grpc 1.55.0 → 1.56.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +102 -68
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/grpc_security.h +19 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
- data/src/core/ext/filters/client_channel/client_channel.h +6 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +53 -21
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +42 -40
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +176 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +325 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +567 -543
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +150 -9
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +46 -32
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +18 -5
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/transport/chttp2/transport/parsing.cc +12 -12
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/backoff/random_early_detection.h +5 -0
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +33 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +10 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +182 -119
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +8 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +5 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -1
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +1 -1
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/validate_metadata.cc +37 -22
- data/src/core/lib/surface/validate_metadata.h +13 -3
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +5 -2
- data/src/core/tsi/ssl_transport_security.h +13 -1
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +50 -12
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -0,0 +1,568 @@
|
|
1
|
+
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
2
|
+
* All rights reserved.
|
3
|
+
*
|
4
|
+
* This package is an SSL implementation written
|
5
|
+
* by Eric Young (eay@cryptsoft.com).
|
6
|
+
* The implementation was written so as to conform with Netscapes SSL.
|
7
|
+
*
|
8
|
+
* This library is free for commercial and non-commercial use as long as
|
9
|
+
* the following conditions are aheared to. The following conditions
|
10
|
+
* apply to all code found in this distribution, be it the RC4, RSA,
|
11
|
+
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
12
|
+
* included with this distribution is covered by the same copyright terms
|
13
|
+
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
14
|
+
*
|
15
|
+
* Copyright remains Eric Young's, and as such any Copyright notices in
|
16
|
+
* the code are not to be removed.
|
17
|
+
* If this package is used in a product, Eric Young should be given attribution
|
18
|
+
* as the author of the parts of the library used.
|
19
|
+
* This can be in the form of a textual message at program startup or
|
20
|
+
* in documentation (online or textual) provided with the package.
|
21
|
+
*
|
22
|
+
* Redistribution and use in source and binary forms, with or without
|
23
|
+
* modification, are permitted provided that the following conditions
|
24
|
+
* are met:
|
25
|
+
* 1. Redistributions of source code must retain the copyright
|
26
|
+
* notice, this list of conditions and the following disclaimer.
|
27
|
+
* 2. Redistributions in binary form must reproduce the above copyright
|
28
|
+
* notice, this list of conditions and the following disclaimer in the
|
29
|
+
* documentation and/or other materials provided with the distribution.
|
30
|
+
* 3. All advertising materials mentioning features or use of this software
|
31
|
+
* must display the following acknowledgement:
|
32
|
+
* "This product includes cryptographic software written by
|
33
|
+
* Eric Young (eay@cryptsoft.com)"
|
34
|
+
* The word 'cryptographic' can be left out if the rouines from the library
|
35
|
+
* being used are not cryptographic related :-).
|
36
|
+
* 4. If you include any Windows specific code (or a derivative thereof) from
|
37
|
+
* the apps directory (application code) you must include an acknowledgement:
|
38
|
+
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
39
|
+
*
|
40
|
+
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
41
|
+
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
42
|
+
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
43
|
+
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
44
|
+
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
45
|
+
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
46
|
+
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
47
|
+
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
48
|
+
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
49
|
+
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
50
|
+
* SUCH DAMAGE.
