39, 0x60,
|
@@ -573,23 +590,150 @@ int boringssl_fips_self_test(
|
|
573
590
|
0x06, 0x80, 0x2a, 0x4e, 0x5a, 0xf0, 0x1e, 0xaa, 0xcb, 0xab, 0x06, 0x0e,
|
574
591
|
0x27, 0x0f, 0xd9, 0x88, 0xd9, 0x01, 0xe3, 0x07, 0xeb, 0xdf, 0xc3, 0x12,
|
575
592
|
0xe3, 0x40, 0x88, 0x7b, 0x5f, 0x59, 0x78, 0x6e, 0x26, 0x20, 0xc3, 0xdf,
|
576
|
-
0xc8, 0xe4, 0x5e,
|
577
|
-
|
578
|
-
|
579
|
-
|
580
|
-
|
581
|
-
|
593
|
+
0xc8, 0xe4, 0x5e, 0xb8,
|
594
|
+
};
|
595
|
+
|
596
|
+
ffdhe2048_value = BN_new();
|
597
|
+
if (ffdhe2048_value) {
|
598
|
+
bn_set_static_words(ffdhe2048_value, kFFDHE2048PublicValueData,
|
599
|
+
OPENSSL_ARRAY_SIZE(kFFDHE2048PublicValueData));
|
600
|
+
}
|
601
|
+
|
602
|
+
dh = self_test_dh();
|
603
|
+
uint8_t dh_out[sizeof(kDHOutput)];
|
604
|
+
if (dh == NULL || ffdhe2048_value == NULL || sizeof(dh_out) != DH_size(dh) ||
|
605
|
+
dh_compute_key_padded_no_self_test(dh_out, ffdhe2048_value, dh) !=
|
606
|
+
sizeof(dh_out) ||
|
607
|
+
!check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH")) {
|
608
|
+
fprintf(stderr, "FFDH failed.\n");
|
609
|
+
goto err;
|
610
|
+
}
|
611
|
+
|
612
|
+
ret = 1;
|
613
|
+
|
614
|
+
err:
|
615
|
+
DH_free(dh);
|
616
|
+
BN_free(ffdhe2048_value);
|
617
|
+
|
618
|
+
return ret;
|
619
|
+
}
|
620
|
+
|
621
|
+
#if defined(BORINGSSL_FIPS)
|
622
|
+
|
623
|
+
static void run_self_test_rsa(void) {
|
624
|
+
FIPS_service_indicator_lock_state();
|
625
|
+
if (!boringssl_self_test_rsa()) {
|
626
|
+
BORINGSSL_FIPS_abort();
|
627
|
+
}
|
628
|
+
FIPS_service_indicator_unlock_state();
|
629
|
+
}
|
630
|
+
|
631
|
+
DEFINE_STATIC_ONCE(g_self_test_once_rsa);
|
632
|
+
|
633
|
+
void boringssl_ensure_rsa_self_test(void) {
|
634
|
+
CRYPTO_once(g_self_test_once_rsa_bss_get(), run_self_test_rsa);
|
635
|
+
}
|
636
|
+
|
637
|
+
static void run_self_test_ecc(void) {
|
638
|
+
FIPS_service_indicator_lock_state();
|
639
|
+
if (!boringssl_self_test_ecc()) {
|
640
|
+
BORINGSSL_FIPS_abort();
|
641
|
+
}
|
642
|
+
FIPS_service_indicator_unlock_state();
|
643
|
+
}
|
644
|
+
|
645
|
+
DEFINE_STATIC_ONCE(g_self_test_once_ecc);
|
646
|
+
|
647
|
+
void boringssl_ensure_ecc_self_test(void) {
|
648
|
+
CRYPTO_once(g_self_test_once_ecc_bss_get(), run_self_test_ecc);
|
649
|
+
}
|
650
|
+
|
651
|
+
static void run_self_test_ffdh(void) {
|
652
|
+
FIPS_service_indicator_lock_state();
|
653
|
+
if (!boringssl_self_test_ffdh()) {
|
654
|
+
BORINGSSL_FIPS_abort();
|
655
|
+
}
|
656
|
+
FIPS_service_indicator_unlock_state();
|
657
|
+
}
|
658
|
+
|
659
|
+
DEFINE_STATIC_ONCE(g_self_test_once_ffdh);
|
660
|
+
|
661
|
+
void boringssl_ensure_ffdh_self_test(void) {
|
662
|
+
CRYPTO_once(g_self_test_once_ffdh_bss_get(), run_self_test_ffdh);
|
663
|
+
}
|
664
|
+
|
665
|
+
#endif // BORINGSSL_FIPS
|
666
|
+
|
667
|
+
|
668
|
+
// Startup self tests.
|
669
|
+
//
|
670
|
+
// These tests are run at process start when in FIPS mode.
