grpc 1.55.0 → 1.56.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +100 -68
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
- data/src/core/ext/filters/client_channel/client_channel.h +6 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +52 -20
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +32 -39
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +4 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +148 -107
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +48 -12
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -53,6 +53,7 @@
|
|
53
53
|
|
54
54
|
#include <openssl/aes.h>
|
55
55
|
|
56
|
+
#include <assert.h>
|
56
57
|
#include <stdlib.h>
|
57
58
|
#include <string.h>
|
58
59
|
|
@@ -75,6 +76,20 @@ extern "C" {
|
|
75
76
|
typedef void (*block128_f)(const uint8_t in[16], uint8_t out[16],
|
76
77
|
const AES_KEY *key);
|
77
78
|
|
79
|
+
OPENSSL_INLINE void CRYPTO_xor16(uint8_t out[16], const uint8_t a[16],
|
80
|
+
const uint8_t b[16]) {
|
81
|
+
// TODO(davidben): Ideally we'd leave this to the compiler, which could use
|
82
|
+
// vector registers, etc. But the compiler doesn't know that |in| and |out|
|
83
|
+
// cannot partially alias. |restrict| is slightly two strict (we allow exact
|
84
|
+
// aliasing), but perhaps in-place could be a separate function?
|
85
|
+
static_assert(16 % sizeof(crypto_word_t) == 0,
|
86
|
+
"block cannot be evenly divided into words");
|
87
|
+
for (size_t i = 0; i < 16; i += sizeof(crypto_word_t)) {
|
88
|
+
CRYPTO_store_word_le(
|
89
|
+
out + i, CRYPTO_load_word_le(a + i) ^ CRYPTO_load_word_le(b + i));
|
90
|
+
}
|
91
|
+
}
|
92
|
+
|
78
93
|
|
79
94
|
// CTR.
|
80
95
|
|
@@ -115,21 +130,19 @@ typedef struct { uint64_t hi,lo; } u128;
|
|
115
130
|
|
116
131
|
// gmult_func multiplies |Xi| by the GCM key and writes the result back to
|
117
132
|
// |Xi|.
|
118
|
-
typedef void (*gmult_func)(
|
133
|
+
typedef void (*gmult_func)(uint8_t Xi[16], const u128 Htable[16]);
|
119
134
|
|
120
135
|
// ghash_func repeatedly multiplies |Xi| by the GCM key and adds in blocks from
|
121
136
|
// |inp|. The result is written back to |Xi| and the |len| argument must be a
|
122
137
|
// multiple of 16.
|
123
|
-
typedef void (*ghash_func)(
|
138
|
+
typedef void (*ghash_func)(uint8_t Xi[16], const u128 Htable[16],
|
124
139
|
const uint8_t *inp, size_t len);
|
125
140
|
|
126
141
|
typedef struct gcm128_key_st {
|
127
|
-
//
|
128
|
-
// be the first two elements of this struct. Additionally, some assembly
|
129
|
-
// routines require a 16-byte-aligned |Htable| when hashing data, but not
|
142
|
+
// |gcm_*_ssse3| require a 16-byte-aligned |Htable| when hashing data, but not
|
130
143
|
// initialization. |GCM128_KEY| is not itself aligned to simplify embedding in
|
131
144
|
// |EVP_AEAD_CTX|, but |Htable|'s offset must be a multiple of 16.
|
132
|
-
|
145
|
+
// TODO(crbug.com/boringssl/604): Revisit this.
|
133
146
|
u128 Htable[16];
|
134
147
|
gmult_func gmult;
|
135
148
|
ghash_func ghash;
|
@@ -145,17 +158,17 @@ typedef struct gcm128_key_st {
|
|
145
158
|
// should be zero-initialized before use.
|
146
159
|
typedef struct {
|
147
160
|
// The following 5 names follow names in GCM specification
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
// |
|
158
|
-
//
|
161
|
+
uint8_t Yi[16];
|
162
|
+
uint8_t EKi[16];
|
163
|
+
uint8_t EK0[16];
|
164
|
+
struct {
|
165
|
+
uint64_t aad;
|
166
|
+
uint64_t msg;
|
167
|
+
} len;
|
168
|
+
uint8_t Xi[16];
|
169
|
+
|
170
|
+
// |gcm_*_ssse3| require |Htable| to be 16-byte-aligned.
