grpc 1.55.0 → 1.56.0.pre3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +100 -68
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
- data/src/core/ext/filters/client_channel/client_channel.h +6 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +52 -20
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +32 -39
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +4 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +148 -107
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +50 -14
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -62,9 +62,9 @@
|
|
62
62
|
static const size_t kSizeTWithoutLower4Bits = (size_t) -16;
|
63
63
|
|
64
64
|
|
65
|
-
#define GCM_MUL(ctx, Xi) gcm_gmult_nohw((ctx)->Xi
|
65
|
+
#define GCM_MUL(ctx, Xi) gcm_gmult_nohw((ctx)->Xi, (ctx)->gcm_key.Htable)
|
66
66
|
#define GHASH(ctx, in, len) \
|
67
|
-
gcm_ghash_nohw((ctx)->Xi
|
67
|
+
gcm_ghash_nohw((ctx)->Xi, (ctx)->gcm_key.Htable, in, len)
|
68
68
|
// GHASH_CHUNK is "stride parameter" missioned to mitigate cache
|
69
69
|
// trashing effect. In other words idea is to hash data while it's
|
70
70
|
// still in L1 cache after encryption pass...
|
@@ -126,23 +126,23 @@ void gcm_init_ssse3(u128 Htable[16], const uint64_t H[2]) {
|
|
126
126
|
|
127
127
|
#ifdef GCM_FUNCREF
|
128
128
|
#undef GCM_MUL
|
129
|
-
#define GCM_MUL(ctx, Xi) (*gcm_gmult_p)((ctx)->Xi
|
129
|
+
#define GCM_MUL(ctx, Xi) (*gcm_gmult_p)((ctx)->Xi, (ctx)->gcm_key.Htable)
|
130
130
|
#undef GHASH
|
131
131
|
#define GHASH(ctx, in, len) \
|
132
|
-
(*gcm_ghash_p)((ctx)->Xi
|
132
|
+
(*gcm_ghash_p)((ctx)->Xi, (ctx)->gcm_key.Htable, in, len)
|
133
133
|
#endif // GCM_FUNCREF
|
134
134
|
|
135
135
|
#if defined(HW_GCM) && defined(OPENSSL_X86_64)
|
136
136
|
static size_t hw_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
137
137
|
const AES_KEY *key, uint8_t ivec[16],
|
138
|
-
|
139
|
-
return aesni_gcm_encrypt(in, out, len, key, ivec, Xi);
|
138
|
+
uint8_t Xi[16], const u128 Htable[16]) {
|
139
|
+
return aesni_gcm_encrypt(in, out, len, key, ivec, Htable, Xi);
|
140
140
|
}
|
141
141
|
|
142
142
|
static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
143
143
|
const AES_KEY *key, uint8_t ivec[16],
|
144
|
-
|
145
|
-
return aesni_gcm_decrypt(in, out, len, key, ivec, Xi);
|
144
|
+
uint8_t Xi[16], const u128 Htable[16]) {
|
145
|
+
return aesni_gcm_decrypt(in, out, len, key, ivec, Htable, Xi);
|
146
146
|
}
|
147
147
|
#endif // HW_GCM && X86_64
|
148
148
|
|
@@ -150,38 +150,36 @@ static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
|
150
150
|
|
151
151
|
static size_t hw_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
152
152
|
const AES_KEY *key, uint8_t ivec[16],
|
153
|
-
|
153
|
+
uint8_t Xi[16], const u128 Htable[16]) {
|
154
154
|
const size_t len_blocks = len & kSizeTWithoutLower4Bits;
|
155
155
|
if (!len_blocks) {
|
156
156
|
return 0;
|
157
157
|
}
|
158
|
-
aes_gcm_enc_kernel(in, len_blocks * 8, out, Xi, ivec, key);
|
158
|
+
aes_gcm_enc_kernel(in, len_blocks * 8, out, Xi, ivec, key, Htable);
|
159
159
|
return len_blocks;
|
160
160
|
}
|
161
161
|
|
162
162
|
static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
163
163
|
const AES_KEY *key, uint8_t ivec[16],
|
164
|
-
|
164
|
+
uint8_t Xi[16], const u128 Htable[16]) {
|
165
165
|
const size_t len_blocks = len & kSizeTWithoutLower4Bits;
|
166
166
|
if (!len_blocks) {
|
167
167
|
return 0;
|
168
168
|
}
|
169
|
-
aes_gcm_dec_kernel(in, len_blocks * 8, out, Xi, ivec, key);
|
169
|
+
aes_gcm_dec_kernel(in, len_blocks * 8, out, Xi, ivec, key, Htable);
|
170
170
|
return len_blocks;
|
171
171
|
}
|
172
172
|
|
173
173
|
#endif // HW_GCM && AARCH64
|
174
174
|
|
175
175
|
void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
|
176
|
-
u128
|
176
|
+
u128 out_table[16], int *out_is_avx,
|
177
177
|
const uint8_t gcm_key[16]) {
|
178
178
|
*out_is_avx = 0;
|
179
179
|
|
180
|
-
// H is
|
180
|
+
// H is passed to |gcm_init_*| as a pair of byte-swapped, 64-bit values.