|
671
|
+
|
672
|
+
int boringssl_self_test_sha256(void) {
|
673
|
+
static const uint8_t kInput[16] = {
|
674
|
+
0xff, 0x3b, 0x85, 0x7d, 0xa7, 0x23, 0x6a, 0x2b,
|
675
|
+
0xaa, 0x0f, 0x39, 0x6b, 0x51, 0x52, 0x22, 0x17,
|
676
|
+
};
|
677
|
+
static const uint8_t kPlaintextSHA256[32] = {
|
678
|
+
0x7f, 0xe4, 0xd5, 0xf1, 0xa1, 0xe3, 0x82, 0x87, 0xd9, 0x58, 0xf5,
|
679
|
+
0x11, 0xc7, 0x1d, 0x5e, 0x27, 0x5e, 0xcc, 0xd2, 0x66, 0xcf, 0xb9,
|
680
|
+
0xc8, 0xc6, 0x60, 0xd8, 0x92, 0x1e, 0x57, 0xfd, 0x46, 0x75,
|
681
|
+
};
|
682
|
+
uint8_t output[SHA256_DIGEST_LENGTH];
|
683
|
+
|
684
|
+
// SHA-256 KAT
|
685
|
+
SHA256(kInput, sizeof(kInput), output);
|
686
|
+
return check_test(kPlaintextSHA256, output, sizeof(kPlaintextSHA256),
|
687
|
+
"SHA-256 KAT");
|
688
|
+
}
|
689
|
+
|
690
|
+
int boringssl_self_test_sha512(void) {
|
691
|
+
static const uint8_t kInput[16] = {
|
692
|
+
0x21, 0x25, 0x12, 0xf8, 0xd2, 0xad, 0x83, 0x22,
|
693
|
+
0x78, 0x1c, 0x6c, 0x4d, 0x69, 0xa9, 0xda, 0xa1,
|
694
|
+
};
|
695
|
+
static const uint8_t kPlaintextSHA512[64] = {
|
696
|
+
0x29, 0x3c, 0x94, 0x35, 0x4e, 0x98, 0x83, 0xe5, 0xc2, 0x78, 0x36,
|
697
|
+
0x7a, 0xe5, 0x18, 0x90, 0xbf, 0x35, 0x41, 0x01, 0x64, 0x19, 0x8d,
|
698
|
+
0x26, 0xeb, 0xe1, 0xf8, 0x2f, 0x04, 0x8e, 0xfa, 0x8b, 0x2b, 0xc6,
|
699
|
+
0xb2, 0x9d, 0x5d, 0x46, 0x76, 0x5a, 0xc8, 0xb5, 0x25, 0xa3, 0xea,
|
700
|
+
0x52, 0x84, 0x47, 0x6d, 0x6d, 0xf4, 0xc9, 0x71, 0xf3, 0x3d, 0x89,
|
701
|
+
0x4c, 0x3b, 0x20, 0x8c, 0x5b, 0x75, 0xe8, 0xf8, 0x7c,
|
702
|
+
};
|
703
|
+
uint8_t output[SHA512_DIGEST_LENGTH];
|
704
|
+
|
705
|
+
// SHA-512 KAT
|
706
|
+
SHA512(kInput, sizeof(kInput), output);
|
707
|
+
return check_test(kPlaintextSHA512, output, sizeof(kPlaintextSHA512),
|
708
|
+
"SHA-512 KAT");
|
709
|
+
}
|
710
|
+
|
711
|
+
int boringssl_self_test_hmac_sha256(void) {
|
712
|
+
static const uint8_t kInput[16] = {
|
713
|
+
0xda, 0xd9, 0x12, 0x93, 0xdf, 0xcf, 0x2a, 0x7c,
|
714
|
+
0x8e, 0xcd, 0x13, 0xfe, 0x35, 0x3f, 0xa7, 0x5b,
|
582
715
|
};
|
716
|
+
static const uint8_t kPlaintextHMACSHA256[32] = {
|
717
|
+
0x36, 0x5f, 0x5b, 0xd5, 0xf5, 0xeb, 0xfd, 0xc7, 0x6e, 0x53, 0xa5,
|
718
|
+
0x73, 0x6d, 0x73, 0x20, 0x13, 0xaa, 0xd3, 0xbc, 0x86, 0x4b, 0xb8,
|
719
|
+
0x84, 0x94, 0x16, 0x46, 0x88, 0x9c, 0x48, 0xee, 0xa9, 0x0e,
|
720
|
+
};
|
721
|
+
uint8_t output[EVP_MAX_MD_SIZE];
|
722
|
+
|
723
|
+
unsigned output_len;
|
724
|
+
HMAC(EVP_sha256(), kInput, sizeof(kInput), kInput, sizeof(kInput), output,
|
725
|
+
&output_len);
|
726
|
+
return output_len == sizeof(kPlaintextHMACSHA256) &&
|
727
|
+
check_test(kPlaintextHMACSHA256, output, sizeof(kPlaintextHMACSHA256),
|
728
|
+
"HMAC-SHA-256 KAT");
|
729
|
+
}
|
730
|
+
|