|
171
|
+
// TODO(crbug.com/boringssl/604): Revisit this.
|
159
172
|
alignas(16) GCM128_KEY gcm_key;
|
160
173
|
|
161
174
|
unsigned mres, ares;
|
@@ -172,7 +185,7 @@ int crypto_gcm_clmul_enabled(void);
|
|
172
185
|
// accelerated) functions for performing operations in the GHASH field. If the
|
173
186
|
// AVX implementation was used |*out_is_avx| will be true.
|
174
187
|
void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
|
175
|
-
u128
|
188
|
+
u128 out_table[16], int *out_is_avx,
|
176
189
|
const uint8_t gcm_key[16]);
|
177
190
|
|
178
191
|
// CRYPTO_gcm128_init_key initialises |gcm_key| to use |block| (typically AES)
|
@@ -240,8 +253,8 @@ OPENSSL_EXPORT void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, uint8_t *tag,
|
|
240
253
|
// GCM assembly.
|
241
254
|
|
242
255
|
void gcm_init_nohw(u128 Htable[16], const uint64_t H[2]);
|
243
|
-
void gcm_gmult_nohw(
|
244
|
-
void gcm_ghash_nohw(
|
256
|
+
void gcm_gmult_nohw(uint8_t Xi[16], const u128 Htable[16]);
|
257
|
+
void gcm_ghash_nohw(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
245
258
|
size_t len);
|
246
259
|
|
247
260
|
#if !defined(OPENSSL_NO_ASM)
|
@@ -249,29 +262,31 @@ void gcm_ghash_nohw(uint64_t Xi[2], const u128 Htable[16], const uint8_t *inp,
|
|
249
262
|
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
250
263
|
#define GCM_FUNCREF
|
251
264
|
void gcm_init_clmul(u128 Htable[16], const uint64_t Xi[2]);
|
252
|
-
void gcm_gmult_clmul(
|
253
|
-
void gcm_ghash_clmul(
|
265
|
+
void gcm_gmult_clmul(uint8_t Xi[16], const u128 Htable[16]);
|
266
|
+
void gcm_ghash_clmul(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
254
267
|
size_t len);
|
255
268
|
|
256
269
|
// |gcm_gmult_ssse3| and |gcm_ghash_ssse3| require |Htable| to be
|
257
270
|
// 16-byte-aligned, but |gcm_init_ssse3| does not.
|
258
271
|
void gcm_init_ssse3(u128 Htable[16], const uint64_t Xi[2]);
|
259
|
-
void gcm_gmult_ssse3(
|
260
|
-
void gcm_ghash_ssse3(
|
272
|
+
void gcm_gmult_ssse3(uint8_t Xi[16], const u128 Htable[16]);
|
273
|
+
void gcm_ghash_ssse3(uint8_t Xi[16], const u128 Htable[16], const uint8_t *in,
|
261
274
|
size_t len);
|
262
275
|
|
263
276
|
#if defined(OPENSSL_X86_64)
|
264
277
|
#define GHASH_ASM_X86_64
|
265
278
|
void gcm_init_avx(u128 Htable[16], const uint64_t Xi[2]);
|
266
|
-
void gcm_gmult_avx(
|
267
|
-
void gcm_ghash_avx(
|
279
|
+
void gcm_gmult_avx(uint8_t Xi[16], const u128 Htable[16]);
|
280
|
+
void gcm_ghash_avx(uint8_t Xi[16], const u128 Htable[16], const uint8_t *in,
|
268
281
|
size_t len);
|
269
282
|
|
270
283
|
#define HW_GCM
|
271
284
|
size_t aesni_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
272
|
-
const AES_KEY *key, uint8_t ivec[16],
|
285
|
+
const AES_KEY *key, uint8_t ivec[16],
|
286
|
+
const u128 Htable[16], uint8_t Xi[16]);
|
273
287
|
size_t aesni_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
|
274
|
-
const AES_KEY *key, uint8_t ivec[16],
|
288
|
+
const AES_KEY *key, uint8_t ivec[16],
|
289
|
+
const u128 Htable[16], uint8_t Xi[16]);
|
275
290
|
#endif // OPENSSL_X86_64
|
276
291
|
|
277
292
|
#if defined(OPENSSL_X86)
