grpc 1.55.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (374) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +100 -68
  3. data/include/grpc/event_engine/event_engine.h +4 -3
  4. data/include/grpc/grpc_audit_logging.h +96 -0
  5. data/include/grpc/module.modulemap +2 -0
  6. data/include/grpc/support/json.h +218 -0
  7. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
  9. data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
  11. data/src/core/ext/filters/client_channel/client_channel.h +6 -0
  12. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
  13. data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
  14. data/src/core/ext/filters/client_channel/config_selector.h +9 -24
  15. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
  16. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
  17. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  20. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
  21. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +52 -20
  22. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
  23. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
  24. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
  25. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
  26. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
  28. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
  29. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
  30. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
  31. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +32 -39
  32. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
  38. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
  40. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
  41. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
  42. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
  43. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
  44. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
  45. data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
  46. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
  47. data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
  48. data/src/core/ext/filters/client_channel/subchannel.h +3 -43
  49. data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
  50. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
  51. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
  52. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
  53. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
  54. data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
  55. data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
  56. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
  57. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
  58. data/src/core/ext/xds/certificate_provider_store.cc +4 -9
  59. data/src/core/ext/xds/certificate_provider_store.h +1 -1
  60. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
  61. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
  62. data/src/core/ext/xds/xds_api.cc +9 -6
  63. data/src/core/ext/xds/xds_api.h +3 -2
  64. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  65. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  66. data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
  67. data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
  68. data/src/core/ext/xds/xds_client.cc +5 -4
  69. data/src/core/ext/xds/xds_client_stats.h +1 -1
  70. data/src/core/ext/xds/xds_cluster.cc +20 -19
  71. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
  72. data/src/core/ext/xds/xds_common_types.cc +3 -1
  73. data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
  74. data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
  75. data/src/core/ext/xds/xds_http_filters.h +4 -2
  76. data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
  77. data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
  78. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
  79. data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
  80. data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
  81. data/src/core/ext/xds/xds_listener.cc +1 -0
  82. data/src/core/ext/xds/xds_route_config.cc +40 -3
  83. data/src/core/ext/xds/xds_routing.cc +2 -2
  84. data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
  85. data/src/core/lib/avl/avl.h +5 -0
  86. data/src/core/lib/channel/channel_args.cc +80 -22
  87. data/src/core/lib/channel/channel_args.h +34 -1
  88. data/src/core/lib/channel/channel_trace.cc +16 -12
  89. data/src/core/lib/channel/channelz.cc +159 -132
  90. data/src/core/lib/channel/channelz.h +42 -35
  91. data/src/core/lib/channel/channelz_registry.cc +23 -20
  92. data/src/core/lib/channel/connected_channel.cc +17 -6
  93. data/src/core/lib/channel/promise_based_filter.cc +0 -4
  94. data/src/core/lib/channel/promise_based_filter.h +2 -0
  95. data/src/core/lib/compression/compression_internal.cc +2 -5
  96. data/src/core/lib/config/config_vars.cc +20 -18
  97. data/src/core/lib/config/config_vars.h +4 -4
  98. data/src/core/lib/config/load_config.cc +13 -0
  99. data/src/core/lib/config/load_config.h +6 -0
  100. data/src/core/lib/debug/event_log.h +1 -1
  101. data/src/core/lib/debug/stats_data.h +1 -1
  102. data/src/core/lib/debug/trace.cc +24 -55
  103. data/src/core/lib/debug/trace.h +3 -1
  104. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  105. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  106. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  107. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  108. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  109. data/src/core/lib/event_engine/default_event_engine.cc +13 -1
  110. data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
  111. data/src/core/lib/event_engine/poller.h +2 -2
  112. data/src/core/lib/event_engine/posix.h +4 -0
  113. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  114. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
  115. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
  116. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
  117. data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -1
  118. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +4 -4
  119. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -8
  120. data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
  121. data/src/core/lib/event_engine/shim.cc +7 -1
  122. data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
  123. data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
  124. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  125. data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
  126. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  127. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  128. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  129. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
  130. data/src/core/lib/event_engine/windows/iocp.cc +4 -3
  131. data/src/core/lib/event_engine/windows/iocp.h +3 -3
  132. data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
  133. data/src/core/lib/event_engine/windows/win_socket.h +4 -4
  134. data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
  135. data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
  136. data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
  137. data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
  138. data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
  139. data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
  140. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  141. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  142. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  143. data/src/core/lib/experiments/config.cc +38 -7
  144. data/src/core/lib/experiments/config.h +16 -0
  145. data/src/core/lib/experiments/experiments.cc +67 -20
  146. data/src/core/lib/experiments/experiments.h +27 -21
  147. data/src/core/lib/gpr/log_internal.h +55 -0
  148. data/src/core/lib/gprpp/crash.cc +10 -0
  149. data/src/core/lib/gprpp/crash.h +3 -0
  150. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  151. data/src/core/lib/gprpp/per_cpu.h +29 -6
  152. data/src/core/lib/gprpp/time.cc +1 -0
  153. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  154. data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
  155. data/src/core/lib/iomgr/ev_apple.cc +12 -12
  156. data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
  157. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
  158. data/src/core/lib/iomgr/iocp_windows.cc +24 -3
  159. data/src/core/lib/iomgr/iocp_windows.h +11 -0
  160. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
  161. data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
  162. data/src/core/lib/iomgr/socket_windows.cc +61 -7
  163. data/src/core/lib/iomgr/socket_windows.h +9 -2
  164. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
  165. data/src/core/lib/iomgr/tcp_server_posix.cc +148 -107
  166. data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
  167. data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
  168. data/src/core/lib/json/json.h +2 -166
  169. data/src/core/lib/json/json_object_loader.cc +8 -9
  170. data/src/core/lib/json/json_object_loader.h +25 -18
  171. data/src/core/lib/json/json_reader.cc +13 -6
  172. data/src/core/lib/json/json_util.cc +6 -11
  173. data/src/core/lib/json/json_writer.cc +7 -8
  174. data/src/core/lib/load_balancing/lb_policy.h +13 -0
  175. data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
  176. data/src/core/lib/matchers/matchers.cc +3 -4
  177. data/src/core/lib/matchers/matchers.h +2 -1
  178. data/src/core/lib/promise/activity.cc +5 -0
  179. data/src/core/lib/promise/activity.h +10 -0
  180. data/src/core/lib/promise/detail/promise_factory.h +1 -1
  181. data/src/core/lib/promise/party.cc +31 -13
  182. data/src/core/lib/promise/party.h +11 -2
  183. data/src/core/lib/promise/pipe.h +9 -2
  184. data/src/core/lib/promise/prioritized_race.h +95 -0
  185. data/src/core/lib/promise/sleep.cc +2 -1
  186. data/src/core/lib/resolver/server_address.cc +0 -8
  187. data/src/core/lib/resolver/server_address.h +0 -6
  188. data/src/core/lib/resource_quota/memory_quota.cc +7 -7
  189. data/src/core/lib/resource_quota/memory_quota.h +1 -2
  190. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  191. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  192. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
  193. data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
  194. data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
  195. data/src/core/lib/security/authorization/rbac_policy.h +19 -2
  196. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  197. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  198. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
