grpc 1.55.0 → 1.56.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +102 -68
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/grpc_security.h +19 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
- data/src/core/ext/filters/client_channel/client_channel.h +6 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +53 -21
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +42 -40
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +176 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +325 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +567 -543
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +150 -9
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +46 -32
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +18 -5
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/transport/chttp2/transport/parsing.cc +12 -12
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/backoff/random_early_detection.h +5 -0
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +33 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +10 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +182 -119
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +8 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +5 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -1
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +1 -1
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/validate_metadata.cc +37 -22
- data/src/core/lib/surface/validate_metadata.h +13 -3
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +5 -2
- data/src/core/tsi/ssl_transport_security.h +13 -1
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +50 -12
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -71,8 +71,6 @@
|
|
71
71
|
#include "../../internal.h"
|
72
72
|
|
73
73
|
|
74
|
-
#define RSA_PKCS1_PADDING_SIZE 11
|
75
|
-
|
76
74
|
int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len,
|
77
75
|
const uint8_t *from, size_t from_len) {
|
78
76
|
// See RFC 8017, section 9.2.
|
@@ -146,109 +144,6 @@ int RSA_padding_check_PKCS1_type_1(uint8_t *out, size_t *out_len,
|
|
146
144
|
return 1;
|
147
145
|
}
|
148
146
|
|
149
|
-
static void rand_nonzero(uint8_t *out, size_t len) {
|
150
|
-
FIPS_service_indicator_lock_state();
|
151
|
-
RAND_bytes(out, len);
|
152
|
-
|
153
|
-
for (size_t i = 0; i < len; i++) {
|
154
|
-
while (out[i] == 0) {
|
155
|
-
RAND_bytes(out + i, 1);
|
156
|
-
}
|
157
|
-
}
|
158
|
-
|
159
|
-
FIPS_service_indicator_unlock_state();
|
160
|
-
}
|
161
|
-
|
162
|
-
int RSA_padding_add_PKCS1_type_2(uint8_t *to, size_t to_len,
|
163
|
-
const uint8_t *from, size_t from_len) {
|
164
|
-
// See RFC 8017, section 7.2.1.
|
165
|
-
if (to_len < RSA_PKCS1_PADDING_SIZE) {
|
166
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
167
|
-
return 0;
|
168
|
-
}
|
169
|
-
|
170
|
-
if (from_len > to_len - RSA_PKCS1_PADDING_SIZE) {
|
171
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
172
|
-
return 0;
|
173
|
-
}
|
174
|
-
|
175
|
-
to[0] = 0;
|
176
|
-
to[1] = 2;
|
177
|
-
|
178
|
-
size_t padding_len = to_len - 3 - from_len;
|
179
|
-
rand_nonzero(to + 2, padding_len);
|
180
|
-
to[2 + padding_len] = 0;
|
181
|
-
OPENSSL_memcpy(to + to_len - from_len, from, from_len);
|
182
|
-
return 1;
|
183
|
-
}
|
184
|
-
|
185
|
-
int RSA_padding_check_PKCS1_type_2(uint8_t *out, size_t *out_len,
|
186
|
-
size_t max_out, const uint8_t *from,
|
187
|
-
size_t from_len) {
|
188
|
-
if (from_len == 0) {
|
189
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_EMPTY_PUBLIC_KEY);
|
190
|
-
return 0;
|
191
|
-
}
|
192
|
-
|
193
|
-
// PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography
|
194
|
-
// Standard", section 7.2.2.
|
195
|
-
if (from_len < RSA_PKCS1_PADDING_SIZE) {
|
196
|
-
// |from| is zero-padded to the size of the RSA modulus, a public value, so
|
197
|
-
// this can be rejected in non-constant time.