|
@@ -287,25 +302,27 @@ OPENSSL_INLINE int gcm_pmull_capable(void) {
|
|
287
302
|
return CRYPTO_is_ARMv8_PMULL_capable();
|
288
303
|
}
|
289
304
|
|
290
|
-
void gcm_init_v8(u128 Htable[16], const uint64_t
|
291
|
-
void gcm_gmult_v8(
|
292
|
-
void gcm_ghash_v8(
|
305
|
+
void gcm_init_v8(u128 Htable[16], const uint64_t H[2]);
|
306
|
+
void gcm_gmult_v8(uint8_t Xi[16], const u128 Htable[16]);
|
307
|
+
void gcm_ghash_v8(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
293
308
|
size_t len);
|
294
309
|
|
295
310
|
OPENSSL_INLINE int gcm_neon_capable(void) { return CRYPTO_is_NEON_capable(); }
|
296
311
|
|
297
|
-
void gcm_init_neon(u128 Htable[16], const uint64_t
|
298
|
-
void gcm_gmult_neon(
|
299
|
-
void gcm_ghash_neon(
|
312
|
+
void gcm_init_neon(u128 Htable[16], const uint64_t H[2]);
|
313
|
+
void gcm_gmult_neon(uint8_t Xi[16], const u128 Htable[16]);
|
314
|
+
void gcm_ghash_neon(uint8_t Xi[16], const u128 Htable[16], const uint8_t *inp,
|
300
315
|
size_t len);
|
301
316
|
|
302
317
|
#if defined(OPENSSL_AARCH64)
|
303
318
|
#define HW_GCM
|
304
319
|
// These functions are defined in aesv8-gcm-armv8.pl.
|
305
320
|
void aes_gcm_enc_kernel(const uint8_t *in, uint64_t in_bits, void *out,
|
306
|
-
void *Xi, uint8_t *ivec, const AES_KEY *key
|
321
|
+
void *Xi, uint8_t *ivec, const AES_KEY *key,
|
322
|
+
const u128 Htable[16]);
|
307
323
|
void aes_gcm_dec_kernel(const uint8_t *in, uint64_t in_bits, void *out,
|
308
|
-
void *Xi, uint8_t *ivec, const AES_KEY *key
|
324
|
+
void *Xi, uint8_t *ivec, const AES_KEY *key,
|
325
|
+
const u128 Htable[16]);
|
309
326
|
#endif
|
310
327
|
|
311
328
|
#endif
|
@@ -380,19 +397,12 @@ size_t CRYPTO_cts128_encrypt_block(const uint8_t *in, uint8_t *out, size_t len,
|
|
380
397
|
//
|
381
398
|
// POLYVAL is a polynomial authenticator that operates over a field very
|
382
399
|
// similar to the one that GHASH uses. See
|
383
|
-
// https://
|
384
|
-
|
385
|
-
typedef union {
|
386
|
-
uint64_t u[2];
|
387
|
-
uint8_t c[16];
|
388
|
-
} polyval_block;
|
400
|
+
// https://www.rfc-editor.org/rfc/rfc8452.html#section-3.
|
389
401
|
|
390
402
|
struct polyval_ctx {
|
391
|
-
|
392
|
-
//
|
393
|
-
//
|
394
|
-
polyval_block S;
|
395
|
-
u128 H;
|
403
|
+
uint8_t S[16];
|
404
|
+
// |gcm_*_ssse3| require |Htable| to be 16-byte-aligned.
|
405
|
+
// TODO(crbug.com/boringssl/604): Revisit this.
|
396
406
|
alignas(16) u128 Htable[16];
|
397
407
|
gmult_func gmult;
|
398
408
|
ghash_func ghash;
|
@@ -70,14 +70,7 @@ void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
|
70
70
|
|
71
71
|
while (len >= 16) {
|
72
72
|
(*block)(ivec, ivec, key);
|
73
|
-
|
74
|
-
size_t a, b;
|
75
|
-
OPENSSL_memcpy(&a, in + n, sizeof(size_t));
|
76
|
-
OPENSSL_memcpy(&b, ivec + n, sizeof(size_t));
|
77
|
-
|
78
|
-
const size_t c = a ^ b;
|
79
|
-
OPENSSL_memcpy(out + n, &c, sizeof(size_t));
|
80
|
-
}
|
73
|
+
CRYPTO_xor16(out, in, ivec);
|
81
74
|
len -= 16;
|
82
75
|
out += 16;
|
83
76
|
in += 16;
|
@@ -22,70 +22,69 @@
|
|
22
22
|
|
23
23
|
|
24
24
|
// byte_reverse reverses the order of the bytes in |b->c|.