731
|
+
static int boringssl_self_test_fast(void) {
|
732
|
+
static const uint8_t kAESKey[16] = "BoringCrypto Key";
|
733
|
+
static const uint8_t kAESIV[16] = {0};
|
583
734
|
|
584
735
|
EVP_AEAD_CTX aead_ctx;
|
585
736
|
EVP_AEAD_CTX_zero(&aead_ctx);
|
586
|
-
RSA *rsa_key = NULL;
|
587
|
-
EC_KEY *ec_key = NULL;
|
588
|
-
EC_GROUP *ec_group = NULL;
|
589
|
-
EC_POINT *ec_point_in = NULL;
|
590
|
-
EC_POINT *ec_point_out = NULL;
|
591
|
-
BIGNUM *ec_scalar = NULL;
|
592
|
-
ECDSA_SIG *sig = NULL;
|
593
737
|
int ret = 0;
|
594
738
|
|
595
739
|
AES_KEY aes_key;
|
@@ -597,28 +741,48 @@ int boringssl_fips_self_test(
|
|
597
741
|
uint8_t output[256];
|
598
742
|
|
599
743
|
// AES-CBC Encryption KAT
|
744
|
+
static const uint8_t kAESCBCEncPlaintext[32] = {
|
745
|
+
0x07, 0x86, 0x09, 0xa6, 0xc5, 0xac, 0x25, 0x44, 0x69, 0x9a, 0xdf,
|
746
|
+
0x68, 0x2f, 0xa3, 0x77, 0xf9, 0xbe, 0x8a, 0xb6, 0xae, 0xf5, 0x63,
|
747
|
+
0xe8, 0xc5, 0x6a, 0x36, 0xb8, 0x4f, 0x55, 0x7f, 0xad, 0xd3,
|
748
|
+
};
|
749
|
+
static const uint8_t kAESCBCEncCiphertext[sizeof(kAESCBCEncPlaintext)] = {
|
750
|
+
0x56, 0x46, 0xc1, 0x41, 0xf4, 0x13, 0xd6, 0xff, 0x62, 0x92, 0x41,
|
751
|
+
0x7a, 0x26, 0xc6, 0x86, 0xbd, 0x30, 0x5f, 0xb6, 0x57, 0xa7, 0xd2,
|
752
|
+
0x50, 0x3a, 0xc5, 0x5e, 0x8e, 0x93, 0x40, 0xf2, 0x10, 0xd8,
|
753
|
+
};
|
600
754
|
memcpy(aes_iv, kAESIV, sizeof(kAESIV));
|
601
755
|
if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
|
602
756
|
fprintf(stderr, "AES_set_encrypt_key failed.\n");
|
603
757
|
goto err;
|
604
758
|
}
|
605
|
-
AES_cbc_encrypt(
|
606
|
-
AES_ENCRYPT);
|
607
|
-
if (!check_test(
|
608
|
-
"AES-CBC
|
759
|
+
AES_cbc_encrypt(kAESCBCEncPlaintext, output, sizeof(kAESCBCEncPlaintext),
|
760
|
+
&aes_key, aes_iv, AES_ENCRYPT);
|
761
|
+
if (!check_test(kAESCBCEncCiphertext, output, sizeof(kAESCBCEncCiphertext),
|
762
|
+
"AES-CBC-encrypt KAT")) {
|
609
763
|
goto err;
|
610
764
|
}
|
611
765
|
|
612
766
|
// AES-CBC Decryption KAT
|
767
|
+
static const uint8_t kAESCBCDecCiphertext[32] = {
|
768
|
+
0x34, 0x7a, 0xa5, 0xa0, 0x24, 0xb2, 0x82, 0x57, 0xb3, 0x65, 0x10,
|
769
|
+
0xbe, 0x58, 0x3d, 0x4f, 0x47, 0xad, 0xb7, 0xbb, 0xee, 0xdc, 0x60,
|
770
|
+
0x05, 0xbb, 0xbd, 0x0d, 0x0a, 0x9f, 0x06, 0xbb, 0x7b, 0x10,
|
771
|
+
};
|
772
|
+
static const uint8_t kAESCBCDecPlaintext[sizeof(kAESCBCDecCiphertext)] = {
|
773
|
+
0x51, 0xa7, 0xa0, 0x1f, 0x6b, 0x79, 0x6c, 0xcd, 0x48, 0x03, 0xa1,
|
774
|
+
0x41, 0xdc, 0x56, 0xa6, 0xc2, 0x16, 0xb5, 0xd1, 0xd3, 0xb7, 0x06,
|
775
|
+
0xb2, 0x25, 0x6f, 0xa6, 0xd0, 0xd2, 0x0e, 0x6f, 0x19, 0xb5,
|
776
|
+
};
|
613
777
|
memcpy(aes_iv, kAESIV, sizeof(kAESIV));
|
614
778
|
if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