|
198
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
199
|
-
return 0;
|
200
|
-
}
|
201
|
-
|
202
|
-
crypto_word_t first_byte_is_zero = constant_time_eq_w(from[0], 0);
|
203
|
-
crypto_word_t second_byte_is_two = constant_time_eq_w(from[1], 2);
|
204
|
-
|
205
|
-
crypto_word_t zero_index = 0, looking_for_index = CONSTTIME_TRUE_W;
|
206
|
-
for (size_t i = 2; i < from_len; i++) {
|
207
|
-
crypto_word_t equals0 = constant_time_is_zero_w(from[i]);
|
208
|
-
zero_index =
|
209
|
-
constant_time_select_w(looking_for_index & equals0, i, zero_index);
|
210
|
-
looking_for_index = constant_time_select_w(equals0, 0, looking_for_index);
|
211
|
-
}
|
212
|
-
|
213
|
-
// The input must begin with 00 02.
|
214
|
-
crypto_word_t valid_index = first_byte_is_zero;
|
215
|
-
valid_index &= second_byte_is_two;
|
216
|
-
|
217
|
-
// We must have found the end of PS.
|
218
|
-
valid_index &= ~looking_for_index;
|
219
|
-
|
220
|
-
// PS must be at least 8 bytes long, and it starts two bytes into |from|.
|
221
|
-
valid_index &= constant_time_ge_w(zero_index, 2 + 8);
|
222
|
-
|
223
|
-
// Skip the zero byte.
|
224
|
-
zero_index++;
|
225
|
-
|
226
|
-
// NOTE: Although this logic attempts to be constant time, the API contracts
|
227
|
-
// of this function and |RSA_decrypt| with |RSA_PKCS1_PADDING| make it
|
228
|
-
// impossible to completely avoid Bleichenbacher's attack. Consumers should
|
229
|
-
// use |RSA_PADDING_NONE| and perform the padding check in constant-time
|
230
|
-
// combined with a swap to a random session key or other mitigation.
|
231
|
-
CONSTTIME_DECLASSIFY(&valid_index, sizeof(valid_index));
|
232
|
-
CONSTTIME_DECLASSIFY(&zero_index, sizeof(zero_index));
|
233
|
-
|
234
|
-
if (!valid_index) {
|
235
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR);
|
236
|
-
return 0;
|
237
|
-
}
|
238
|
-
|
239
|
-
const size_t msg_len = from_len - zero_index;
|
240
|
-
if (msg_len > max_out) {
|
241
|
-
// This shouldn't happen because this function is always called with
|
242
|
-
// |max_out| as the key size and |from_len| is bounded by the key size.
|
243
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR);
|
244
|
-
return 0;
|
245
|
-
}
|
246
|
-
|
247
|
-
OPENSSL_memcpy(out, &from[zero_index], msg_len);
|
248
|
-
*out_len = msg_len;
|
249
|
-
return 1;
|
250
|
-
}
|
251
|
-
|
252
147
|
int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from,
|
253
148
|
size_t from_len) {
|
254
149
|
if (from_len > to_len) {
|
@@ -265,8 +160,8 @@ int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from,
|
|
265
160
|
return 1;
|
266
161
|
}
|
267
162
|
|
268
|
-
|
269
|
-
|
163
|
+
int PKCS1_MGF1(uint8_t *out, size_t len, const uint8_t *seed, size_t seed_len,
|
164
|
+
const EVP_MD *md) {
|
270
165
|
int ret = 0;
|
271
166
|
EVP_MD_CTX ctx;
|
272
167
|
EVP_MD_CTX_init(&ctx);
|
@@ -310,184 +205,6 @@ err:
|
|
310
205
|
return ret;
|
311
206
|
}
|
312
207
|
|
313
|
-