|
181
181
|
uint64_t H[2] = {CRYPTO_load_u64_be(gcm_key),
|
182
182
|
CRYPTO_load_u64_be(gcm_key + 8)};
|
183
|
-
out_key->hi = H[0];
|
184
|
-
out_key->lo = H[1];
|
185
183
|
|
186
184
|
#if defined(GHASH_ASM_X86_64)
|
187
185
|
if (crypto_gcm_clmul_enabled()) {
|
@@ -247,89 +245,88 @@ void CRYPTO_gcm128_init_key(GCM128_KEY *gcm_key, const AES_KEY *aes_key,
|
|
247
245
|
(*block)(ghash_key, ghash_key, aes_key);
|
248
246
|
|
249
247
|
int is_avx;
|
250
|
-
CRYPTO_ghash_init(&gcm_key->gmult, &gcm_key->ghash,
|
251
|
-
|
248
|
+
CRYPTO_ghash_init(&gcm_key->gmult, &gcm_key->ghash, gcm_key->Htable, &is_avx,
|
249
|
+
ghash_key);
|
252
250
|
|
253
251
|
#if defined(OPENSSL_AARCH64) && !defined(OPENSSL_NO_ASM)
|
254
|
-
|
255
|
-
0;
|
252
|
+
gcm_key->use_hw_gcm_crypt = (gcm_pmull_capable() && block_is_hwaes) ? 1 : 0;
|
256
253
|
#else
|
257
|
-
|
254
|
+
gcm_key->use_hw_gcm_crypt = (is_avx && block_is_hwaes) ? 1 : 0;
|
258
255
|
#endif
|
259
256
|
}
|
260
257
|
|
261
258
|
void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
262
259
|
const uint8_t *iv, size_t len) {
|
263
260
|
#ifdef GCM_FUNCREF
|
264
|
-
void (*gcm_gmult_p)(
|
261
|
+
void (*gcm_gmult_p)(uint8_t Xi[16], const u128 Htable[16]) =
|
265
262
|
ctx->gcm_key.gmult;
|
266
263
|
#endif
|
267
264
|
|
268
|
-
ctx->Yi
|
269
|
-
ctx->
|
270
|
-
ctx->
|
271
|
-
ctx->
|
272
|
-
ctx->len.u[0] = 0; // AAD length
|
273
|
-
ctx->len.u[1] = 0; // message length
|
265
|
+
OPENSSL_memset(&ctx->Yi, 0, sizeof(ctx->Yi));
|
266
|
+
OPENSSL_memset(&ctx->Xi, 0, sizeof(ctx->Xi));
|
267
|
+
ctx->len.aad = 0;
|
268
|
+
ctx->len.msg = 0;
|
274
269
|
ctx->ares = 0;
|
275
270
|
ctx->mres = 0;
|
276
271
|
|
277
272
|
uint32_t ctr;
|
278
273
|
if (len == 12) {
|
279
|
-
OPENSSL_memcpy(ctx->Yi
|
280
|
-
ctx->Yi
|
274
|
+
OPENSSL_memcpy(ctx->Yi, iv, 12);
|
275
|
+
ctx->Yi[15] = 1;
|
281
276
|
ctr = 1;
|
282
277
|
} else {
|
283
278
|
uint64_t len0 = len;
|
284
279
|
|
285
280
|
while (len >= 16) {
|
286
|
-
|
287
|
-
ctx->Yi.c[i] ^= iv[i];
|
288
|
-
}
|
281
|
+
CRYPTO_xor16(ctx->Yi, ctx->Yi, iv);
|
289
282
|
GCM_MUL(ctx, Yi);
|
290
283
|
iv += 16;
|
291
284
|
len -= 16;
|
292
285
|
}
|
293
286
|
if (len) {
|
294
287
|
for (size_t i = 0; i < len; ++i) {
|
295
|
-
ctx->Yi
|
288
|
+
ctx->Yi[i] ^= iv[i];
|
296
289
|
}
|
297
290
|
GCM_MUL(ctx, Yi);
|
298
291
|
}
|
299
|
-
|
300
|
-
|
292
|
+
|
293
|
+
uint8_t len_block[16];
|
294
|
+