|
51
|
+
*
|
52
|
+
* The licence and distribution terms for any publically available version or
|
53
|
+
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
54
|
+
* copied and put under another distribution licence
|
55
|
+
* [including the GNU Public Licence.] */
|
56
|
+
|
57
|
+
#include <openssl/base.h>
|
58
|
+
|
59
|
+
#include <limits.h>
|
60
|
+
|
61
|
+
#include <openssl/err.h>
|
62
|
+
#include <openssl/rsa.h>
|
63
|
+
#include <openssl/bn.h>
|
64
|
+
#include <openssl/rand.h>
|
65
|
+
#include <openssl/mem.h>
|
66
|
+
#include <openssl/evp.h>
|
67
|
+
|
68
|
+
#include "../fipsmodule/bn/internal.h"
|
69
|
+
#include "../fipsmodule/rsa/internal.h"
|
70
|
+
#include "../internal.h"
|
71
|
+
#include "internal.h"
|
72
|
+
|
73
|
+
|
74
|
+
static void rand_nonzero(uint8_t *out, size_t len) {
|
75
|
+
RAND_bytes(out, len);
|
76
|
+
|
77
|
+
for (size_t i = 0; i < len; i++) {
|
78
|
+
while (out[i] == 0) {
|
79
|
+
RAND_bytes(out + i, 1);
|
80
|
+
}
|
81
|
+
}
|
82
|
+
}
|
83
|
+
|
84
|
+
int RSA_padding_add_PKCS1_OAEP_mgf1(uint8_t *to, size_t to_len,
|
85
|
+
const uint8_t *from, size_t from_len,
|
86
|
+
const uint8_t *param, size_t param_len,
|
87
|
+
const EVP_MD *md, const EVP_MD *mgf1md) {
|
88
|
+
if (md == NULL) {
|
89
|
+
md = EVP_sha1();
|
90
|
+
}
|
91
|
+
if (mgf1md == NULL) {
|
92
|
+
mgf1md = md;
|
93
|
+
}
|
94
|
+
|
95
|
+
size_t mdlen = EVP_MD_size(md);
|
96
|
+
|
97
|
+
if (to_len < 2 * mdlen + 2) {
|
98
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
99
|
+
return 0;
|
100
|
+
}
|
101
|
+
|
102
|
+
size_t emlen = to_len - 1;
|
103
|
+
if (from_len > emlen - 2 * mdlen - 1) {
|
104
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
105
|
+
return 0;
|
106
|
+
}
|
107
|
+
|
108
|
+
if (emlen < 2 * mdlen + 1) {
|
109
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
110
|
+
return 0;
|
111
|
+
}
|
112
|
+
|
113
|
+
to[0] = 0;
|
114
|
+
uint8_t *seed = to + 1;
|
115
|
+
uint8_t *db = to + mdlen + 1;
|
116
|
+
|
117
|
+
uint8_t *dbmask = NULL;
|
118
|
+
int ret = 0;
|
119
|
+
if (!EVP_Digest(param, param_len, db, NULL, md, NULL)) {
|
120
|
+
goto out;
|
121
|
+
}
|
122
|
+
OPENSSL_memset(db + mdlen, 0, emlen - from_len - 2 * mdlen - 1);
|
123
|
+
db[emlen - from_len - mdlen - 1] = 0x01;
|
124
|
+
OPENSSL_memcpy(db + emlen - from_len - mdlen, from, from_len);
|
125
|
+
if (!RAND_bytes(seed, mdlen)) {
|
126
|
+
goto out;
|
127
|
+
}
|
128
|
+
|
129
|
+
dbmask = OPENSSL_malloc(emlen - mdlen);
|
130
|
+
if (dbmask == NULL) {
|
131
|
+
goto out;
|
132
|
+
}
|
133
|
+
|
134
|
+
if (!PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md)) {
|
135
|
+
goto out;
|
136
|
+
}
|
137
|
+
for (size_t i = 0; i < emlen - mdlen; i++) {
|
138
|
+
db[i] ^= dbmask[i];
|
139
|
+
}
|
140
|
+
|
141
|
+
uint8_t seedmask[EVP_MAX_MD_SIZE];
|
142
|
+
if (!PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md)) {
|
143
|
+
goto out;
|
144
|
+
}
|
145
|
+
for (size_t i = 0; i < mdlen; i++) {
|
146
|
+
seed[i] ^= seedmask[i];
|
147
|
+
}
|
148
|
+
ret = 1;
|
149
|
+
|
150
|
+
out:
|
151
|
+
OPENSSL_free(dbmask);
|
152
|
+
return ret;
|
153
|
+
}
|
154
|
+
|
155
|
+
int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len,
|
156
|
+
size_t max_out, const uint8_t *from,
|
157
|
+
size_t from_len, const uint8_t *param,
|
158
|
+
size_t param_len, const EVP_MD *md,
|
159
|
+
const EVP_MD *mgf1md) {
|
160
|
+
uint8_t *db = NULL;
|
161
|
+
|
162
|
+
if (md == NULL) {
|
163
|
+
md = EVP_sha1();
|
164
|
+
}
|
165
|
+
if (mgf1md == NULL) {
|
166
|
+
mgf1md = md;
|
167
|
+
}
|
168
|
+
|
169
|
+
size_t mdlen = EVP_MD_size(md);
|
170
|
+
|
171
|
+
// The encoded message is one byte smaller than the modulus to ensure that it
|
172
|
+
// doesn't end up greater than the modulus. Thus there's an extra "+1" here
|
173
|
+
// compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2.