int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, size_t to_len,
|
314
|
-
const uint8_t *from, size_t from_len,
|
315
|
-
const uint8_t *param, size_t param_len,
|
316
|
-
const EVP_MD *md, const EVP_MD *mgf1md) {
|
317
|
-
if (md == NULL) {
|
318
|
-
md = EVP_sha1();
|
319
|
-
}
|
320
|
-
if (mgf1md == NULL) {
|
321
|
-
mgf1md = md;
|
322
|
-
}
|
323
|
-
|
324
|
-
size_t mdlen = EVP_MD_size(md);
|
325
|
-
|
326
|
-
if (to_len < 2 * mdlen + 2) {
|
327
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
328
|
-
return 0;
|
329
|
-
}
|
330
|
-
|
331
|
-
size_t emlen = to_len - 1;
|
332
|
-
if (from_len > emlen - 2 * mdlen - 1) {
|
333
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
334
|
-
return 0;
|
335
|
-
}
|
336
|
-
|
337
|
-
if (emlen < 2 * mdlen + 1) {
|
338
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
339
|
-
return 0;
|
340
|
-
}
|
341
|
-
|
342
|
-
to[0] = 0;
|
343
|
-
uint8_t *seed = to + 1;
|
344
|
-
uint8_t *db = to + mdlen + 1;
|
345
|
-
|
346
|
-
uint8_t *dbmask = NULL;
|
347
|
-
int ret = 0;
|
348
|
-
FIPS_service_indicator_lock_state();
|
349
|
-
if (!EVP_Digest(param, param_len, db, NULL, md, NULL)) {
|
350
|
-
goto out;
|
351
|
-
}
|
352
|
-
OPENSSL_memset(db + mdlen, 0, emlen - from_len - 2 * mdlen - 1);
|
353
|
-
db[emlen - from_len - mdlen - 1] = 0x01;
|
354
|
-
OPENSSL_memcpy(db + emlen - from_len - mdlen, from, from_len);
|
355
|
-
if (!RAND_bytes(seed, mdlen)) {
|
356
|
-
goto out;
|
357
|
-
}
|
358
|
-
|
359
|
-
dbmask = OPENSSL_malloc(emlen - mdlen);
|
360
|
-
if (dbmask == NULL) {
|
361
|
-
goto out;
|
362
|
-
}
|
363
|
-
|
364
|
-
if (!PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md)) {
|
365
|
-
goto out;
|
366
|
-
}
|
367
|
-
for (size_t i = 0; i < emlen - mdlen; i++) {
|
368
|
-
db[i] ^= dbmask[i];
|
369
|
-
}
|
370
|
-
|
371
|
-
uint8_t seedmask[EVP_MAX_MD_SIZE];
|
372
|
-
if (!PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md)) {
|
373
|
-
goto out;
|
374
|
-
}
|
375
|
-
for (size_t i = 0; i < mdlen; i++) {
|
376
|
-
seed[i] ^= seedmask[i];
|
377
|
-
}
|
378
|
-
ret = 1;
|
379
|
-
|
380
|
-
out:
|
381
|
-
OPENSSL_free(dbmask);
|
382
|
-
FIPS_service_indicator_unlock_state();
|
383
|
-
return ret;
|
384
|
-
}
|
385
|
-
|
386
|
-
int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len,
|
387
|
-
size_t max_out, const uint8_t *from,
|
388
|
-
size_t from_len, const uint8_t *param,
|
389
|
-
size_t param_len, const EVP_MD *md,
|
390
|
-
const EVP_MD *mgf1md) {
|
391
|
-
uint8_t *db = NULL;
|
392
|
-
|
393
|
-
if (md == NULL) {
|
394
|
-
md = EVP_sha1();
|
395
|
-
}
|
396
|
-
if (mgf1md == NULL) {
|
397
|
-
mgf1md = md;
|
398
|
-
}
|
399
|
-
|
400
|
-
size_t mdlen = EVP_MD_size(md);
|
401
|
-
|
402
|
-
// The encoded message is one byte smaller than the modulus to ensure that it
|
403
|
-
// doesn't end up greater than the modulus. Thus there's an extra "+1" here
|
404
|
-
// compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2.