  199. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
  200. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
  201. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
  202. data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
  203. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
  204. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
  205. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
  206. data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
  207. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
  208. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
  209. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
  210. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
  211. data/src/core/lib/security/util/json_util.cc +1 -0
  212. data/src/core/lib/service_config/service_config_call_data.h +49 -20
  213. data/src/core/lib/service_config/service_config_impl.cc +2 -1
  214. data/src/core/lib/surface/call.cc +38 -23
  215. data/src/core/lib/surface/completion_queue.cc +6 -2
  216. data/src/core/lib/surface/version.cc +2 -2
  217. data/src/core/lib/transport/batch_builder.cc +15 -12
  218. data/src/core/lib/transport/batch_builder.h +39 -35
  219. data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
  220. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
  221. data/src/ruby/ext/grpc/extconf.rb +8 -9
  222. data/src/ruby/lib/grpc/version.rb +1 -1
  223. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
  224. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
  225. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
  226. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
  227. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
  228. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
  229. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
  230. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
  231. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
  232. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
  233. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
  234. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
  235. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  236. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  237. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
  238. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
  239. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  240. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  241. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
  242. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
  243. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
  244. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  245. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
  246. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
  250. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
  251. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
  252. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
  253. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
  254. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
  255. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
  256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
  258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
  259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
  260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
  261. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
  262. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  263. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
  264. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
  265. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
  266. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  267. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
  268. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
  269. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  270. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
  271. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
  272. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
  273. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
  274. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
  275. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
  276. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  277. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
  278. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
  279. data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
  280. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
  281. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
  282. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
  283. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
  284. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
  286. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  287. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
  288. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
  289. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
  290. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
  291. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
  292. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
  293. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
  294. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
  295. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
  296. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
  297. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
  298. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  299. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  300. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
  301. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
  302. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
  303. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
  304. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
  305. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
  306. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
  307. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
  308. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
  309. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
  310. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
  311. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
  312. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  313. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
  314. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
  315. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
  316. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
  317. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
  318. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
  319. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
  320. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
  321. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
  322. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
  323. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
  324. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
  325. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
  326. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
  327. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
  328. data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
  329. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
  330. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
  331. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
  332. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
  333. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
  334. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  335. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
  336. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
  337. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
  338. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  339. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  340. data/third_party/cares/cares/include/ares.h +23 -1
  341. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  342. data/third_party/cares/cares/include/ares_rules.h +2 -2
  343. data/third_party/cares/cares/include/ares_version.h +3 -3
  344. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  345. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  346. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  347. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  348. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  349. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  350. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  351. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  352. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  353. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  354. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  355. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  356. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  357. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  358. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  359. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  360. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  361. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  362. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  363. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  364. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  365. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  366. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  367. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  368. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  369. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  370. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  371. metadata +48 -12
  372. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
  373. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  374. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -53,6 +53,17 @@ struct evp_hpke_kem_st {
53
53
  int (*decap)(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
54
54
  size_t *out_shared_secret_len, const uint8_t *enc,
55
55
  size_t enc_len);
56
+ int (*auth_encap_with_seed)(const EVP_HPKE_KEY *key,
57
+ uint8_t *out_shared_secret,
58
+ size_t *out_shared_secret_len, uint8_t *out_enc,
59
+ size_t *out_enc_len, size_t max_enc,
60
+ const uint8_t *peer_public_key,
61
+ size_t peer_public_key_len, const uint8_t *seed,
62
+ size_t seed_len);
63
+ int (*auth_decap)(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
64
+ size_t *out_shared_secret_len, const uint8_t *enc,
65
+ size_t enc_len, const uint8_t *peer_public_key,
66
+ size_t peer_public_key_len);
56
67
  };
57
68
 