|
615
779
|
fprintf(stderr, "AES_set_decrypt_key failed.\n");
|
616
780
|
goto err;
|
617
781
|
}
|
618
|
-
AES_cbc_encrypt(
|
782
|
+
AES_cbc_encrypt(kAESCBCDecCiphertext, output, sizeof(kAESCBCDecCiphertext),
|
619
783
|
&aes_key, aes_iv, AES_DECRYPT);
|
620
|
-
if (!check_test(
|
621
|
-
"AES-CBC
|
784
|
+
if (!check_test(kAESCBCDecPlaintext, output, sizeof(kAESCBCDecPlaintext),
|
785
|
+
"AES-CBC-decrypt KAT")) {
|
622
786
|
goto err;
|
623
787
|
}
|
624
788
|
|
@@ -632,194 +796,115 @@ int boringssl_fips_self_test(
|
|
632
796
|
}
|
633
797
|
|
634
798
|
// AES-GCM Encryption KAT
|
799
|
+
static const uint8_t kAESGCMEncPlaintext[32] = {
|
800
|
+
0x8f, 0xcc, 0x40, 0x99, 0x80, 0x8e, 0x75, 0xca, 0xaf, 0xf5, 0x82,
|
801
|
+
0x89, 0x88, 0x48, 0xa8, 0x8d, 0x80, 0x8b, 0x55, 0xab, 0x4e, 0x93,
|
802
|
+
0x70, 0x79, 0x7d, 0x94, 0x0b, 0xe8, 0xcc, 0x1d, 0x78, 0x84,
|
803
|
+
};
|
804
|
+
static const uint8_t kAESGCMCiphertext[sizeof(kAESGCMEncPlaintext) + 16] = {
|
805
|
+
0x87, 0x7b, 0xd5, 0x8d, 0x96, 0x3e, 0x4b, 0xe6, 0x64, 0x94, 0x40, 0x2f,
|
806
|
+
0x61, 0x9b, 0x7e, 0x56, 0x52, 0x7d, 0xa4, 0x5a, 0xf9, 0xa6, 0xe2, 0xdb,
|
807
|
+
0x1c, 0x63, 0x2e, 0x97, 0x93, 0x0f, 0xfb, 0xed, 0xb5, 0x9e, 0x1c, 0x20,
|
808
|
+
0xb2, 0xb0, 0x58, 0xda, 0x48, 0x07, 0x2d, 0xbd, 0x96, 0x0d, 0x34, 0xc6,
|
809
|
+
};
|
635
810
|
if (!EVP_AEAD_CTX_seal(&aead_ctx, output, &out_len, sizeof(output), nonce,
|
636
811
|
EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
|
637
|
-
|
812
|
+
kAESGCMEncPlaintext, sizeof(kAESGCMEncPlaintext), NULL,
|
813
|
+
0) ||
|
638
814
|
!check_test(kAESGCMCiphertext, output, sizeof(kAESGCMCiphertext),
|
639
|
-
"AES-GCM
|
815
|
+
"AES-GCM-encrypt KAT")) {
|
640
816
|
fprintf(stderr, "EVP_AEAD_CTX_seal for AES-128-GCM failed.\n");
|
641
817
|
goto err;
|
642
818
|
}
|
643
819
|
|
644
820
|
// AES-GCM Decryption KAT
|
821
|
+
static const uint8_t kAESGCMDecCiphertext[48] = {
|
822
|
+
0x35, 0xf3, 0x05, 0x8f, 0x87, 0x57, 0x60, 0xff, 0x09, 0xd3, 0x12, 0x0f,
|
823
|
+
0x70, 0xc4, 0xbc, 0x9e, 0xd7, 0xa8, 0x68, 0x72, 0xe1, 0x34, 0x52, 0x20,
|
824
|
+
0x21, 0x76, 0xf7, 0x37, 0x1a, 0xe0, 0x4f, 0xaa, 0xe1, 0xdd, 0x39, 0x19,
|
825
|
+
0x20, 0xf5, 0xd1, 0x39, 0x53, 0xd8, 0x96, 0x78, 0x59, 0x94, 0x82, 0x3c,
|
826
|
+
};
|
827
|
+
static const uint8_t kAESGCMDecPlaintext[sizeof(kAESGCMDecCiphertext) - 16] =
|
828
|
+
{
|
829
|
+
0x3d, 0x44, 0x90, 0x9b, 0x91, 0xe7, 0x5e, 0xd3, 0xc2, 0xb2, 0xd0,
|
830
|
+
0xa9, 0x99, 0x17, 0x6a, 0x45, 0x05, 0x5e, 0x99, 0x83, 0x56, 0x01,
|
831
|
+
0xc0, 0x82, 0x40, 0x81, 0xd2, 0x48, 0x45, 0xf2, 0xcc, 0xc3,
|
832
|
+
};
|
645
833
|
if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
|
646
834
|
EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