|
405
|
-
if (from_len < 1 + 2*mdlen + 1) {
|
406
|
-
// 'from_len' is the length of the modulus, i.e. does not depend on the
|
407
|
-
// particular ciphertext.
|
408
|
-
goto decoding_err;
|
409
|
-
}
|
410
|
-
|
411
|
-
size_t dblen = from_len - mdlen - 1;
|
412
|
-
FIPS_service_indicator_lock_state();
|
413
|
-
db = OPENSSL_malloc(dblen);
|
414
|
-
if (db == NULL) {
|
415
|
-
goto err;
|
416
|
-
}
|
417
|
-
|
418
|
-
const uint8_t *maskedseed = from + 1;
|
419
|
-
const uint8_t *maskeddb = from + 1 + mdlen;
|
420
|
-
|
421
|
-
uint8_t seed[EVP_MAX_MD_SIZE];
|
422
|
-
if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) {
|
423
|
-
goto err;
|
424
|
-
}
|
425
|
-
for (size_t i = 0; i < mdlen; i++) {
|
426
|
-
seed[i] ^= maskedseed[i];
|
427
|
-
}
|
428
|
-
|
429
|
-
if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) {
|
430
|
-
goto err;
|
431
|
-
}
|
432
|
-
for (size_t i = 0; i < dblen; i++) {
|
433
|
-
db[i] ^= maskeddb[i];
|
434
|
-
}
|
435
|
-
|
436
|
-
uint8_t phash[EVP_MAX_MD_SIZE];
|
437
|
-
if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) {
|
438
|
-
goto err;
|
439
|
-
}
|
440
|
-
|
441
|
-
crypto_word_t bad = ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen));
|
442
|
-
bad |= ~constant_time_is_zero_w(from[0]);
|
443
|
-
|
444
|
-
crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W;
|
445
|
-
size_t one_index = 0;
|
446
|
-
for (size_t i = mdlen; i < dblen; i++) {
|
447
|
-
crypto_word_t equals1 = constant_time_eq_w(db[i], 1);
|
448
|
-
crypto_word_t equals0 = constant_time_eq_w(db[i], 0);
|
449
|
-
one_index =
|
450
|
-
constant_time_select_w(looking_for_one_byte & equals1, i, one_index);
|
451
|
-
looking_for_one_byte =
|
452
|
-
constant_time_select_w(equals1, 0, looking_for_one_byte);
|
453
|
-
bad |= looking_for_one_byte & ~equals0;
|
454
|
-
}
|
455
|
-
|
456
|
-
bad |= looking_for_one_byte;
|
457
|
-
|
458
|
-
// Whether the overall padding was valid or not in OAEP is public.
|
459
|
-
if (constant_time_declassify_w(bad)) {
|
460
|
-
goto decoding_err;
|
461
|
-
}
|
462
|
-
|
463
|
-
// Once the padding is known to be valid, the output length is also public.
|
464
|
-
static_assert(sizeof(size_t) <= sizeof(crypto_word_t),
|
465
|
-
"size_t does not fit in crypto_word_t");
|
466
|
-
one_index = constant_time_declassify_w(one_index);
|
467
|
-
|
468
|
-
one_index++;
|
469
|
-
size_t mlen = dblen - one_index;
|
470
|
-
if (max_out < mlen) {
|
471
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
|
472
|
-
goto err;
|
473
|
-
}
|
474
|
-
|
475
|
-
OPENSSL_memcpy(out, db + one_index, mlen);
|
476
|
-
*out_len = mlen;
|
477
|
-
OPENSSL_free(db);
|
478
|
-
FIPS_service_indicator_unlock_state();
|
479
|
-
return 1;
|
480
|
-
|
481
|
-
decoding_err:
|
482
|
-
// To avoid chosen ciphertext attacks, the error message should not reveal
|
483
|
-
// which kind of decoding error happened.