58
69
  struct evp_hpke_kdf_st {
@@ -211,6 +222,76 @@ static int x25519_decap(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
211
222
  return 1;
212
223
  }
213
224
 
225
+ static int x25519_auth_encap_with_seed(
226
+ const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
227
+ size_t *out_shared_secret_len, uint8_t *out_enc, size_t *out_enc_len,
228
+ size_t max_enc, const uint8_t *peer_public_key, size_t peer_public_key_len,
229
+ const uint8_t *seed, size_t seed_len) {
230
+ if (max_enc < X25519_PUBLIC_VALUE_LEN) {
231
+ OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
232
+ return 0;
233
+ }
234
+ if (seed_len != X25519_PRIVATE_KEY_LEN) {
235
+ OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
236
+ return 0;
237
+ }
238
+ X25519_public_from_private(out_enc, seed);
239
+
240
+ uint8_t dh[2 * X25519_SHARED_KEY_LEN];
241
+ if (peer_public_key_len != X25519_PUBLIC_VALUE_LEN ||
242
+ !X25519(dh, seed, peer_public_key) ||
243
+ !X25519(dh + X25519_SHARED_KEY_LEN, key->private_key, peer_public_key)) {
244
+ OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
245
+ return 0;
246
+ }
247
+
248
+ uint8_t kem_context[3 * X25519_PUBLIC_VALUE_LEN];
249
+ OPENSSL_memcpy(kem_context, out_enc, X25519_PUBLIC_VALUE_LEN);
250
+ OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, peer_public_key,
251
+ X25519_PUBLIC_VALUE_LEN);
252
+ OPENSSL_memcpy(kem_context + 2 * X25519_PUBLIC_VALUE_LEN, key->public_key,
253
+ X25519_PUBLIC_VALUE_LEN);
254
+ if (!dhkem_extract_and_expand(key->kem->id, EVP_sha256(), out_shared_secret,
255
+ SHA256_DIGEST_LENGTH, dh, sizeof(dh),
256
+ kem_context, sizeof(kem_context))) {
257
+ return 0;
258
+ }
259
+
260
+ *out_enc_len = X25519_PUBLIC_VALUE_LEN;
261
+ *out_shared_secret_len = SHA256_DIGEST_LENGTH;
262
+ return 1;
263
+ }
264
+
265
+ static int x25519_auth_decap(const EVP_HPKE_KEY *key,
266
+ uint8_t *out_shared_secret,
267
+ size_t *out_shared_secret_len, const uint8_t *enc,
268
+ size_t enc_len, const uint8_t *peer_public_key,
269
+ size_t peer_public_key_len) {
270
+ uint8_t dh[2 * X25519_SHARED_KEY_LEN];
271
+ if (enc_len != X25519_PUBLIC_VALUE_LEN ||
272
+ peer_public_key_len != X25519_PUBLIC_VALUE_LEN ||
273
+ !X25519(dh, key->private_key, enc) ||
274
+ !X25519(dh + X25519_SHARED_KEY_LEN, key->private_key, peer_public_key)) {
275
+ OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
276
+ return 0;
277
+ }
278
+
279
+ uint8_t kem_context[3 * X25519_PUBLIC_VALUE_LEN];
280
+ OPENSSL_memcpy(kem_context, enc, X25519_PUBLIC_VALUE_LEN);
281
+ OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, key->public_key,
282
+ X25519_PUBLIC_VALUE_LEN);
283
+ OPENSSL_memcpy(kem_context + 2 * X25519_PUBLIC_VALUE_LEN, peer_public_key,
284
+ X25519_PUBLIC_VALUE_LEN);
285
+ if (!dhkem_extract_and_expand(key->kem->id, EVP_sha256(), out_shared_secret,
286
+ SHA256_DIGEST_LENGTH, dh, sizeof(dh),
287
+ kem_context, sizeof(kem_context))) {
288
+ return 0;
289
+ }
290
+
291
+ *out_shared_secret_len = SHA256_DIGEST_LENGTH;
292
+ return 1;
293
+ }
294
+
214
295
  const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void) {
215
296
  static const EVP_HPKE_KEM kKEM = {
216
297
  /*id=*/EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
@@ -222,6 +303,8 @@ const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void) {
222
303
  x25519_generate_key,
223
304
  x25519_encap_with_seed,
224
305
  x25519_decap,
306
+ x25519_auth_encap_with_seed,
307
+ x25519_auth_decap,
225
308
  };
226
309
  return &kKEM;
227
310
  }
@@ -373,8 +456,10 @@ static int hpke_build_suite_id(const EVP_HPKE_CTX *ctx,
373
456
  }
374
457
 