|
647
|
-
|
648
|
-
0) ||
|
649
|
-
!check_test(
|
650
|
-
"AES-GCM
|
651
|
-
fprintf(stderr,
|
652
|
-
|
653
|
-
}
|
654
|
-
|
655
|
-
DES_key_schedule des1, des2, des3;
|
656
|
-
DES_cblock des_iv;
|
657
|
-
DES_set_key(&kDESKey1, &des1);
|
658
|
-
DES_set_key(&kDESKey2, &des2);
|
659
|
-
DES_set_key(&kDESKey3, &des3);
|
660
|
-
|
661
|
-
// 3DES Encryption KAT
|
662
|
-
memcpy(&des_iv, &kDESIV, sizeof(des_iv));
|
663
|
-
DES_ede3_cbc_encrypt(kPlaintext, output, sizeof(kPlaintext), &des1, &des2,
|
664
|
-
&des3, &des_iv, DES_ENCRYPT);
|
665
|
-
if (!check_test(kDESCiphertext, output, sizeof(kDESCiphertext),
|
666
|
-
"3DES Encryption KAT")) {
|
667
|
-
goto err;
|
668
|
-
}
|
669
|
-
|
670
|
-
// 3DES Decryption KAT
|
671
|
-
memcpy(&des_iv, &kDESIV, sizeof(des_iv));
|
672
|
-
DES_ede3_cbc_encrypt(kDESCiphertext, output, sizeof(kDESCiphertext), &des1,
|
673
|
-
&des2, &des3, &des_iv, DES_DECRYPT);
|
674
|
-
if (!check_test(kPlaintext, output, sizeof(kPlaintext),
|
675
|
-
"3DES Decryption KAT")) {
|
835
|
+
kAESGCMDecCiphertext, sizeof(kAESGCMDecCiphertext),
|
836
|
+
NULL, 0) ||
|
837
|
+
!check_test(kAESGCMDecPlaintext, output, sizeof(kAESGCMDecPlaintext),
|
838
|
+
"AES-GCM-decrypt KAT")) {
|
839
|
+
fprintf(stderr,
|
840
|
+
"AES-GCM-decrypt KAT failed because EVP_AEAD_CTX_open failed.\n");
|
676
841
|
goto err;
|
677
842
|
}
|
678
843
|
|
679
844
|
// SHA-1 KAT
|
680
|
-
|
681
|
-
|
845
|
+
static const uint8_t kSHA1Input[16] = {
|
846
|
+
0x13, 0x2f, 0xd9, 0xba, 0xd5, 0xc1, 0x82, 0x62,
|
847
|
+
0x63, 0xba, 0xfb, 0xb6, 0x99, 0xf7, 0x07, 0xa5,
|
848
|
+
};
|
849
|
+
static const uint8_t kSHA1Digest[20] = {
|
850
|
+
0x94, 0x19, 0x55, 0x93, 0x0a, 0x58, 0x29, 0x38, 0xeb, 0xf5,
|
851
|
+
0x09, 0x11, 0x6d, 0x1a, 0xfd, 0x0f, 0x1e, 0x11, 0xe3, 0xcb,
|
852
|
+
};
|
853
|
+
SHA1(kSHA1Input, sizeof(kSHA1Input), output);
|
854
|
+
if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest),
|
682
855
|
"SHA-1 KAT")) {
|
683
856
|
goto err;
|
684
857
|
}
|
685
858
|
|
686
|
-
|
687
|
-
|
688
|
-
|
689
|
-
"SHA-256 KAT")) {
|
690
|
-
goto err;
|
691
|
-
}
|
692
|
-
|
693
|
-
// SHA-512 KAT
|
694
|
-
SHA512(kPlaintext, sizeof(kPlaintext), output);
|
695
|
-
if (!check_test(kPlaintextSHA512, output, sizeof(kPlaintextSHA512),
|
696
|
-
"SHA-512 KAT")) {
|
697
|
-
goto err;
|
698
|
-
}
|
699
|
-
|
700
|
-
rsa_key = self_test_rsa_key();
|
701
|
-
if (rsa_key == NULL) {
|
702
|
-
fprintf(stderr, "RSA KeyGen failed\n");
|
703
|
-
goto err;
|
704
|
-
}
|
705
|
-
|
706
|
-
// RSA Sign KAT
|
707
|
-
unsigned sig_len;
|
708
|
-
|
709
|
-
// Disable blinding for the power-on tests because it's not needed and
|
710
|
-
// triggers an entropy draw.