|
484
|
-
OPENSSL_PUT_ERROR(RSA, RSA_R_OAEP_DECODING_ERROR);
|
485
|
-
err:
|
486
|
-
OPENSSL_free(db);
|
487
|
-
FIPS_service_indicator_unlock_state();
|
488
|
-
return 0;
|
489
|
-
}
|
490
|
-
|
491
208
|
static const uint8_t kPSSZeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
|
492
209
|
|
493
210
|
int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
|
@@ -504,9 +221,9 @@ int RSA_verify_PKCS1_PSS_mgf1(const RSA *rsa, const uint8_t *mHash,
|
|
504
221
|
FIPS_service_indicator_lock_state();
|
505
222
|
|
506
223
|
// Negative sLen has special meanings:
|
507
|
-
//
|
508
|
-
//
|
509
|
-
//
|
224
|
+
// -1 sLen == hLen
|
225
|
+
// -2 salt length is autorecovered from signature
|
226
|
+
// -N reserved
|
510
227
|
size_t hLen = EVP_MD_size(Hash);
|
511
228
|
if (sLen == -1) {
|
512
229
|
sLen = (int)hLen;
|
@@ -83,6 +83,126 @@ OPENSSL_DECLARE_ERROR_REASON(RSA, BLOCK_TYPE_IS_NOT_02)
|
|
83
83
|
|
84
84
|
DEFINE_STATIC_EX_DATA_CLASS(g_rsa_ex_data_class)
|
85
85
|
|
86
|
+
static int bn_dup_into(BIGNUM **dst, const BIGNUM *src) {
|
87
|
+
if (src == NULL) {
|
88
|
+
OPENSSL_PUT_ERROR(RSA, ERR_R_PASSED_NULL_PARAMETER);
|
89
|
+
return 0;
|
90
|
+
}
|
91
|
+
|
92
|
+
BN_free(*dst);
|
93
|
+
*dst = BN_dup(src);
|
94
|
+
return *dst != NULL;
|
95
|
+
}
|
96
|
+
|
97
|
+
RSA *RSA_new_public_key(const BIGNUM *n, const BIGNUM *e) {
|
98
|
+
RSA *rsa = RSA_new();
|
99
|
+
if (rsa == NULL || //
|
100
|
+
!bn_dup_into(&rsa->n, n) || //
|
101
|
+
!bn_dup_into(&rsa->e, e) || //
|
102
|
+
!RSA_check_key(rsa)) {
|
103
|
+
RSA_free(rsa);
|
104
|
+
return NULL;
|
105
|
+
}
|
106
|
+
|
107
|
+
return rsa;
|
108
|
+
}
|
109
|
+
|
110
|
+
RSA *RSA_new_private_key(const BIGNUM *n, const BIGNUM *e, const BIGNUM *d,
|
111
|
+
const BIGNUM *p, const BIGNUM *q, const BIGNUM *dmp1,
|
112
|
+
const BIGNUM *dmq1, const BIGNUM *iqmp) {
|
113
|
+
RSA *rsa = RSA_new();
|
114
|
+
if (rsa == NULL || //
|
115
|
+
!bn_dup_into(&rsa->n, n) || //
|
116
|
+
!bn_dup_into(&rsa->e, e) || //
|
117
|
+
!bn_dup_into(&rsa->d, d) || //
|
118
|
+
!bn_dup_into(&rsa->p, p) || //
|
119
|
+
!bn_dup_into(&rsa->q, q) || //
|
120
|
+
!bn_dup_into(&rsa->dmp1, dmp1) || //
|
121
|
+
!bn_dup_into(&rsa->dmq1, dmq1) || //
|
122
|
+
!bn_dup_into(&rsa->iqmp, iqmp) || //
|
123
|
+
!RSA_check_key(rsa)) {
|
124
|
+
RSA_free(rsa);
|
125
|
+
return NULL;
|
126
|
+
}
|
127
|
+
|
128
|
+
return rsa;
|
129
|
+
}
|
130
|
+
|
131
|
+
RSA *RSA_new_private_key_no_crt(const BIGNUM *n, const BIGNUM *e,
|
132
|
+
const BIGNUM *d) {
|
133
|
+
RSA *rsa = RSA_new();
|
134
|
+
if (rsa == NULL || //
|
135
|
+
!bn_dup_into(&rsa->n, n) || //