OPENSSL_memset(len_block, 0, 8);
|
295
|
+
CRYPTO_store_u64_be(len_block + 8, len0 << 3);
|
296
|
+
CRYPTO_xor16(ctx->Yi, ctx->Yi, len_block);
|
301
297
|
|
302
298
|
GCM_MUL(ctx, Yi);
|
303
|
-
ctr =
|
299
|
+
ctr = CRYPTO_load_u32_be(ctx->Yi + 12);
|
304
300
|
}
|
305
301
|
|
306
|
-
(*ctx->gcm_key.block)(ctx->Yi
|
302
|
+
(*ctx->gcm_key.block)(ctx->Yi, ctx->EK0, key);
|
307
303
|
++ctr;
|
308
|
-
ctx->Yi
|
304
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
309
305
|
}
|
310
306
|
|
311
307
|
int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) {
|
312
308
|
#ifdef GCM_FUNCREF
|
313
|
-
void (*gcm_gmult_p)(
|
309
|
+
void (*gcm_gmult_p)(uint8_t Xi[16], const u128 Htable[16]) =
|
314
310
|
ctx->gcm_key.gmult;
|
315
|
-
void (*gcm_ghash_p)(
|
311
|
+
void (*gcm_ghash_p)(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
316
312
|
size_t len) = ctx->gcm_key.ghash;
|
317
313
|
#endif
|
318
314
|
|
319
|
-
if (ctx->len.
|
315
|
+
if (ctx->len.msg != 0) {
|
316
|
+
// The caller must have finished the AAD before providing other input.
|
320
317
|
return 0;
|
321
318
|
}
|
322
319
|
|
323
|
-
uint64_t alen = ctx->len.
|
320
|
+
uint64_t alen = ctx->len.aad + len;
|
324
321
|
if (alen > (UINT64_C(1) << 61) || (sizeof(len) == 8 && alen < len)) {
|
325
322
|
return 0;
|
326
323
|
}
|
327
|
-
ctx->len.
|
324
|
+
ctx->len.aad = alen;
|
328
325
|
|
329
326
|
unsigned n = ctx->ares;
|
330
327
|
if (n) {
|
331
328
|
while (n && len) {
|
332
|
-
ctx->Xi
|
329
|
+
ctx->Xi[n] ^= *(aad++);
|
333
330
|
--len;
|
334
331
|
n = (n + 1) % 16;
|
335
332
|
}
|
@@ -353,7 +350,7 @@ int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len) {
|
|
353
350
|
if (len != 0) {
|
354
351
|
n = (unsigned int)len;
|
355
352
|
for (size_t i = 0; i < len; ++i) {
|
356
|
-
ctx->Xi
|
353
|
+
ctx->Xi[i] ^= aad[i];
|
357
354
|
}
|
358
355
|
}
|
359
356
|
|
@@ -365,18 +362,18 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
365
362
|
const uint8_t *in, uint8_t *out, size_t len) {
|
366
363
|
block128_f block = ctx->gcm_key.block;
|
367
364
|
#ifdef GCM_FUNCREF
|
368
|
-
void (*gcm_gmult_p)(
|
365
|
+
void (*gcm_gmult_p)(uint8_t Xi[16], const u128 Htable[16]) =
|
369
366
|
ctx->gcm_key.gmult;
|
370
|
-
void (*gcm_ghash_p)(
|
367
|
+
void (*gcm_ghash_p)(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
371
368
|
size_t len) = ctx->gcm_key.ghash;
|
372
369
|
#endif
|
373
370
|
|
374
|
-
uint64_t mlen = ctx->len.