375
458
  #define HPKE_MODE_BASE 0
459
+ #define HPKE_MODE_AUTH 2
376
460
 
377
- static int hpke_key_schedule(EVP_HPKE_CTX *ctx, const uint8_t *shared_secret,
461
+ static int hpke_key_schedule(EVP_HPKE_CTX *ctx, uint8_t mode,
462
+ const uint8_t *shared_secret,
378
463
  size_t shared_secret_len, const uint8_t *info,
379
464
  size_t info_len) {
380
465
  uint8_t suite_id[HPKE_SUITE_ID_LEN];
@@ -407,7 +492,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *ctx, const uint8_t *shared_secret,
407
492
  size_t context_len;
408
493
  CBB context_cbb;
409
494
  CBB_init_fixed(&context_cbb, context, sizeof(context));
410
- if (!CBB_add_u8(&context_cbb, HPKE_MODE_BASE) ||
495
+ if (!CBB_add_u8(&context_cbb, mode) ||
411
496
  !CBB_add_bytes(&context_cbb, psk_id_hash, psk_id_hash_len) ||
412
497
  !CBB_add_bytes(&context_cbb, info_hash, info_hash_len) ||
413
498
  !CBB_finish(&context_cbb, NULL, &context_len)) {
@@ -507,8 +592,8 @@ int EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
507
592
  if (!kem->encap_with_seed(kem, shared_secret, &shared_secret_len, out_enc,
508
593
  out_enc_len, max_enc, peer_public_key,
509
594
  peer_public_key_len, seed, seed_len) ||
510
- !hpke_key_schedule(ctx, shared_secret, shared_secret_len, info,
511
- info_len)) {
595
+ !hpke_key_schedule(ctx, HPKE_MODE_BASE, shared_secret, shared_secret_len,
596
+ info, info_len)) {
512
597
  EVP_HPKE_CTX_cleanup(ctx);
513
598
  return 0;
514
599
  }
@@ -528,8 +613,79 @@ int EVP_HPKE_CTX_setup_recipient(EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key,
528
613
  uint8_t shared_secret[MAX_SHARED_SECRET_LEN];
529
614
  size_t shared_secret_len;
530
615
  if (!key->kem->decap(key, shared_secret, &shared_secret_len, enc, enc_len) ||
531
- !hpke_key_schedule(ctx, shared_secret, shared_secret_len, info,
532
- info_len)) {
616
+ !hpke_key_schedule(ctx, HPKE_MODE_BASE, shared_secret, shared_secret_len,
617
+ info, info_len)) {
618
+ EVP_HPKE_CTX_cleanup(ctx);
619
+ return 0;
620
+ }
621
+ return 1;
622
+ }
623
+
624
+
625
+ int EVP_HPKE_CTX_setup_auth_sender(
626
+ EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
627
+ const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
628
+ const uint8_t *peer_public_key, size_t peer_public_key_len,
629
+ const uint8_t *info, size_t info_len) {
630
+ uint8_t seed[MAX_SEED_LEN];
631
+ RAND_bytes(seed, key->kem->seed_len);
632
+ return EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing(
633
+ ctx, out_enc, out_enc_len, max_enc, key, kdf, aead, peer_public_key,
634
+ peer_public_key_len, info, info_len, seed, key->kem->seed_len);
635
+ }
636
+
637
+ int EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing(
638
+ EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
639
+ const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
640
+ const uint8_t *peer_public_key, size_t peer_public_key_len,
641
+ const uint8_t *info, size_t info_len, const uint8_t *seed,
642
+ size_t seed_len) {
643
+ if (key->kem->auth_encap_with_seed == NULL) {
644
+ // Not all HPKE KEMs support AuthEncap.
645
+ OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
646
+ return 0;
647
+ }
648
+
649
+ EVP_HPKE_CTX_zero(ctx);
650
+ ctx->is_sender = 1;
651
+ ctx->kem = key->kem;
652
+ ctx->kdf = kdf;
653
+ ctx->aead = aead;
654
+ uint8_t shared_secret[MAX_SHARED_SECRET_LEN];
655
+ size_t shared_secret_len;
656
+ if (!key->kem->auth_encap_with_seed(
657
+ key, shared_secret, &shared_secret_len, out_enc, out_enc_len, max_enc,
658
+ peer_public_key, peer_public_key_len, seed, seed_len) ||
659
+ !hpke_key_schedule(ctx, HPKE_MODE_AUTH, shared_secret, shared_secret_len,
660
+ info, info_len)) {
661
+ EVP_HPKE_CTX_cleanup(ctx);
662
+ return 0;
663
+ }
664
+ return 1;
665
+ }
666
+
667
+ int EVP_HPKE_CTX_setup_auth_recipient(
668
+ EVP_HPKE_CTX *ctx, const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf,
669
+ const EVP_HPKE_AEAD *aead, const uint8_t *enc, size_t enc_len,
670
+ const uint8_t *info, size_t info_len, const uint8_t *peer_public_key,
671
+ size_t peer_public_key_len) {
672
+ if (key->kem->auth_decap == NULL) {
673
+ // Not all HPKE KEMs support AuthDecap.
674
+ OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
675
+ return 0;
676
+ }
677
+
678
+ EVP_HPKE_CTX_zero(ctx);
679
+ ctx->is_sender = 0;
680
+ ctx->kem = key->kem;
681
+ ctx->kdf = kdf;
682
+ ctx->aead = aead;
683
+ uint8_t shared_secret[MAX_SHARED_SECRET_LEN];
684
+ size_t shared_secret_len;
685
+ if (!key->kem->auth_decap(key, shared_secret, &shared_secret_len, enc,
686
+ enc_len, peer_public_key, peer_public_key_len) ||
687
+ !hpke_key_schedule(ctx, HPKE_MODE_AUTH, shared_secret, shared_secret_len,
688
+ info, info_len)) {
533
689
  EVP_HPKE_CTX_cleanup(ctx);
534
690
  return 0;
535
691
  }
@@ -548,6 +548,24 @@ OPENSSL_EXPORT void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void));
548
548
  #define OPENSSL_C11_ATOMIC
549
549
  #endif
550
550
 