|
136
|
+
!bn_dup_into(&rsa->e, e) || //
|
137
|
+
!bn_dup_into(&rsa->d, d) || //
|
138
|
+
!RSA_check_key(rsa)) {
|
139
|
+
RSA_free(rsa);
|
140
|
+
return NULL;
|
141
|
+
}
|
142
|
+
|
143
|
+
return rsa;
|
144
|
+
}
|
145
|
+
|
146
|
+
RSA *RSA_new_private_key_no_e(const BIGNUM *n, const BIGNUM *d) {
|
147
|
+
RSA *rsa = RSA_new();
|
148
|
+
if (rsa == NULL) {
|
149
|
+
return NULL;
|
150
|
+
}
|
151
|
+
|
152
|
+
rsa->flags |= RSA_FLAG_NO_PUBLIC_EXPONENT;
|
153
|
+
if (!bn_dup_into(&rsa->n, n) || //
|
154
|
+
!bn_dup_into(&rsa->d, d) || //
|
155
|
+
!RSA_check_key(rsa)) {
|
156
|
+
RSA_free(rsa);
|
157
|
+
return NULL;
|
158
|
+
}
|
159
|
+
|
160
|
+
return rsa;
|
161
|
+
}
|
162
|
+
|
163
|
+
RSA *RSA_new_public_key_large_e(const BIGNUM *n, const BIGNUM *e) {
|
164
|
+
RSA *rsa = RSA_new();
|
165
|
+
if (rsa == NULL) {
|
166
|
+
return NULL;
|
167
|
+
}
|
168
|
+
|
169
|
+
rsa->flags |= RSA_FLAG_LARGE_PUBLIC_EXPONENT;
|
170
|
+
if (!bn_dup_into(&rsa->n, n) || //
|
171
|
+
!bn_dup_into(&rsa->e, e) || //
|
172
|
+
!RSA_check_key(rsa)) {
|
173
|
+
RSA_free(rsa);
|
174
|
+
return NULL;
|
175
|
+
}
|
176
|
+
|
177
|
+
return rsa;
|
178
|
+
}
|
179
|
+
|
180
|
+
RSA *RSA_new_private_key_large_e(const BIGNUM *n, const BIGNUM *e,
|
181
|
+
const BIGNUM *d, const BIGNUM *p,
|
182
|
+
const BIGNUM *q, const BIGNUM *dmp1,
|
183
|
+
const BIGNUM *dmq1, const BIGNUM *iqmp) {
|
184
|
+
RSA *rsa = RSA_new();
|
185
|
+
if (rsa == NULL) {
|
186
|
+
return NULL;
|
187
|
+
}
|
188
|
+
|
189
|
+
rsa->flags |= RSA_FLAG_LARGE_PUBLIC_EXPONENT;
|
190
|
+
if (!bn_dup_into(&rsa->n, n) || //
|
191
|
+
!bn_dup_into(&rsa->e, e) || //
|
192
|
+
!bn_dup_into(&rsa->d, d) || //
|
193
|
+
!bn_dup_into(&rsa->p, p) || //
|
194
|
+
!bn_dup_into(&rsa->q, q) || //
|
195
|
+
!bn_dup_into(&rsa->dmp1, dmp1) || //
|
196
|
+
!bn_dup_into(&rsa->dmq1, dmq1) || //
|
197
|
+
!bn_dup_into(&rsa->iqmp, iqmp) || //
|
198
|
+
!RSA_check_key(rsa)) {
|
199
|
+
RSA_free(rsa);
|
200
|
+
return NULL;
|
201
|
+
}
|
202
|
+
|
203
|
+
return rsa;
|
204
|
+
}
|
205
|
+
|
86
206
|
RSA *RSA_new(void) { return RSA_new_method(NULL); }
|
87
207
|
|
88
208
|
RSA *RSA_new_method(const ENGINE *engine) {
|
@@ -118,9 +238,18 @@ RSA *RSA_new_method(const ENGINE *engine) {
|
|
118
238
|
return rsa;
|
119
239
|
}
|
120
240
|
|
121
|
-
|
122
|
-
|
241
|
+
RSA *RSA_new_method_no_e(const ENGINE *engine, const BIGNUM *n) {
|
242
|
+
RSA *rsa = RSA_new_method(engine);
|
243
|
+
if (rsa == NULL ||
|
244
|
+
!bn_dup_into(&rsa->n, n)) {
|
245
|
+
RSA_free(rsa);
|
246
|
+
return NULL;
|
247
|
+
}
|
248
|
+