|
371
|
+
uint64_t mlen = ctx->len.msg + len;
|
375
372
|
if (mlen > ((UINT64_C(1) << 36) - 32) ||
|
376
373
|
(sizeof(len) == 8 && mlen < len)) {
|
377
374
|
return 0;
|
378
375
|
}
|
379
|
-
ctx->len.
|
376
|
+
ctx->len.msg = mlen;
|
380
377
|
|
381
378
|
if (ctx->ares) {
|
382
379
|
// First call to encrypt finalizes GHASH(AAD)
|
@@ -387,7 +384,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
387
384
|
unsigned n = ctx->mres;
|
388
385
|
if (n) {
|
389
386
|
while (n && len) {
|
390
|
-
ctx->Xi
|
387
|
+
ctx->Xi[n] ^= *(out++) = *(in++) ^ ctx->EKi[n];
|
391
388
|
--len;
|
392
389
|
n = (n + 1) % 16;
|
393
390
|
}
|
@@ -399,19 +396,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
399
396
|
}
|
400
397
|
}
|
401
398
|
|
402
|
-
uint32_t ctr =
|
399
|
+
uint32_t ctr = CRYPTO_load_u32_be(ctx->Yi + 12);
|
403
400
|
while (len >= GHASH_CHUNK) {
|
404
401
|
size_t j = GHASH_CHUNK;
|
405
402
|
|
406
403
|
while (j) {
|
407
|
-
(*block)(ctx->Yi
|
404
|
+
(*block)(ctx->Yi, ctx->EKi, key);
|
408
405
|
++ctr;
|
409
|
-
ctx->Yi
|
410
|
-
|
411
|
-
CRYPTO_store_word_le(out + i,
|
412
|
-
CRYPTO_load_word_le(in + i) ^
|
413
|
-
ctx->EKi.t[i / sizeof(crypto_word_t)]);
|
414
|
-
}
|
406
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
407
|
+
CRYPTO_xor16(out, in, ctx->EKi);
|
415
408
|
out += 16;
|
416
409
|
in += 16;
|
417
410
|
j -= 16;
|
@@ -422,14 +415,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
422
415
|
size_t len_blocks = len & kSizeTWithoutLower4Bits;
|
423
416
|
if (len_blocks != 0) {
|
424
417
|
while (len >= 16) {
|
425
|
-
(*block)(ctx->Yi
|
418
|
+
(*block)(ctx->Yi, ctx->EKi, key);
|
426
419
|
++ctr;
|
427
|
-
ctx->Yi
|
428
|
-
|
429
|
-
CRYPTO_store_word_le(out + i,
|
430
|
-
CRYPTO_load_word_le(in + i) ^
|
431
|
-
ctx->EKi.t[i / sizeof(crypto_word_t)]);
|
432
|
-
}
|
420
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
421
|
+
CRYPTO_xor16(out, in, ctx->EKi);
|
433
422
|
out += 16;
|
434
423
|
in += 16;
|
435
424
|
len -= 16;
|
@@ -437,11 +426,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
437
426
|
GHASH(ctx, out - len_blocks, len_blocks);
|
438
427
|
}
|
439
428
|
if (len) {
|
440
|
-
(*block)(ctx->Yi
|
429
|
+
(*block)(ctx->Yi, ctx->EKi, key);
|
441
430
|
++ctr;
|
442
|
-
ctx->Yi
|
431
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
443
432
|
while (len--) {
|
444
|
-
ctx->Xi
|
433
|
+
ctx->Xi[n] ^= out[n] = in[n] ^ ctx->EKi[n];
|
445
434
|
++n;
|
446
435
|
}
|
447
436
|
}
|
@@ -455,18 +444,18 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
455
444
|
size_t len) {
|
456
445
|
block128_f block = ctx->gcm_key.block;
|
457
446
|
#ifdef GCM_FUNCREF
|
458
|
-
void (*gcm_gmult_p)(
|
447
|
+
void (*gcm_gmult_p)(uint8_t Xi[16], const u128 Htable[16]) =
|
459
448
|
ctx->gcm_key.gmult;
|
460
|
-
void (*gcm_ghash_p)(
|
449
|
+
void (*gcm_ghash_p)(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
461
450
|
size_t len) = ctx->gcm_key.ghash;
|
462
451
|
#endif
|
463
452
|
|
464
|
-
uint64_t mlen = ctx->len.