551
+ // Older MSVC does not support C11 atomics, so we fallback to the Windows APIs.
552
+ // This can be removed once we can rely on
553
+ // https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/
554
+ #if !defined(OPENSSL_C11_ATOMIC) && defined(OPENSSL_THREADS) && \
555
+ defined(OPENSSL_WINDOWS)
556
+ #define OPENSSL_WINDOWS_ATOMIC
557
+ #endif
558
+
559
+ // Require some atomics implementation. Contact BoringSSL maintainers if you
560
+ // have a platform with fails this check.
561
+ //
562
+ // Note this check can only be done in C. From C++, we don't know whether the
563
+ // corresponding C mode would support C11 atomics.
564
+ #if !defined(__cplusplus) && defined(OPENSSL_THREADS) && \
565
+ !defined(OPENSSL_C11_ATOMIC) && !defined(OPENSSL_WINDOWS_ATOMIC)
566
+ #error "Thread-compatible configurations require atomics"
567
+ #endif
568
+
551
569
  // CRYPTO_REFCOUNT_MAX is the value at which the reference count saturates.
552
570
  #define CRYPTO_REFCOUNT_MAX 0xffffffff
553
571
 
@@ -230,7 +230,7 @@ static void scalar_sub(scalar *lhs, const scalar *rhs) {
230
230
  static void scalar_mult(scalar *out, const scalar *lhs, const scalar *rhs) {
231
231
  for (int i = 0; i < DEGREE / 2; i++) {
232
232
  uint32_t real_real = (uint32_t)lhs->c[2 * i] * rhs->c[2 * i];
233
- uint32_t img_img = (uint32_t)rhs->c[2 * i + 1] * lhs->c[2 * i + 1];
233
+ uint32_t img_img = (uint32_t)lhs->c[2 * i + 1] * rhs->c[2 * i + 1];
234
234
  uint32_t real_img = (uint32_t)lhs->c[2 * i] * rhs->c[2 * i + 1];
235
235
  uint32_t img_real = (uint32_t)lhs->c[2 * i + 1] * rhs->c[2 * i];
236
236
  out->c[2 * i] =
@@ -283,16 +283,23 @@ static void scalar_inner_product(scalar *out, const vector *lhs,
283
283
  // operates on public inputs.
284
284
  static void scalar_from_keccak_vartime(scalar *out,
285
285
  struct BORINGSSL_keccak_st *keccak_ctx) {
286
- uint8_t bytes[3];
287
- for (int i = 0; i < DEGREE;) {
288
- BORINGSSL_keccak_squeeze(keccak_ctx, bytes, sizeof(bytes));
289
- uint16_t d1 = bytes[0] + 256 * (bytes[1] % 16);
290
- uint16_t d2 = bytes[1] / 16 + 16 * bytes[2];
291
- if (d1 < kPrime) {
292
- out->c[i++] = d1;
293
- }
294
- if (d2 < kPrime && i < DEGREE) {
295
- out->c[i++] = d2;
286
+ assert(keccak_ctx->offset == 0);
287
+ assert(keccak_ctx->rate_bytes == 168);
288
+ static_assert(168 % 3 == 0, "block and coefficient boundaries do not align");
289
+
290
+ int done = 0;
291
+ while (done < DEGREE) {
292
+ uint8_t block[168];
293
+ BORINGSSL_keccak_squeeze(keccak_ctx, block, sizeof(block));
294
+ for (size_t i = 0; i < sizeof(block) && done < DEGREE; i += 3) {
295
+ uint16_t d1 = block[i] + 256 * (block[i + 1] % 16);
296
+ uint16_t d2 = block[i + 1] / 16 + 16 * block[i + 2];
297
+ if (d1 < kPrime) {
298
+ out->c[done++] = d1;
299
+ }
300
+ if (d2 < kPrime && done < DEGREE) {
301
+ out->c[done++] = d2;
302
+ }
296
303
  }
297
304
  }
298
305
  }
@@ -57,7 +57,7 @@
57
57
  /* This file is generated by crypto/obj/objects.go. */
58
58
 