|
711
|
-
rsa_key->flags |= RSA_FLAG_NO_BLINDING;
|
712
|
-
|
713
|
-
if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output,
|
714
|
-
&sig_len, rsa_key) ||
|
715
|
-
!check_test(kRSASignature, output, sizeof(kRSASignature),
|
716
|
-
"RSA Sign KAT")) {
|
717
|
-
fprintf(stderr, "RSA signing test failed.\n");
|
718
|
-
goto err;
|
719
|
-
}
|
720
|
-
|
721
|
-
// RSA Verify KAT
|
722
|
-
if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256),
|
723
|
-
kRSASignature, sizeof(kRSASignature), rsa_key)) {
|
724
|
-
fprintf(stderr, "RSA Verify KAT failed.\n");
|
725
|
-
goto err;
|
726
|
-
}
|
727
|
-
|
728
|
-
ec_key = self_test_ecdsa_key();
|
729
|
-
if (ec_key == NULL) {
|
730
|
-
fprintf(stderr, "ECDSA KeyGen failed\n");
|
731
|
-
goto err;
|
732
|
-
}
|
733
|
-
|
734
|
-
// ECDSA Sign/Verify KAT
|
735
|
-
|
736
|
-
// The 'k' value for ECDSA is fixed to avoid an entropy draw.
|
737
|
-
uint8_t ecdsa_k[32] = {0};
|
738
|
-
ecdsa_k[31] = 42;
|
739
|
-
|
740
|
-
sig = ecdsa_sign_with_nonce_for_known_answer_test(
|
741
|
-
kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key, ecdsa_k,
|
742
|
-
sizeof(ecdsa_k));
|
743
|
-
|
744
|
-
uint8_t ecdsa_r_bytes[sizeof(kECDSASigR)];
|
745
|
-
uint8_t ecdsa_s_bytes[sizeof(kECDSASigS)];
|
746
|
-
if (sig == NULL ||
|
747
|
-
BN_num_bytes(sig->r) != sizeof(ecdsa_r_bytes) ||
|
748
|
-
!BN_bn2bin(sig->r, ecdsa_r_bytes) ||
|
749
|
-
BN_num_bytes(sig->s) != sizeof(ecdsa_s_bytes) ||
|
750
|
-
!BN_bn2bin(sig->s, ecdsa_s_bytes) ||
|
751
|
-
!check_test(kECDSASigR, ecdsa_r_bytes, sizeof(kECDSASigR), "ECDSA R") ||
|
752
|
-
!check_test(kECDSASigS, ecdsa_s_bytes, sizeof(kECDSASigS), "ECDSA S")) {
|
753
|
-
fprintf(stderr, "ECDSA signature KAT failed.\n");
|
754
|
-
goto err;
|
755
|
-
}
|
756
|
-
|
757
|
-
if (!ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
|
758
|
-
ec_key)) {
|
759
|
-
fprintf(stderr, "ECDSA verification KAT failed.\n");
|
760
|
-
goto err;
|
761
|
-
}
|
762
|
-
|
763
|
-
// Primitive Z Computation KAT (IG 9.6).
|
764
|
-
ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
|
765
|
-
if (ec_group == NULL) {
|
766
|
-
fprintf(stderr, "Failed to create P-256 group.\n");
|
767
|
-
goto err;
|
768
|
-
}
|
769
|
-
ec_point_in = EC_POINT_new(ec_group);
|
770
|
-
ec_point_out = EC_POINT_new(ec_group);
|
771
|
-
ec_scalar = BN_new();
|
772
|
-
uint8_t z_comp_result[65];
|
773
|
-
if (ec_point_in == NULL || ec_point_out == NULL || ec_scalar == NULL ||
|
774
|
-
!EC_POINT_oct2point(ec_group, ec_point_in, kP256Point, sizeof(kP256Point),
|
775
|
-
NULL) ||
|
776
|
-
!BN_bin2bn(kP256Scalar, sizeof(kP256Scalar), ec_scalar) ||
|
777
|
-
!EC_POINT_mul(ec_group, ec_point_out, NULL, ec_point_in, ec_scalar,
|
778
|
-
NULL) ||
|
779
|
-
!EC_POINT_point2oct(ec_group, ec_point_out, POINT_CONVERSION_UNCOMPRESSED,
|
780
|
-
z_comp_result, sizeof(z_comp_result), NULL) ||
|
781
|
-
!check_test(kP256PointResult, z_comp_result, sizeof(z_comp_result),
|
782
|
-
"Z Computation Result")) {
|
783
|
-
fprintf(stderr, "Z Computation KAT failed.\n");
|
784
|
-
goto err;
|
785
|
-
}
|
786
|
-
|
787
|
-
// FFC Diffie-Hellman KAT
|
788
|
-
|
789
|
-
BIGNUM *const ffdhe2048_value = BN_new();
|
790
|
-
DH *const dh = self_test_dh();
|
791
|
-
int dh_ok = 0;
|
792
|
-
if (ffdhe2048_value && dh) {