|
25
|
-
static void byte_reverse(
|
26
|
-
|
27
|
-
|
28
|
-
b
|
25
|
+
static void byte_reverse(uint8_t b[16]) {
|
26
|
+
uint64_t hi = CRYPTO_load_u64_le(b);
|
27
|
+
uint64_t lo = CRYPTO_load_u64_le(b + 8);
|
28
|
+
CRYPTO_store_u64_le(b, CRYPTO_bswap8(lo));
|
29
|
+
CRYPTO_store_u64_le(b + 8, CRYPTO_bswap8(hi));
|
29
30
|
}
|
30
31
|
|
31
|
-
// reverse_and_mulX_ghash interprets
|
32
|
-
//
|
33
|
-
//
|
34
|
-
static void reverse_and_mulX_ghash(
|
35
|
-
uint64_t hi = b
|
36
|
-
uint64_t lo = b
|
32
|
+
// reverse_and_mulX_ghash interprets |b| as a reversed element of the GHASH
|
33
|
+
// field, multiplies that by 'x' and serialises the result back into |b|, but
|
34
|
+
// with GHASH's backwards bit ordering.
|
35
|
+
static void reverse_and_mulX_ghash(uint8_t b[16]) {
|
36
|
+
uint64_t hi = CRYPTO_load_u64_le(b);
|
37
|
+
uint64_t lo = CRYPTO_load_u64_le(b + 8);
|
37
38
|
const crypto_word_t carry = constant_time_eq_w(hi & 1, 1);
|
38
39
|
hi >>= 1;
|
39
40
|
hi |= lo << 63;
|
40
41
|
lo >>= 1;
|
41
42
|
lo ^= ((uint64_t) constant_time_select_w(carry, 0xe1, 0)) << 56;
|
42
43
|
|
43
|
-
b
|
44
|
-
b
|
44
|
+
CRYPTO_store_u64_le(b, CRYPTO_bswap8(lo));
|
45
|
+
CRYPTO_store_u64_le(b + 8, CRYPTO_bswap8(hi));
|
45
46
|
}
|
46
47
|
|
47
48
|
// POLYVAL(H, X_1, ..., X_n) =
|
48
49
|
// ByteReverse(GHASH(mulX_GHASH(ByteReverse(H)), ByteReverse(X_1), ...,
|
49
50
|
// ByteReverse(X_n))).
|
50
51
|
//
|
51
|
-
// See https://
|
52
|
+
// See https://www.rfc-editor.org/rfc/rfc8452.html#appendix-A.
|
52
53
|
|
53
54
|
void CRYPTO_POLYVAL_init(struct polyval_ctx *ctx, const uint8_t key[16]) {
|
54
|
-
|
55
|
-
OPENSSL_memcpy(H
|
56
|
-
reverse_and_mulX_ghash(
|
55
|
+
alignas(8) uint8_t H[16];
|
56
|
+
OPENSSL_memcpy(H, key, 16);
|
57
|
+
reverse_and_mulX_ghash(H);
|
57
58
|
|
58
59
|
int is_avx;
|
59
|
-
CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash,
|
60
|
-
H.c);
|
60
|
+
CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, ctx->Htable, &is_avx, H);
|
61
61
|
OPENSSL_memset(&ctx->S, 0, sizeof(ctx->S));
|
62
62
|
}
|
63
63
|
|
64
64
|
void CRYPTO_POLYVAL_update_blocks(struct polyval_ctx *ctx, const uint8_t *in,
|
65
65
|
size_t in_len) {
|
66
66
|
assert((in_len & 15) == 0);
|
67
|
-
|
67
|
+
alignas(8) uint8_t buf[32 * 16];
|
68
68
|
|
69
69
|
while (in_len > 0) {
|
70
70
|
size_t todo = in_len;
|
71
|
-
if (todo > sizeof(
|
72
|
-
todo = sizeof(
|
71
|
+
if (todo > sizeof(buf)) {
|
72
|
+
todo = sizeof(buf);
|
73
73
|
}
|
74
|
-
OPENSSL_memcpy(
|
74
|
+
OPENSSL_memcpy(buf, in, todo);
|
75
75
|
in += todo;
|
76
76
|
in_len -= todo;
|