59
59
 
60
- #define NUM_NID 967
60
+ #define NUM_NID 965
61
61
 
62
62
  static const uint8_t kObjectData[] = {
63
63
  /* NID_rsadsi */
@@ -8777,14 +8777,13 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
8777
8777
  {"AuthPSK", "auth-psk", NID_auth_psk, 0, NULL, 0},
8778
8778
  {"KxANY", "kx-any", NID_kx_any, 0, NULL, 0},
8779
8779
  {"AuthANY", "auth-any", NID_auth_any, 0, NULL, 0},
8780
- {"CECPQ2", "CECPQ2", NID_CECPQ2, 0, NULL, 0},
8780
+ {NULL, NULL, NID_undef, 0, NULL, 0},
8781
8781
  {"ED448", "ED448", NID_ED448, 3, &kObjectData[6181], 0},
8782
8782
  {"X448", "X448", NID_X448, 3, &kObjectData[6184], 0},
8783
8783
  {"SHA512-256", "sha512-256", NID_sha512_256, 9, &kObjectData[6187], 0},
8784
8784
  {"HKDF", "hkdf", NID_hkdf, 0, NULL, 0},
8785
- {"X25519Kyber768", "X25519Kyber768", NID_X25519Kyber768, 0, NULL, 0},
8786
- {"P256Kyber768", "P256Kyber768", NID_P256Kyber768, 0, NULL, 0},
8787
- {"P384Kyber768", "P384Kyber768", NID_P384Kyber768, 0, NULL, 0},
8785
+ {"X25519Kyber768Draft00", "X25519Kyber768Draft00",
8786
+ NID_X25519Kyber768Draft00, 0, NULL, 0},
8788
8787
  };
8789
8788
 
8790
8789
  static const uint16_t kNIDsInShortNameOrder[] = {
@@ -8846,7 +8845,6 @@ static const uint16_t kNIDsInShortNameOrder[] = {
8846
8845
  110 /* CAST5-CFB */,
8847
8846
  109 /* CAST5-ECB */,
8848
8847
  111 /* CAST5-OFB */,
8849
- 959 /* CECPQ2 */,
8850
8848
  894 /* CMAC */,
8851
8849
  13 /* CN */,
8852
8850
  141 /* CRLReason */,
@@ -8918,8 +8916,6 @@ static const uint16_t kNIDsInShortNameOrder[] = {
8918
8916
  18 /* OU */,
8919
8917
  749 /* Oakley-EC2N-3 */,
8920
8918
  750 /* Oakley-EC2N-4 */,
8921
- 965 /* P256Kyber768 */,
8922
- 966 /* P384Kyber768 */,
8923
8919
  9 /* PBE-MD2-DES */,
8924
8920
  168 /* PBE-MD2-RC2-64 */,
8925
8921
  10 /* PBE-MD5-DES */,
@@ -8986,7 +8982,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
8986
8982
  458 /* UID */,
8987
8983
  0 /* UNDEF */,
8988
8984
  948 /* X25519 */,
8989
- 964 /* X25519Kyber768 */,
8985
+ 964 /* X25519Kyber768Draft00 */,
8990
8986
  961 /* X448 */,
8991
8987
  11 /* X500 */,
8992
8988
  378 /* X500algorithms */,
@@ -9758,7 +9754,6 @@ static const uint16_t kNIDsInLongNameOrder[] = {
9758
9754
  285 /* Biometric Info */,
9759
9755
  179 /* CA Issuers */,
9760
9756
  785 /* CA Repository */,
9761
- 959 /* CECPQ2 */,
9762
9757
  131 /* Code Signing */,
9763
9758
  783 /* Diffie-Hellman based MAC */,
9764
9759
  382 /* Directory */,
@@ -9834,8 +9829,6 @@ static const uint16_t kNIDsInLongNameOrder[] = {
9834
9829
  366 /* OCSP Nonce */,
9835
9830
  371 /* OCSP Service Locator */,
9836
9831
  180 /* OCSP Signing */,
9837
- 965 /* P256Kyber768 */,
9838
- 966 /* P384Kyber768 */,
9839
9832
  161 /* PBES2 */,
9840
9833
  69 /* PBKDF2 */,
9841
9834
  162 /* PBMAC1 */,
@@ -9860,7 +9853,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
9860
9853
  133 /* Time Stamping */,
9861
9854
  375 /* Trust Root */,
9862
9855
  948 /* X25519 */,
9863
- 964 /* X25519Kyber768 */,
9856
+ 964 /* X25519Kyber768Draft00 */,
9864
9857
  961 /* X448 */,
9865
9858
  12 /* X509 */,
9866
9859
  402 /* X509v3 AC Targeting */,
@@ -78,7 +78,8 @@
78
78
  static int load_iv(char **fromp, unsigned char *to, size_t num);
79
79
  static int check_pem(const char *nm, const char *name);
80
80
 