|
453
|
+
uint64_t mlen = ctx->len.msg + len;
|
465
454
|
if (mlen > ((UINT64_C(1) << 36) - 32) ||
|
466
455
|
(sizeof(len) == 8 && mlen < len)) {
|
467
456
|
return 0;
|
468
457
|
}
|
469
|
-
ctx->len.
|
458
|
+
ctx->len.msg = mlen;
|
470
459
|
|
471
460
|
if (ctx->ares) {
|
472
461
|
// First call to decrypt finalizes GHASH(AAD)
|
@@ -478,8 +467,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
478
467
|
if (n) {
|
479
468
|
while (n && len) {
|
480
469
|
uint8_t c = *(in++);
|
481
|
-
*(out++) = c ^ ctx->EKi
|
482
|
-
ctx->Xi
|
470
|
+
*(out++) = c ^ ctx->EKi[n];
|
471
|
+
ctx->Xi[n] ^= c;
|
483
472
|
--len;
|
484
473
|
n = (n + 1) % 16;
|
485
474
|
}
|
@@ -491,20 +480,16 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
491
480
|
}
|
492
481
|
}
|
493
482
|
|
494
|
-
uint32_t ctr =
|
483
|
+
uint32_t ctr = CRYPTO_load_u32_be(ctx->Yi + 12);
|
495
484
|
while (len >= GHASH_CHUNK) {
|
496
485
|
size_t j = GHASH_CHUNK;
|
497
486
|
|
498
487
|
GHASH(ctx, in, GHASH_CHUNK);
|
499
488
|
while (j) {
|
500
|
-
(*block)(ctx->Yi
|
489
|
+
(*block)(ctx->Yi, ctx->EKi, key);
|
501
490
|
++ctr;
|
502
|
-
ctx->Yi
|
503
|
-
|
504
|
-
CRYPTO_store_word_le(out + i,
|
505
|
-
CRYPTO_load_word_le(in + i) ^
|
506
|
-
ctx->EKi.t[i / sizeof(crypto_word_t)]);
|
507
|
-
}
|
491
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
492
|
+
CRYPTO_xor16(out, in, ctx->EKi);
|
508
493
|
out += 16;
|
509
494
|
in += 16;
|
510
495
|
j -= 16;
|
@@ -515,27 +500,23 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
515
500
|
if (len_blocks != 0) {
|
516
501
|
GHASH(ctx, in, len_blocks);
|
517
502
|
while (len >= 16) {
|
518
|
-
(*block)(ctx->Yi
|
503
|
+
(*block)(ctx->Yi, ctx->EKi, key);
|
519
504
|
++ctr;
|
520
|
-
ctx->Yi
|
521
|
-
|
522
|
-
CRYPTO_store_word_le(out + i,
|
523
|
-
CRYPTO_load_word_le(in + i) ^
|
524
|
-
ctx->EKi.t[i / sizeof(crypto_word_t)]);
|
525
|
-
}
|
505
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
506
|
+
CRYPTO_xor16(out, in, ctx->EKi);
|
526
507
|
out += 16;
|
527
508
|
in += 16;
|
528
509
|
len -= 16;
|
529
510
|
}
|
530
511
|
}
|
531
512
|
if (len) {
|
532
|
-
(*block)(ctx->Yi
|
513
|
+
(*block)(ctx->Yi, ctx->EKi, key);
|
533
514
|
++ctr;
|
534
|
-
ctx->Yi
|
515
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
535
516
|
while (len--) {
|
536
517
|
uint8_t c = in[n];
|
537
|
-
ctx->Xi
|
538
|
-
out[n] = c ^ ctx->EKi
|
518
|
+
ctx->Xi[n] ^= c;
|
519
|
+
out[n] = c ^ ctx->EKi[n];
|
539
520
|
++n;
|
540
521
|
}
|
541
522
|
}
|
@@ -548,18 +529,18 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
548
529
|
const uint8_t *in, uint8_t *out, size_t len,
|
549
530
|
ctr128_f stream) {
|
550
531
|
#ifdef GCM_FUNCREF
|
551
|
-
void (*gcm_gmult_p)(
|
532
|
+
void (*gcm_gmult_p)(uint8_t Xi[16], const u128 Htable[16]) =
|
552
533
|
ctx->gcm_key.gmult;
|
553
|
-
void (*gcm_ghash_p)(
|
534
|
+
void (*gcm_ghash_p)(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
554
535
|
size_t len) = ctx->gcm_key.ghash;
|
555
536
|
#endif
|
556
537
|
|
557
|
-
uint64_t mlen = ctx->len.