77
77
|
|
78
|
-
size_t blocks = todo /
|
78
|
+
size_t blocks = todo / 16;
|
79
79
|
for (size_t i = 0; i < blocks; i++) {
|
80
|
-
byte_reverse(
|
80
|
+
byte_reverse(buf + 16 * i);
|
81
81
|
}
|
82
82
|
|
83
|
-
ctx->ghash(ctx->S
|
83
|
+
ctx->ghash(ctx->S, ctx->Htable, buf, todo);
|
84
84
|
}
|
85
85
|
}
|
86
86
|
|
87
87
|
void CRYPTO_POLYVAL_finish(const struct polyval_ctx *ctx, uint8_t out[16]) {
|
88
|
-
|
89
|
-
byte_reverse(
|
90
|
-
OPENSSL_memcpy(out, &S.c, sizeof(polyval_block));
|
88
|
+
OPENSSL_memcpy(out, &ctx->S, 16);
|
89
|
+
byte_reverse(out);
|
91
90
|
}
|
@@ -59,9 +59,15 @@
|
|
59
59
|
#endif // OPENSSL_LINUX
|
60
60
|
|
61
61
|
#if defined(OPENSSL_MACOS)
|
62
|
+
// getentropy exists in any supported version of MacOS (Sierra and later)
|
62
63
|
#include <sys/random.h>
|
63
64
|
#endif
|
64
65
|
|
66
|
+
#if defined(OPENSSL_OPENBSD)
|
67
|
+
// getentropy exists in any supported version of OpenBSD
|
68
|
+
#include <unistd.h>
|
69
|
+
#endif
|
70
|
+
|
65
71
|
#if defined(OPENSSL_FREEBSD) && __FreeBSD__ >= 12
|
66
72
|
// getrandom is supported in FreeBSD 12 and up.
|
67
73
|
#define FREEBSD_GETRANDOM
|
@@ -173,18 +179,9 @@ static void init_once(void) {
|
|
173
179
|
}
|
174
180
|
#endif // USE_NR_getrandom
|
175
181
|
|
176
|
-
#if defined(OPENSSL_MACOS)
|
177
|
-
// getentropy is available in macOS 10.12 and up. iOS 10 and up may also
|
178
|
-
// support it, but the header is missing. See https://crbug.com/boringssl/287.
|
179
|
-
if (__builtin_available(macos 10.12, *)) {
|
182
|
+
#if defined(OPENSSL_MACOS) || defined(OPENSSL_OPENBSD) || defined(FREEBSD_GETRANDOM)
|
180
183
|
*urandom_fd_bss_get() = kHaveGetrandom;
|
181
184
|
return;
|
182
|
-
}
|
183
|
-
#endif
|
184
|
-
|
185
|
-
#if defined(FREEBSD_GETRANDOM)
|
186
|
-
*urandom_fd_bss_get() = kHaveGetrandom;
|
187
|
-
return;
|
188
185
|
#endif
|
189
186
|
|
190
187
|
// FIPS builds must support getrandom.
|
@@ -300,19 +297,10 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
|
|
300
297
|
r = boringssl_getrandom(out, len, getrandom_flags);
|
301
298
|
#elif defined(FREEBSD_GETRANDOM)
|
302
299
|
r = getrandom(out, len, getrandom_flags);
|
303
|
-
#elif defined(OPENSSL_MACOS)
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
if (getentropy(out, todo) != 0) {
|
308
|
-
r = -1;
|
309
|
-
} else {
|
310
|
-
r = (ssize_t)todo;
|
311
|
-
}
|
312
|
-
} else {
|
313
|
-
fprintf(stderr, "urandom fd corrupt.\n");
|
314
|
-
abort();
|
315
|
-
}
|
300
|
+
#elif defined(OPENSSL_MACOS) || defined(OPENSSL_OPENBSD)
|
301
|
+
// |getentropy| can only request 256 bytes at a time.