81
- void PEM_proc_type(char *buf, int type) {
81
+ // PEM_proc_type appends a Proc-Type header to |buf|, determined by |type|.
82
+ static void PEM_proc_type(char buf[PEM_BUFSIZE], int type) {
82
83
  const char *str;
83
84
 
84
85
  if (type == PEM_TYPE_ENCRYPTED) {
@@ -96,24 +97,27 @@ void PEM_proc_type(char *buf, int type) {
96
97
  OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE);
97
98
  }
98
99
 
99
- void PEM_dek_info(char *buf, const char *type, int len, char *str) {
100
+ // PEM_dek_info appends a DEK-Info header to |buf|, with an algorithm of |type|
101
+ // and a single parameter, specified by hex-encoding |len| bytes from |str|.
102
+ static void PEM_dek_info(char buf[PEM_BUFSIZE], const char *type, size_t len,
103
+ char *str) {
100
104
  static const unsigned char map[17] = "0123456789ABCDEF";
101
- long i;
102
- int j;
103
105
 
104
106
  OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
105
107
  OPENSSL_strlcat(buf, type, PEM_BUFSIZE);
106
108
  OPENSSL_strlcat(buf, ",", PEM_BUFSIZE);
107
- j = strlen(buf);
108
- if (j + (len * 2) + 1 > PEM_BUFSIZE) {
109
+ size_t buf_len = strlen(buf);
110
+ // We must write an additional |2 * len + 2| bytes after |buf_len|, including
111
+ // the trailing newline and NUL.
112
+ if (len > (PEM_BUFSIZE - buf_len - 2) / 2) {
109
113
  return;
110
114
  }
111
- for (i = 0; i < len; i++) {
112
- buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
113
- buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
115
+ for (size_t i = 0; i < len; i++) {
116
+ buf[buf_len + i * 2] = map[(str[i] >> 4) & 0x0f];
117
+ buf[buf_len + i * 2 + 1] = map[(str[i]) & 0x0f];
114
118
  }
115
- buf[j + i * 2] = '\n';
116
- buf[j + i * 2 + 1] = '\0';
119
+ buf[buf_len + len * 2] = '\n';
120
+ buf[buf_len + len * 2 + 1] = '\0';
117
121
  }
118
122
 
119
123
  void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
@@ -318,7 +322,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
318
322
  }
319
323
  kstr = (unsigned char *)buf;
320
324
  }
321
- assert(iv_len <= (int)sizeof(iv));
325
+ assert(iv_len <= sizeof(iv));
322
326
  if (!RAND_bytes(iv, iv_len)) { // Generate a salt
323
327
  goto err;
324
328
  }
@@ -332,7 +336,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
332
336
  OPENSSL_cleanse(buf, PEM_BUFSIZE);
333
337
  }
334
338
 
335
- assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf);
339
+ assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof(buf));
336
340
 
337
341
  buf[0] = '\0';
338
342
  PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
@@ -781,5 +785,5 @@ int PEM_def_callback(char *buf, int size, int rwflag, void *userdata) {
781
785
  return 0;
782
786
  }
783
787
  OPENSSL_strlcpy(buf, userdata, (size_t)size);
784
- return len;
788
+ return (int)len;
785
789
  }
@@ -18,35 +18,25 @@
18
18
  #include <stdlib.h>
19
19
 
20
20
 
21
- #if !defined(OPENSSL_C11_ATOMIC)
21
+ #if !defined(OPENSSL_THREADS)
22
22
 
23
23
  static_assert((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
24
24
  "CRYPTO_REFCOUNT_MAX is incorrect");
25
25
 
26
- static struct CRYPTO_STATIC_MUTEX g_refcount_lock = CRYPTO_STATIC_MUTEX_INIT;
27
-
28
26
  void CRYPTO_refcount_inc(CRYPTO_refcount_t *count) {
29
- CRYPTO_STATIC_MUTEX_lock_write(&g_refcount_lock);
30
27
  if (*count < CRYPTO_REFCOUNT_MAX) {
31
28
  (*count)++;
32
29
  }
33
- CRYPTO_STATIC_MUTEX_unlock_write(&g_refcount_lock);
34
30
  }
35
31
 