|
538
|
+
uint64_t mlen = ctx->len.msg + len;
|
558
539
|
if (mlen > ((UINT64_C(1) << 36) - 32) ||
|
559
540
|
(sizeof(len) == 8 && mlen < len)) {
|
560
541
|
return 0;
|
561
542
|
}
|
562
|
-
ctx->len.
|
543
|
+
ctx->len.msg = mlen;
|
563
544
|
|
564
545
|
if (ctx->ares) {
|
565
546
|
// First call to encrypt finalizes GHASH(AAD)
|
@@ -570,7 +551,7 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
570
551
|
unsigned n = ctx->mres;
|
571
552
|
if (n) {
|
572
553
|
while (n && len) {
|
573
|
-
ctx->Xi
|
554
|
+
ctx->Xi[n] ^= *(out++) = *(in++) ^ ctx->EKi[n];
|
574
555
|
--len;
|
575
556
|
n = (n + 1) % 16;
|
576
557
|
}
|
@@ -587,18 +568,19 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
587
568
|
if (ctx->gcm_key.use_hw_gcm_crypt && len > 0) {
|
588
569
|
// |hw_gcm_encrypt| may not process all the input given to it. It may
|
589
570
|
// not process *any* of its input if it is deemed too small.
|
590
|
-
size_t bulk = hw_gcm_encrypt(in, out, len, key, ctx->Yi
|
571
|
+
size_t bulk = hw_gcm_encrypt(in, out, len, key, ctx->Yi, ctx->Xi,
|
572
|
+
ctx->gcm_key.Htable);
|
591
573
|
in += bulk;
|
592
574
|
out += bulk;
|
593
575
|
len -= bulk;
|
594
576
|
}
|
595
577
|
#endif
|
596
578
|
|
597
|
-
uint32_t ctr =
|
579
|
+
uint32_t ctr = CRYPTO_load_u32_be(ctx->Yi + 12);
|
598
580
|
while (len >= GHASH_CHUNK) {
|
599
|
-
(*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi
|
581
|
+
(*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi);
|
600
582
|
ctr += GHASH_CHUNK / 16;
|
601
|
-
ctx->Yi
|
583
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
602
584
|
GHASH(ctx, out, GHASH_CHUNK);
|
603
585
|
out += GHASH_CHUNK;
|
604
586
|
in += GHASH_CHUNK;
|
@@ -608,20 +590,20 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
608
590
|
if (len_blocks != 0) {
|
609
591
|
size_t j = len_blocks / 16;
|
610
592
|
|
611
|
-
(*stream)(in, out, j, key, ctx->Yi
|
593
|
+
(*stream)(in, out, j, key, ctx->Yi);
|
612
594
|
ctr += (unsigned int)j;
|
613
|
-
ctx->Yi
|
595
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
614
596
|
in += len_blocks;
|
615
597
|
len -= len_blocks;
|
616
598
|
GHASH(ctx, out, len_blocks);
|
617
599
|
out += len_blocks;
|
618
600
|
}
|
619
601
|
if (len) {
|
620
|
-
(*ctx->gcm_key.block)(ctx->Yi
|
602
|
+
(*ctx->gcm_key.block)(ctx->Yi, ctx->EKi, key);
|
621
603
|
++ctr;
|
622
|
-
ctx->Yi
|
604
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
623
605
|
while (len--) {
|
624
|
-
ctx->Xi
|
606
|
+
ctx->Xi[n] ^= out[n] = in[n] ^ ctx->EKi[n];
|
625
607
|
++n;
|
626
608
|
}
|
627
609
|
}
|
@@ -634,18 +616,18 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
634
616
|
const uint8_t *in, uint8_t *out, size_t len,
|
635
617
|
ctr128_f stream) {
|
636
618
|
#ifdef GCM_FUNCREF
|
637
|
-
void (*gcm_gmult_p)(
|
619
|
+
void (*gcm_gmult_p)(uint8_t Xi[16], const u128 Htable[16]) =
|
638
620
|
ctx->gcm_key.gmult;
|
639
|
-
void (*gcm_ghash_p)(
|
621
|
+
void (*gcm_ghash_p)(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
640
622
|
size_t len) = ctx->gcm_key.ghash;
|
641
623
|
#endif
|
642
624
|
|
643
|
-
uint64_t mlen = ctx->len.