|
174
|
+
if (from_len < 1 + 2 * mdlen + 1) {
|
175
|
+
// 'from_len' is the length of the modulus, i.e. does not depend on the
|
176
|
+
// particular ciphertext.
|
177
|
+
goto decoding_err;
|
178
|
+
}
|
179
|
+
|
180
|
+
size_t dblen = from_len - mdlen - 1;
|
181
|
+
db = OPENSSL_malloc(dblen);
|
182
|
+
if (db == NULL) {
|
183
|
+
goto err;
|
184
|
+
}
|
185
|
+
|
186
|
+
const uint8_t *maskedseed = from + 1;
|
187
|
+
const uint8_t *maskeddb = from + 1 + mdlen;
|
188
|
+
|
189
|
+
uint8_t seed[EVP_MAX_MD_SIZE];
|
190
|
+
if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) {
|
191
|
+
goto err;
|
192
|
+
}
|
193
|
+
for (size_t i = 0; i < mdlen; i++) {
|
194
|
+
seed[i] ^= maskedseed[i];
|
195
|
+
}
|
196
|
+
|
197
|
+
if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) {
|
198
|
+
goto err;
|
199
|
+
}
|
200
|
+
for (size_t i = 0; i < dblen; i++) {
|
201
|
+
db[i] ^= maskeddb[i];
|
202
|
+
}
|
203
|
+
|
204
|
+
uint8_t phash[EVP_MAX_MD_SIZE];
|
205
|
+
if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) {
|
206
|
+
goto err;
|
207
|
+
}
|
208
|
+
|
209
|
+
crypto_word_t bad = ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen));
|
210
|
+
bad |= ~constant_time_is_zero_w(from[0]);
|
211
|
+
|
212
|
+
crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W;
|
213
|
+
size_t one_index = 0;
|
214
|
+
for (size_t i = mdlen; i < dblen; i++) {
|
215
|
+
crypto_word_t equals1 = constant_time_eq_w(db[i], 1);
|
216
|
+
crypto_word_t equals0 = constant_time_eq_w(db[i], 0);
|
217
|
+
one_index =
|
218
|
+
constant_time_select_w(looking_for_one_byte & equals1, i, one_index);
|
219
|
+
looking_for_one_byte =
|
220
|
+
constant_time_select_w(equals1, 0, looking_for_one_byte);
|
221
|
+
bad |= looking_for_one_byte & ~equals0;
|
222
|
+
}
|
223
|
+
|
224
|
+
bad |= looking_for_one_byte;
|
225
|
+
|
226
|
+
// Whether the overall padding was valid or not in OAEP is public.
|
227
|
+
if (constant_time_declassify_w(bad)) {
|
228
|
+
goto decoding_err;
|
229
|
+
}
|
230
|
+
|
231
|
+
// Once the padding is known to be valid, the output length is also public.
|
232
|
+
static_assert(sizeof(size_t) <= sizeof(crypto_word_t),
|
233
|
+
"size_t does not fit in crypto_word_t");
|
234
|
+
one_index = constant_time_declassify_w(one_index);
|
235
|
+
|
236
|
+
one_index++;
|
237
|
+
size_t mlen = dblen - one_index;
|
238
|
+
if (max_out < mlen) {
|
239
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
|
240
|
+
goto err;
|
241
|
+
}
|
242
|
+
|
243
|
+
OPENSSL_memcpy(out, db + one_index, mlen);
|
244
|
+
*out_len = mlen;
|
245
|
+
OPENSSL_free(db);
|
246
|
+
return 1;
|
247
|
+
|
248
|
+
decoding_err:
|
249
|
+
// To avoid chosen ciphertext attacks, the error message should not reveal
|
250
|
+
// which kind of decoding error happened.
|
251
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_OAEP_DECODING_ERROR);
|
252
|
+
err:
|
253
|
+
OPENSSL_free(db);
|
254
|
+
return 0;
|
255
|
+
}
|
256
|
+
|
257
|
+
static int rsa_padding_add_PKCS1_type_2(uint8_t *to, size_t to_len,
|
258
|
+
const uint8_t *from, size_t from_len) {
|
259
|
+
// See RFC 8017, section 7.2.1.