36
32
  int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *count) {
37
- int ret;
38
-
39
- CRYPTO_STATIC_MUTEX_lock_write(&g_refcount_lock);
40
33
  if (*count == 0) {
41
34
  abort();
42
35
  }
43
36
  if (*count < CRYPTO_REFCOUNT_MAX) {
44
37
  (*count)--;
45
38
  }
46
- ret = (*count == 0);
47
- CRYPTO_STATIC_MUTEX_unlock_write(&g_refcount_lock);
48
-
49
- return ret;
39
+ return *count == 0;
50
40
  }
51
41
 
52
- #endif // OPENSSL_C11_ATOMIC
42
+ #endif // !OPENSSL_THREADS
@@ -0,0 +1,89 @@
1
+ /* Copyright (c) 2023, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #include "internal.h"
16
+
17
+ #if defined(OPENSSL_WINDOWS_ATOMIC)
18
+
19
+ #include <windows.h>
20
+
21
+
22
+ // See comment above the typedef of CRYPTO_refcount_t about these tests.
23
+ static_assert(alignof(CRYPTO_refcount_t) == alignof(LONG),
24
+ "CRYPTO_refcount_t does not match LONG alignment");
25
+ static_assert(sizeof(CRYPTO_refcount_t) == sizeof(LONG),
26
+ "CRYPTO_refcount_t does not match LONG size");
27
+
28
+ static_assert((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
29
+ "CRYPTO_REFCOUNT_MAX is incorrect");
30
+
31
+ static uint32_t atomic_load_u32(volatile LONG *ptr) {
32
+ // This is not ideal because it still writes to a cacheline. MSVC is not able
33
+ // to optimize this to a true atomic read, and Windows does not provide an
34
+ // InterlockedLoad function.
35
+ //
36
+ // The Windows documentation [1] does say "Simple reads and writes to
37
+ // properly-aligned 32-bit variables are atomic operations", but this is not
38
+ // phrased in terms of the C11 and C++11 memory models, and indeed a read or
39
+ // write seems to produce slightly different code on MSVC than a sequentially
40
+ // consistent std::atomic::load in C++. Moreover, it is unclear if non-MSVC
41
+ // compilers on Windows provide the same guarantees. Thus we avoid relying on
42
+ // this and instead still use an interlocked function. This is still
43
+ // preferable a global mutex, and eventually this code will be replaced by
44
+ // [2]. Additionally, on clang-cl, we'll use the |OPENSSL_C11_ATOMIC| path.
45
+ //
46
+ // [1] https://learn.microsoft.com/en-us/windows/win32/sync/interlocked-variable-access
47
+ // [2] https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/
48
+ return (uint32_t)InterlockedCompareExchange(ptr, 0, 0);
49
+ }
50
+
51
+ static int atomic_compare_exchange_u32(volatile LONG *ptr, uint32_t *expected32,
52
+ uint32_t desired) {
53
+ LONG expected = (LONG)*expected32;
54
+ LONG actual = InterlockedCompareExchange(ptr, (LONG)desired, expected);
55
+ *expected32 = (uint32_t)actual;
56
+ return actual == expected;
57
+ }
58
+
59
+ void CRYPTO_refcount_inc(CRYPTO_refcount_t *in_count) {
60
+ volatile LONG *count = (volatile LONG *)in_count;
61
+ uint32_t expected = atomic_load_u32(count);
62
+
63
+ while (expected != CRYPTO_REFCOUNT_MAX) {
64
+ const uint32_t new_value = expected + 1;
65
+ if (atomic_compare_exchange_u32(count, &expected, new_value)) {
66
+ break;
67
+ }
68
+ }
69
+ }
70
+
71
+ int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *in_count) {
72
+ volatile LONG *count = (volatile LONG *)in_count;
73
+ uint32_t expected = atomic_load_u32(count);
74
+
75
+ for (;;) {
76
+ if (expected == 0) {
77
+ abort();
78
+ } else if (expected == CRYPTO_REFCOUNT_MAX) {
79
+ return 0;
80
+ } else {
81
+ const uint32_t new_value = expected - 1;
82
+ if (atomic_compare_exchange_u32(count, &expected, new_value)) {
83
+ return new_value == 0;
84
+ }
85
+ }
86
+ }
87
+ }
88
+
89
+ #endif // OPENSSL_WINDOWS_ATOMIC
@@ -0,0 +1,77 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.] */
56
+
57
+
58
+ #ifndef OPENSSL_HEADER_RSA_EXTRA_INTERNAL_H
59
+ #define OPENSSL_HEADER_RSA_EXTRA_INTERNAL_H
60
+
61
+ #if defined(__cplusplus)
62
+ extern "C" {
63
+ #endif
64
+
65
+
66
+ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len,
67
+ size_t max_out, const uint8_t *from,
68
+ size_t from_len, const uint8_t *param,
69
+ size_t param_len, const EVP_MD *md,
70
+ const EVP_MD *mgf1md);
71
+
72
+
73
+ #if defined(__cplusplus)
74
+ } // extern C
75
+ #endif
76
+
77
+ #endif // OPENSSL_HEADER_RSA_EXTRA_INTERNAL_H