|
302
|
+
size_t todo = len <= 256 ? len : 256;
|
303
|
+
r = getentropy(out, todo) != 0 ? -1 : (ssize_t)todo;
|
316
304
|
#else // USE_NR_getrandom
|
317
305
|
fprintf(stderr, "urandom fd corrupt.\n");
|
318
306
|
abort();
|
@@ -60,6 +60,7 @@
|
|
60
60
|
#include <openssl/base.h>
|
61
61
|
|
62
62
|
#include <openssl/bn.h>
|
63
|
+
#include <openssl/rsa.h>
|
63
64
|
|
64
65
|
|
65
66
|
#if defined(__cplusplus)
|
@@ -67,6 +68,8 @@ extern "C" {
|
|
67
68
|
#endif
|
68
69
|
|
69
70
|
|
71
|
+
#define RSA_PKCS1_PADDING_SIZE 11
|
72
|
+
|
70
73
|
// Default implementations of RSA operations.
|
71
74
|
|
72
75
|
const RSA_METHOD *RSA_default_method(void);
|
@@ -75,8 +78,6 @@ size_t rsa_default_size(const RSA *rsa);
|
|
75
78
|
int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
|
76
79
|
size_t max_out, const uint8_t *in, size_t in_len,
|
77
80
|
int padding);
|
78
|
-
int rsa_default_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
79
|
-
const uint8_t *in, size_t in_len, int padding);
|
80
81
|
int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
81
82
|
size_t len);
|
82
83
|
|
@@ -90,21 +91,13 @@ int BN_BLINDING_invert(BIGNUM *n, const BN_BLINDING *b, BN_MONT_CTX *mont_ctx,
|
|
90
91
|
BN_CTX *ctx);
|
91
92
|
|
92
93
|
|
94
|
+
int PKCS1_MGF1(uint8_t *out, size_t len, const uint8_t *seed, size_t seed_len,
|
95
|
+
const EVP_MD *md);
|
93
96
|
int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len,
|
94
97
|
const uint8_t *from, size_t from_len);
|
95
98
|
int RSA_padding_check_PKCS1_type_1(uint8_t *out, size_t *out_len,
|
96
99
|
size_t max_out, const uint8_t *from,
|
97
100
|
size_t from_len);
|
98
|
-
int RSA_padding_add_PKCS1_type_2(uint8_t *to, size_t to_len,
|
99
|
-
const uint8_t *from, size_t from_len);
|
100
|
-
int RSA_padding_check_PKCS1_type_2(uint8_t *out, size_t *out_len,
|
101
|
-
size_t max_out, const uint8_t *from,
|
102
|
-
size_t from_len);
|
103
|
-
int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len,
|
104
|
-
size_t max_out, const uint8_t *from,
|
105
|
-
size_t from_len, const uint8_t *param,
|
106
|
-
size_t param_len, const EVP_MD *md,
|
107
|
-
const EVP_MD *mgf1md);
|
108
101
|
int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from,
|
109
102
|
size_t from_len);
|
110
103
|
|
@@ -112,12 +105,24 @@ int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from,
|
|
112
105
|
// within DoS bounds.
|
113
106
|
int rsa_check_public_key(const RSA *rsa);
|
114
107
|
|
115
|
-
//
|
116
|
-
// function (if given) or the generic one. See the comment
|
117
|
-
// |private_transform| in |rsa_meth_st|.
|
118
|
-
int
|
108
|
+
// rsa_private_transform_no_self_test calls either the method-specific
|
109
|
+
// |private_transform| function (if given) or the generic one. See the comment
|
110
|
+
// for |private_transform| in |rsa_meth_st|.
|
111
|
+
int rsa_private_transform_no_self_test(RSA *rsa, uint8_t *out,
|
112
|
+
const uint8_t *in, size_t len);
|
113
|
+
|
114
|
+
// rsa_private_transform acts the same as |rsa_private_transform_no_self_test|
|
115
|
+
// but, in FIPS mode, performs an RSA self test before calling the default RSA
|
116
|
+
// implementation.
|
117
|
+
int rsa_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
119
118
|
size_t len);
|
120
119
|
|
120
|
+
// rsa_invalidate_key is called after |rsa| has been mutated, to invalidate
|
121
|
+
// fields derived from the original structure. This function assumes exclusive
|
122
|
+
// access to |rsa|. In particular, no other thread may be concurrently signing,
|
123
|
+
// etc., with |rsa|.
|
124
|
+
void rsa_invalidate_key(RSA *rsa);
|
125
|
+
|
121
126
|
|
122
127
|
// This constant is exported for test purposes.
|
123
128
|
extern const BN_ULONG kBoringSSLRSASqrtTwo[];
|