|
625
|
+
uint64_t mlen = ctx->len.msg + len;
|
644
626
|
if (mlen > ((UINT64_C(1) << 36) - 32) ||
|
645
627
|
(sizeof(len) == 8 && mlen < len)) {
|
646
628
|
return 0;
|
647
629
|
}
|
648
|
-
ctx->len.
|
630
|
+
ctx->len.msg = mlen;
|
649
631
|
|
650
632
|
if (ctx->ares) {
|
651
633
|
// First call to decrypt finalizes GHASH(AAD)
|
@@ -657,8 +639,8 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
657
639
|
if (n) {
|
658
640
|
while (n && len) {
|
659
641
|
uint8_t c = *(in++);
|
660
|
-
*(out++) = c ^ ctx->EKi
|
661
|
-
ctx->Xi
|
642
|
+
*(out++) = c ^ ctx->EKi[n];
|
643
|
+
ctx->Xi[n] ^= c;
|
662
644
|
--len;
|
663
645
|
n = (n + 1) % 16;
|
664
646
|
}
|
@@ -675,19 +657,20 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
675
657
|
if (ctx->gcm_key.use_hw_gcm_crypt && len > 0) {
|
676
658
|
// |hw_gcm_decrypt| may not process all the input given to it. It may
|
677
659
|
// not process *any* of its input if it is deemed too small.
|
678
|
-
size_t bulk = hw_gcm_decrypt(in, out, len, key, ctx->Yi
|
660
|
+
size_t bulk = hw_gcm_decrypt(in, out, len, key, ctx->Yi, ctx->Xi,
|
661
|
+
ctx->gcm_key.Htable);
|
679
662
|
in += bulk;
|
680
663
|
out += bulk;
|
681
664
|
len -= bulk;
|
682
665
|
}
|
683
666
|
#endif
|
684
667
|
|
685
|
-
uint32_t ctr =
|
668
|
+
uint32_t ctr = CRYPTO_load_u32_be(ctx->Yi + 12);
|
686
669
|
while (len >= GHASH_CHUNK) {
|
687
670
|
GHASH(ctx, in, GHASH_CHUNK);
|
688
|
-
(*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi
|
671
|
+
(*stream)(in, out, GHASH_CHUNK / 16, key, ctx->Yi);
|
689
672
|
ctr += GHASH_CHUNK / 16;
|
690
|
-
ctx->Yi
|
673
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
691
674
|
out += GHASH_CHUNK;
|
692
675
|
in += GHASH_CHUNK;
|
693
676
|
len -= GHASH_CHUNK;
|
@@ -697,21 +680,21 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
697
680
|
size_t j = len_blocks / 16;
|
698
681
|
|
699
682
|
GHASH(ctx, in, len_blocks);
|
700
|
-
(*stream)(in, out, j, key, ctx->Yi
|
683
|
+
(*stream)(in, out, j, key, ctx->Yi);
|
701
684
|
ctr += (unsigned int)j;
|
702
|
-
ctx->Yi
|
685
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
703
686
|
out += len_blocks;
|
704
687
|
in += len_blocks;
|
705
688
|
len -= len_blocks;
|
706
689
|
}
|
707
690
|
if (len) {
|
708
|
-
(*ctx->gcm_key.block)(ctx->Yi
|
691
|
+
(*ctx->gcm_key.block)(ctx->Yi, ctx->EKi, key);
|
709
692
|
++ctr;
|
710
|
-
ctx->Yi
|
693
|
+
CRYPTO_store_u32_be(ctx->Yi + 12, ctr);
|
711
694
|
while (len--) {
|
712
695
|
uint8_t c = in[n];
|
713
|
-
ctx->Xi
|
714
|
-
out[n] = c ^ ctx->EKi
|
696
|
+
ctx->Xi[n] ^= c;
|
697
|
+
out[n] = c ^ ctx->EKi[n];
|
715
698
|
++n;
|
716
699
|
}
|
717
700
|
}
|
@@ -722,7 +705,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const AES_KEY *key,
|
|
722
705
|
|
723
706
|
int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) {
|
724
707
|
#ifdef GCM_FUNCREF
|
725