|
260
|
+
if (to_len < RSA_PKCS1_PADDING_SIZE) {
|
261
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
262
|
+
return 0;
|
263
|
+
}
|
264
|
+
|
265
|
+
if (from_len > to_len - RSA_PKCS1_PADDING_SIZE) {
|
266
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
267
|
+
return 0;
|
268
|
+
}
|
269
|
+
|
270
|
+
to[0] = 0;
|
271
|
+
to[1] = 2;
|
272
|
+
|
273
|
+
size_t padding_len = to_len - 3 - from_len;
|
274
|
+
rand_nonzero(to + 2, padding_len);
|
275
|
+
to[2 + padding_len] = 0;
|
276
|
+
OPENSSL_memcpy(to + to_len - from_len, from, from_len);
|
277
|
+
return 1;
|
278
|
+
}
|
279
|
+
|
280
|
+
static int rsa_padding_check_PKCS1_type_2(uint8_t *out, size_t *out_len,
|
281
|
+
size_t max_out, const uint8_t *from,
|
282
|
+
size_t from_len) {
|
283
|
+
if (from_len == 0) {
|
284
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_EMPTY_PUBLIC_KEY);
|
285
|
+
return 0;
|
286
|
+
}
|
287
|
+
|
288
|
+
// PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography
|
289
|
+
// Standard", section 7.2.2.
|
290
|
+
if (from_len < RSA_PKCS1_PADDING_SIZE) {
|
291
|
+
// |from| is zero-padded to the size of the RSA modulus, a public value, so
|
292
|
+
// this can be rejected in non-constant time.
|
293
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
|
294
|
+
return 0;
|
295
|
+
}
|
296
|
+
|
297
|
+
crypto_word_t first_byte_is_zero = constant_time_eq_w(from[0], 0);
|
298
|
+
crypto_word_t second_byte_is_two = constant_time_eq_w(from[1], 2);
|
299
|
+
|
300
|
+
crypto_word_t zero_index = 0, looking_for_index = CONSTTIME_TRUE_W;
|
301
|
+
for (size_t i = 2; i < from_len; i++) {
|
302
|
+
crypto_word_t equals0 = constant_time_is_zero_w(from[i]);
|
303
|
+
zero_index =
|
304
|
+
constant_time_select_w(looking_for_index & equals0, i, zero_index);
|
305
|
+
looking_for_index = constant_time_select_w(equals0, 0, looking_for_index);
|
306
|
+
}
|
307
|
+
|
308
|
+
// The input must begin with 00 02.
|
309
|
+
crypto_word_t valid_index = first_byte_is_zero;
|
310
|
+
valid_index &= second_byte_is_two;
|
311
|
+
|
312
|
+
// We must have found the end of PS.
|
313
|
+
valid_index &= ~looking_for_index;
|
314
|
+
|
315
|
+
// PS must be at least 8 bytes long, and it starts two bytes into |from|.
|
316
|
+
valid_index &= constant_time_ge_w(zero_index, 2 + 8);
|
317
|
+
|
318
|
+
// Skip the zero byte.
|
319
|
+
zero_index++;
|
320
|
+
|
321
|
+
// NOTE: Although this logic attempts to be constant time, the API contracts
|
322
|
+
// of this function and |RSA_decrypt| with |RSA_PKCS1_PADDING| make it
|
323
|
+
// impossible to completely avoid Bleichenbacher's attack. Consumers should
|
324
|
+
// use |RSA_PADDING_NONE| and perform the padding check in constant-time
|
325
|
+
// combined with a swap to a random session key or other mitigation.
|
326
|
+
CONSTTIME_DECLASSIFY(&valid_index, sizeof(valid_index));
|
327
|
+
CONSTTIME_DECLASSIFY(&zero_index, sizeof(zero_index));
|
328
|
+
|
329
|
+
if (!valid_index) {
|
330
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR);
|
331
|
+
return 0;
|
332
|
+
}
|
333
|
+
|
334
|
+
const size_t msg_len = from_len - zero_index;
|
335
|
+
if (msg_len > max_out) {
|
336
|
+
// This shouldn't happen because this function is always called with
|
337
|
+
// |max_out| as the key size and |from_len| is bounded by the key size.