|
793
|
-
bn_set_static_words(ffdhe2048_value, kFFDHE2048PublicValueData,
|
794
|
-
OPENSSL_ARRAY_SIZE(kFFDHE2048PublicValueData));
|
795
|
-
|
796
|
-
uint8_t dh_out[sizeof(kDHOutput)];
|
797
|
-
dh_ok =
|
798
|
-
sizeof(dh_out) == DH_size(dh) &&
|
799
|
-
DH_compute_key_padded(dh_out, ffdhe2048_value, dh) == sizeof(dh_out) &&
|
800
|
-
check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH");
|
801
|
-
}
|
802
|
-
|
803
|
-
BN_free(ffdhe2048_value);
|
804
|
-
DH_free(dh);
|
805
|
-
if (!dh_ok) {
|
806
|
-
fprintf(stderr, "FFDH failed.\n");
|
859
|
+
if (!boringssl_self_test_sha256() ||
|
860
|
+
!boringssl_self_test_sha512() ||
|
861
|
+
!boringssl_self_test_hmac_sha256()) {
|
807
862
|
goto err;
|
808
863
|
}
|
809
864
|
|
810
865
|
// DBRG KAT
|
866
|
+
static const uint8_t kDRBGEntropy[48] = {
|
867
|
+
0xc4, 0xda, 0x07, 0x40, 0xd5, 0x05, 0xf1, 0xee, 0x28, 0x0b, 0x95, 0xe5,
|
868
|
+
0x8c, 0x49, 0x31, 0xac, 0x6d, 0xe8, 0x46, 0xa0, 0x15, 0x2f, 0xbb, 0x4a,
|
869
|
+
0x3f, 0x17, 0x4c, 0xf4, 0x78, 0x7a, 0x4f, 0x1a, 0x40, 0xc2, 0xb5, 0x0b,
|
870
|
+
0xab, 0xe1, 0x4a, 0xae, 0x53, 0x0b, 0xe5, 0x88, 0x6d, 0x91, 0x0a, 0x27,
|
871
|
+
};
|
872
|
+
static const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
|
873
|
+
static const uint8_t kDRBGAD[16] = "BCM DRBG KAT AD ";
|
874
|
+
static const uint8_t kDRBGOutput[64] = {
|
875
|
+
0x19, 0x1f, 0x2b, 0x49, 0x76, 0x85, 0xfd, 0x51, 0xb6, 0x56, 0xbc,
|
876
|
+
0x1c, 0x7d, 0xd5, 0xdd, 0x44, 0x76, 0xa3, 0x5e, 0x17, 0x9b, 0x8e,
|
877
|
+
0xb8, 0x98, 0x65, 0x12, 0xca, 0x35, 0x6c, 0xa0, 0x6f, 0xa0, 0x22,
|
878
|
+
0xe4, 0xf6, 0xd8, 0x43, 0xed, 0x4e, 0x2d, 0x97, 0x39, 0x43, 0x3b,
|
879
|
+
0x57, 0xfc, 0x23, 0x3f, 0x71, 0x0a, 0xe0, 0xed, 0xfe, 0xd5, 0xb8,
|
880
|
+
0x67, 0x7a, 0x00, 0x39, 0xb2, 0x6e, 0xa9, 0x25, 0x97,
|
881
|
+
};
|
882
|
+
static const uint8_t kDRBGEntropy2[48] = {
|
883
|
+
0xc7, 0x16, 0x1c, 0xa3, 0x6c, 0x23, 0x09, 0xb7, 0x16, 0xe9, 0x85, 0x9b,
|
884
|
+
0xb9, 0x6c, 0x6d, 0x49, 0xbd, 0xc8, 0x35, 0x21, 0x03, 0xa1, 0x8c, 0xd2,
|
885
|
+
0x4e, 0xf4, 0x2e, 0xc9, 0x7e, 0xf4, 0x6b, 0xf4, 0x46, 0xeb, 0x1a, 0x45,
|
886
|
+
0x76, 0xc1, 0x86, 0xe9, 0x35, 0x18, 0x03, 0x76, 0x3a, 0x79, 0x12, 0xfe,
|
887
|
+
};
|
888
|
+
static const uint8_t kDRBGReseedOutput[64] = {
|
889
|
+
0x00, 0xf2, 0x05, 0xaa, 0xfd, 0x11, 0x6c, 0x77, 0xbc, 0x81, 0x86,
|
890
|
+
0x99, 0xca, 0x51, 0xcf, 0x80, 0x15, 0x9f, 0x02, 0x9e, 0x0b, 0xcd,
|
891
|
+
0x26, 0xc8, 0x4b, 0x87, 0x8a, 0x15, 0x1a, 0xdd, 0xf2, 0xf3, 0xeb,
|
892
|
+
0x94, 0x0b, 0x08, 0xc8, 0xc9, 0x57, 0xa4, 0x0b, 0x4b, 0x0f, 0x13,
|
893
|
+
0xde, 0x7c, 0x0c, 0x6a, 0xac, 0x34, 0x4a, 0x9a, 0xf2, 0xd0, 0x83,
|
894
|
+
0x02, 0x05, 0x17, 0xc9, 0x81, 0x8f, 0x2a, 0x81, 0x92,
|
895
|
+
};
|
811
896
|
CTR_DRBG_STATE drbg;
|
812
897
|
if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
|
813
898
|
sizeof(kDRBGPersonalization)) ||
|
814
899
|
!CTR_DRBG_generate(&drbg, output, sizeof(kDRBGOutput), kDRBGAD,
|
815
900
|
sizeof(kDRBGAD)) ||
|
816
901
|
!check_test(kDRBGOutput, output, sizeof(kDRBGOutput),
|
817
|
-
"
|
902
|
+
"DRBG Generate KAT") ||
|
818
903
|
!CTR_DRBG_reseed(&drbg, kDRBGEntropy2, kDRBGAD, sizeof(kDRBGAD)) ||
|
819
904
|
!CTR_DRBG_generate(&drbg, output, sizeof(kDRBGReseedOutput), kDRBGAD,
|
820
905
|
sizeof(kDRBGAD)) ||