rsa->flags |= RSA_FLAG_NO_PUBLIC_EXPONENT;
|
249
|
+
return rsa;
|
250
|
+
}
|
123
251
|
|
252
|
+
void RSA_free(RSA *rsa) {
|
124
253
|
if (rsa == NULL) {
|
125
254
|
return;
|
126
255
|
}
|
@@ -144,18 +273,7 @@ void RSA_free(RSA *rsa) {
|
|
144
273
|
BN_free(rsa->dmp1);
|
145
274
|
BN_free(rsa->dmq1);
|
146
275
|
BN_free(rsa->iqmp);
|
147
|
-
|
148
|
-
BN_MONT_CTX_free(rsa->mont_p);
|
149
|
-
BN_MONT_CTX_free(rsa->mont_q);
|
150
|
-
BN_free(rsa->d_fixed);
|
151
|
-
BN_free(rsa->dmp1_fixed);
|
152
|
-
BN_free(rsa->dmq1_fixed);
|
153
|
-
BN_free(rsa->inv_small_mod_large_mont);
|
154
|
-
for (u = 0; u < rsa->num_blindings; u++) {
|
155
|
-
BN_BLINDING_free(rsa->blindings[u]);
|
156
|
-
}
|
157
|
-
OPENSSL_free(rsa->blindings);
|
158
|
-
OPENSSL_free(rsa->blindings_inuse);
|
276
|
+
rsa_invalidate_key(rsa);
|
159
277
|
CRYPTO_MUTEX_cleanup(&rsa->lock);
|
160
278
|
OPENSSL_free(rsa);
|
161
279
|
}
|
@@ -244,6 +362,7 @@ int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
|
|
244
362
|
rsa->d = d;
|
245
363
|
}
|
246
364
|
|
365
|
+
rsa_invalidate_key(rsa);
|
247
366
|
return 1;
|
248
367
|
}
|
249
368
|
|
@@ -262,6 +381,7 @@ int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) {
|
|
262
381
|
rsa->q = q;
|
263
382
|
}
|
264
383
|
|
384
|
+
rsa_invalidate_key(rsa);
|
265
385
|
return 1;
|
266
386
|
}
|
267
387
|
|
@@ -285,24 +405,10 @@ int RSA_set0_crt_params(RSA *rsa, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
|
|
285
405
|
rsa->iqmp = iqmp;
|
286
406
|
}
|
287
407
|
|
408
|
+
rsa_invalidate_key(rsa);
|
288
409
|
return 1;
|
289
410
|
}
|
290
411
|
|
291
|
-
int RSA_public_encrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
292
|
-
int padding) {
|
293
|
-
size_t out_len;
|
294
|
-
|
295
|
-
if (!RSA_encrypt(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
296
|
-
return -1;
|
297
|
-
}
|
298
|
-
|
299
|
-
if (out_len > INT_MAX) {
|
300
|
-
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
301
|
-
return -1;
|
302
|
-
}
|
303
|
-
return (int)out_len;
|
304
|
-
}
|
305
|
-
|
306
412
|
static int rsa_sign_raw_no_self_test(RSA *rsa, size_t *out_len, uint8_t *out,
|
307
413
|
size_t max_out, const uint8_t *in,
|
308
414
|
size_t in_len, int padding) {
|
@@ -320,58 +426,6 @@ int RSA_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
|
320
426
|
padding);
|
321
427
|
}
|
322
428
|
|
323
|
-
int RSA_private_encrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
324
|
-
int padding) {
|
325
|
-
size_t out_len;
|
326
|
-
|
327
|
-
if (!RSA_sign_raw(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
328
|
-
return -1;
|
329
|
-
}
|
330
|
-
|
331