|
338
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_PKCS_DECODING_ERROR);
|
339
|
+
return 0;
|
340
|
+
}
|
341
|
+
|
342
|
+
OPENSSL_memcpy(out, &from[zero_index], msg_len);
|
343
|
+
*out_len = msg_len;
|
344
|
+
return 1;
|
345
|
+
}
|
346
|
+
|
347
|
+
int RSA_public_encrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
348
|
+
int padding) {
|
349
|
+
size_t out_len;
|
350
|
+
|
351
|
+
if (!RSA_encrypt(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
352
|
+
return -1;
|
353
|
+
}
|
354
|
+
|
355
|
+
if (out_len > INT_MAX) {
|
356
|
+
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
357
|
+
return -1;
|
358
|
+
}
|
359
|
+
return (int)out_len;
|
360
|
+
}
|
361
|
+
|
362
|
+
int RSA_private_encrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
363
|
+
int padding) {
|
364
|
+
size_t out_len;
|
365
|
+
|
366
|
+
if (!RSA_sign_raw(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
367
|
+
return -1;
|
368
|
+
}
|
369
|
+
|
370
|
+
if (out_len > INT_MAX) {
|
371
|
+
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
372
|
+
return -1;
|
373
|
+
}
|
374
|
+
return (int)out_len;
|
375
|
+
}
|
376
|
+
|
377
|
+
int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
378
|
+
const uint8_t *in, size_t in_len, int padding) {
|
379
|
+
if (rsa->n == NULL || rsa->e == NULL) {
|
380
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);
|
381
|
+
return 0;
|
382
|
+
}
|
383
|
+
|
384
|
+
if (!rsa_check_public_key(rsa)) {
|
385
|
+
return 0;
|
386
|
+
}
|
387
|
+
|
388
|
+
const unsigned rsa_size = RSA_size(rsa);
|
389
|
+
BIGNUM *f, *result;
|
390
|
+
uint8_t *buf = NULL;
|
391
|
+
BN_CTX *ctx = NULL;
|
392
|
+
int i, ret = 0;
|
393
|
+
|
394
|
+
if (max_out < rsa_size) {
|
395
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
|
396
|
+
return 0;
|
397
|
+
}
|
398
|
+
|
399
|
+
ctx = BN_CTX_new();
|
400
|
+
if (ctx == NULL) {
|
401
|
+
goto err;
|
402
|
+
}
|
403
|
+
|
404
|
+
BN_CTX_start(ctx);
|
405
|
+
f = BN_CTX_get(ctx);
|
406
|
+
result = BN_CTX_get(ctx);
|
407
|
+
buf = OPENSSL_malloc(rsa_size);
|
408
|
+
if (!f || !result || !buf) {
|
409
|
+
goto err;
|
410
|
+
}
|
411
|
+
|
412
|
+
switch (padding) {
|
413
|
+
case RSA_PKCS1_PADDING:
|
414
|
+
i = rsa_padding_add_PKCS1_type_2(buf, rsa_size, in, in_len);
|
415
|
+
break;
|
416
|
+
case RSA_PKCS1_OAEP_PADDING:
|
417
|
+
// Use the default parameters: SHA-1 for both hashes and no label.
|
418
|
+
i = RSA_padding_add_PKCS1_OAEP_mgf1(buf, rsa_size, in, in_len, NULL, 0,
|
419
|
+
NULL, NULL);
|
420
|
+
break;
|
421
|
+
case RSA_NO_PADDING:
|
422
|
+
i = RSA_padding_add_none(buf, rsa_size, in, in_len);
|
423
|
+
break;
|
424
|
+
default:
|
425
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
|
426
|
+
goto err;
|
427
|
+
}
|
428
|
+
|
429
|
+
if (i <= 0) {
|
430
|
+
goto err;
|
431
|
+
}
|
432
|
+
|
433
|
+
if (BN_bin2bn(buf, rsa_size, f) == NULL) {
|
434
|
+
goto err;
|
435
|
+
}
|
436
|
+
|
437
|
+
if (BN_ucmp(f, rsa->n) >= 0) {
|
438
|
+
// usually the padding functions would catch this
|
439
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
|
440
|
+
goto err;
|
441
|
+
}
|
442
|
+
|
443
|
+
if (!BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx) ||
|
444
|
+
!BN_mod_exp_mont(result, f, rsa->e, &rsa->mont_n->N, ctx, rsa->mont_n)) {