|
821
906
|
!check_test(kDRBGReseedOutput, output, sizeof(kDRBGReseedOutput),
|
822
|
-
"DRBG
|
907
|
+
"DRBG-reseed KAT")) {
|
823
908
|
fprintf(stderr, "CTR-DRBG failed.\n");
|
824
909
|
goto err;
|
825
910
|
}
|
@@ -832,43 +917,59 @@ int boringssl_fips_self_test(
|
|
832
917
|
}
|
833
918
|
|
834
919
|
// TLS KDF KAT
|
920
|
+
static const uint8_t kTLSSecret[32] = {
|
921
|
+
0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82,
|
922
|
+
0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e,
|
923
|
+
0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31,
|
924
|
+
};
|
925
|
+
static const char kTLSLabel[] = "FIPS self test";
|
926
|
+
static const uint8_t kTLSSeed1[16] = {
|
927
|
+
0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
|
928
|
+
0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65,
|
929
|
+
};
|
930
|
+
static const uint8_t kTLSSeed2[16] = {
|
931
|
+
0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
|
932
|
+
0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
|
933
|
+
};
|
934
|
+
static const uint8_t kTLSOutput[32] = {
|
935
|
+
0xe2, 0x1d, 0xd6, 0xc2, 0x68, 0xc7, 0x57, 0x03, 0x2c, 0x2c, 0xeb,
|
936
|
+
0xbb, 0xb8, 0xa9, 0x7d, 0xe9, 0xee, 0xe6, 0xc9, 0x47, 0x83, 0x0a,
|
937
|
+
0xbd, 0x11, 0x60, 0x5d, 0xd5, 0x2c, 0x47, 0xb6, 0x05, 0x88,
|
938
|
+
};
|
835
939
|
uint8_t tls_output[sizeof(kTLSOutput)];
|
836
940
|
if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret,
|
837
941
|
sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel),
|
838
942
|
kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2,
|
839
943
|
sizeof(kTLSSeed2)) ||
|
840
|
-
!check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS
|
944
|
+
!check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT")) {
|
841
945
|
fprintf(stderr, "TLS KDF failed.\n");
|
842
946
|
goto err;
|
843
947
|
}
|
844
948
|
|
845
949
|
ret = 1;
|
846
950
|
|
847
|
-
#if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)
|
848
|
-
// Tests were successful. Write flag file if requested.
|
849
|
-
if (module_hash_len != 0 && getenv(kFlagWriteEnableEnvVar) != NULL) {
|
850
|
-
const int fd = open(flag_path, O_WRONLY | O_CREAT | O_TRUNC, 0644);
|
851
|
-
if (fd >= 0) {
|
852
|
-
close(fd);
|
853
|
-
}
|
854
|
-
}
|
855
|
-
#endif // BORINGSSL_FIPS_SELF_TEST_FLAG_FILE
|
856
|
-
|
857
951
|
err:
|
858
952
|
EVP_AEAD_CTX_cleanup(&aead_ctx);
|
859
|
-
RSA_free(rsa_key);
|
860
|
-
EC_KEY_free(ec_key);
|
861
|
-
EC_POINT_free(ec_point_in);
|
862
|
-
EC_POINT_free(ec_point_out);
|
863
|
-
EC_GROUP_free(ec_group);
|
864
|
-
BN_free(ec_scalar);
|
865
|
-
ECDSA_SIG_free(sig);
|
866
953
|
|
867
954
|
return ret;
|
868
955
|
}
|
869
956
|
|
870
957
|
int BORINGSSL_self_test(void) {
|
871
|
-
|
958
|
+
if (!boringssl_self_test_fast() ||
|
959
|
+
// When requested to run self tests, also run the lazy tests.
|
960
|
+
!boringssl_self_test_rsa() ||
|
961
|
+
!boringssl_self_test_ecc() ||
|
962
|
+
!boringssl_self_test_ffdh()) {
|
963
|
+
return 0;
|
964
|
+
}
|
965
|
+
|
966
|
+
return 1;
|
872
967
|
}
|
873
968
|
|
969
|
+
#if defined(BORINGSSL_FIPS)
|
970
|
+
int boringssl_self_test_startup(void) {
|
971
|
+
return boringssl_self_test_fast();
|
972
|
+
}
|
973
|
+
#endif
|
974
|
+
|
874
975
|
#endif // !_MSC_VER
|