|
-
if (out_len > INT_MAX) {
|
332
|
-
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
333
|
-
return -1;
|
334
|
-
}
|
335
|
-
return (int)out_len;
|
336
|
-
}
|
337
|
-
|
338
|
-
int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
339
|
-
const uint8_t *in, size_t in_len, int padding) {
|
340
|
-
if (rsa->meth->decrypt) {
|
341
|
-
return rsa->meth->decrypt(rsa, out_len, out, max_out, in, in_len, padding);
|
342
|
-
}
|
343
|
-
|
344
|
-
return rsa_default_decrypt(rsa, out_len, out, max_out, in, in_len, padding);
|
345
|
-
}
|
346
|
-
|
347
|
-
int RSA_private_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
348
|
-
int padding) {
|
349
|
-
size_t out_len;
|
350
|
-
if (!RSA_decrypt(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
351
|
-
return -1;
|
352
|
-
}
|
353
|
-
|
354
|
-
if (out_len > INT_MAX) {
|
355
|
-
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
356
|
-
return -1;
|
357
|
-
}
|
358
|
-
return (int)out_len;
|
359
|
-
}
|
360
|
-
|
361
|
-
int RSA_public_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
362
|
-
int padding) {
|
363
|
-
size_t out_len;
|
364
|
-
if (!RSA_verify_raw(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
365
|
-
return -1;
|
366
|
-
}
|
367
|
-
|
368
|
-
if (out_len > INT_MAX) {
|
369
|
-
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
370
|
-
return -1;
|
371
|
-
}
|
372
|
-
return (int)out_len;
|
373
|
-
}
|
374
|
-
|
375
429
|
unsigned RSA_size(const RSA *rsa) {
|
376
430
|
size_t ret = rsa->meth->size ? rsa->meth->size(rsa) : rsa_default_size(rsa);
|
377
431
|
// RSA modulus sizes are bounded by |BIGNUM|, which must fit in |unsigned|.
|
@@ -962,8 +1016,8 @@ cleanup:
|
|
962
1016
|
return ret;
|
963
1017
|
}
|
964
1018
|
|
965
|
-
int
|
966
|
-
|
1019
|
+
int rsa_private_transform_no_self_test(RSA *rsa, uint8_t *out,
|
1020
|
+
const uint8_t *in, size_t len) {
|
967
1021
|
if (rsa->meth->private_transform) {
|
968
1022
|
return rsa->meth->private_transform(rsa, out, in, len);
|
969
1023
|
}
|
@@ -971,6 +1025,12 @@ int RSA_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
|
971
1025
|
return rsa_default_private_transform(rsa, out, in, len);
|
972
1026
|
}
|
973
1027
|
|
1028
|
+
int rsa_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
1029
|
+
size_t len) {
|
1030
|
+
boringssl_ensure_rsa_self_test();
|
1031
|
+
return rsa_private_transform_no_self_test(rsa, out, in, len);
|
1032
|
+
}
|
1033
|
+
|
974
1034
|
int RSA_flags(const RSA *rsa) { return rsa->flags; }
|
975
1035
|
|
976
1036
|
int RSA_test_flags(const RSA *rsa, int flags) { return rsa->flags & flags; }
|