|
-
void (*gcm_gmult_p)(
|
708
|
+
void (*gcm_gmult_p)(uint8_t Xi[16], const u128 Htable[16]) =
|
726
709
|
ctx->gcm_key.gmult;
|
727
710
|
#endif
|
728
711
|
|
@@ -730,15 +713,15 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) {
|
|
730
713
|
GCM_MUL(ctx, Xi);
|
731
714
|
}
|
732
715
|
|
733
|
-
|
734
|
-
|
716
|
+
uint8_t len_block[16];
|
717
|
+
CRYPTO_store_u64_be(len_block, ctx->len.aad << 3);
|
718
|
+
CRYPTO_store_u64_be(len_block + 8, ctx->len.msg << 3);
|
719
|
+
CRYPTO_xor16(ctx->Xi, ctx->Xi, len_block);
|
735
720
|
GCM_MUL(ctx, Xi);
|
736
|
-
|
737
|
-
ctx->Xi.u[0] ^= ctx->EK0.u[0];
|
738
|
-
ctx->Xi.u[1] ^= ctx->EK0.u[1];
|
721
|
+
CRYPTO_xor16(ctx->Xi, ctx->Xi, ctx->EK0);
|
739
722
|
|
740
723
|
if (tag && len <= sizeof(ctx->Xi)) {
|
741
|
-
return CRYPTO_memcmp(ctx->Xi
|
724
|
+
return CRYPTO_memcmp(ctx->Xi, tag, len) == 0;
|
742
725
|
} else {
|
743
726
|
return 0;
|
744
727
|
}
|
@@ -746,8 +729,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) {
|
|
746
729
|
|
747
730
|
void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) {
|
748
731
|
CRYPTO_gcm128_finish(ctx, NULL, 0);
|
749
|
-
OPENSSL_memcpy(tag, ctx->Xi
|
750
|
-
len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
|
732
|
+
OPENSSL_memcpy(tag, ctx->Xi, len <= sizeof(ctx->Xi) ? len : sizeof(ctx->Xi));
|
751
733
|
}
|
752
734
|
|
753
735
|
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
@@ -274,31 +274,29 @@ static void gcm_polyval_nohw(uint64_t Xi[2], const u128 *H) {
|
|
274
274
|
Xi[1] = r3;
|
275
275
|
}
|
276
276
|
|
277
|
-
void gcm_gmult_nohw(
|
277
|
+
void gcm_gmult_nohw(uint8_t Xi[16], const u128 Htable[16]) {
|
278
278
|
uint64_t swapped[2];
|
279
|
-
swapped[0] =
|
280
|
-
swapped[1] =
|
279
|
+
swapped[0] = CRYPTO_load_u64_be(Xi + 8);
|
280
|
+
swapped[1] = CRYPTO_load_u64_be(Xi);
|
281
281
|
gcm_polyval_nohw(swapped, &Htable[0]);
|
282
|
-
Xi
|
283
|
-
Xi
|
282
|
+
CRYPTO_store_u64_be(Xi, swapped[1]);
|
283
|
+
CRYPTO_store_u64_be(Xi + 8, swapped[0]);
|
284
284
|
}
|
285
285
|
|
286
|
-
void gcm_ghash_nohw(
|
286
|
+
void gcm_ghash_nohw(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
287
287
|
size_t len) {
|
288
288
|
uint64_t swapped[2];
|
289
|
-
swapped[0] =
|
290
|
-
swapped[1] =
|
289
|
+
swapped[0] = CRYPTO_load_u64_be(Xi + 8);
|
290
|
+
swapped[1] = CRYPTO_load_u64_be(Xi);
|
291
291
|
|
292
292
|
while (len >= 16) {
|
293
|
-
|
294
|
-
|
295
|
-
swapped[0] ^= CRYPTO_bswap8(block[1]);
|
296
|
-
swapped[1] ^= CRYPTO_bswap8(block[0]);
|
293
|
+
swapped[0] ^= CRYPTO_load_u64_be(inp + 8);
|
294
|
+
swapped[1] ^= CRYPTO_load_u64_be(inp);
|
297
295
|
gcm_polyval_nohw(swapped, &Htable[0]);
|
298
296
|
inp += 16;
|
299
297
|
len -= 16;
|
300
298
|
}
|
301
299
|
|
302
|
-
Xi
|
303
|
-
Xi
|
300
|
+
CRYPTO_store_u64_be(Xi, swapped[1]);
|
301
|
+
CRYPTO_store_u64_be(Xi + 8, swapped[0]);
|
304
302
|
}
|