|
445
|
+
goto err;
|
446
|
+
}
|
447
|
+
|
448
|
+
// put in leading 0 bytes if the number is less than the length of the
|
449
|
+
// modulus
|
450
|
+
if (!BN_bn2bin_padded(out, rsa_size, result)) {
|
451
|
+
OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
|
452
|
+
goto err;
|
453
|
+
}
|
454
|
+
|
455
|
+
*out_len = rsa_size;
|
456
|
+
ret = 1;
|
457
|
+
|
458
|
+
err:
|
459
|
+
if (ctx != NULL) {
|
460
|
+
BN_CTX_end(ctx);
|
461
|
+
BN_CTX_free(ctx);
|
462
|
+
}
|
463
|
+
OPENSSL_free(buf);
|
464
|
+
|
465
|
+
return ret;
|
466
|
+
}
|
467
|
+
|
468
|
+
static int rsa_default_decrypt(RSA *rsa, size_t *out_len, uint8_t *out,
|
469
|
+
size_t max_out, const uint8_t *in, size_t in_len,
|
470
|
+
int padding) {
|
471
|
+
const unsigned rsa_size = RSA_size(rsa);
|
472
|
+
uint8_t *buf = NULL;
|
473
|
+
int ret = 0;
|
474
|
+
|
475
|
+
if (max_out < rsa_size) {
|
476
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
|
477
|
+
return 0;
|
478
|
+
}
|
479
|
+
|
480
|
+
if (padding == RSA_NO_PADDING) {
|
481
|
+
buf = out;
|
482
|
+
} else {
|
483
|
+
// Allocate a temporary buffer to hold the padded plaintext.
|
484
|
+
buf = OPENSSL_malloc(rsa_size);
|
485
|
+
if (buf == NULL) {
|
486
|
+
goto err;
|
487
|
+
}
|
488
|
+
}
|
489
|
+
|
490
|
+
if (in_len != rsa_size) {
|
491
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN);
|
492
|
+
goto err;
|
493
|
+
}
|
494
|
+
|
495
|
+
if (!rsa_private_transform(rsa, buf, in, rsa_size)) {
|
496
|
+
goto err;
|
497
|
+
}
|
498
|
+
|
499
|
+
switch (padding) {
|
500
|
+
case RSA_PKCS1_PADDING:
|
501
|
+
ret =
|
502
|
+
rsa_padding_check_PKCS1_type_2(out, out_len, rsa_size, buf, rsa_size);
|
503
|
+
break;
|
504
|
+
case RSA_PKCS1_OAEP_PADDING:
|
505
|
+
// Use the default parameters: SHA-1 for both hashes and no label.
|
506
|
+
ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, out_len, rsa_size, buf,
|
507
|
+
rsa_size, NULL, 0, NULL, NULL);
|
508
|
+
break;
|
509
|
+
case RSA_NO_PADDING:
|
510
|
+
*out_len = rsa_size;
|
511
|
+
ret = 1;
|
512
|
+
break;
|
513
|
+
default:
|
514
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
|
515
|
+
goto err;
|
516
|
+
}
|
517
|
+
|
518
|
+
CONSTTIME_DECLASSIFY(&ret, sizeof(ret));
|
519
|
+
if (!ret) {
|
520
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED);
|
521
|
+
} else {
|
522
|
+
CONSTTIME_DECLASSIFY(out, *out_len);
|
523
|
+
}
|
524
|
+
|
525
|
+
err:
|
526
|
+
if (padding != RSA_NO_PADDING) {
|
527
|
+
OPENSSL_free(buf);
|
528
|
+
}
|
529
|
+
|
530
|
+
return ret;
|
531
|
+
}
|
532
|
+
|
533
|
+
int RSA_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
|
534
|
+
const uint8_t *in, size_t in_len, int padding) {
|
535
|
+
if (rsa->meth->decrypt) {
|
536
|
+
return rsa->meth->decrypt(rsa, out_len, out, max_out, in, in_len, padding);
|
537
|
+
}
|
538
|
+
|
539
|
+
return rsa_default_decrypt(rsa, out_len, out, max_out, in, in_len, padding);
|
540
|
+
}
|
541
|
+
|
542
|
+
int RSA_private_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
543
|
+
int padding) {
|
544
|
+
size_t out_len;
|
545
|
+
if (!RSA_decrypt(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
546
|
+
return -1;
|
547
|
+
}
|
548
|
+
|
549
|
+
if (out_len > INT_MAX) {
|
550
|
+
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
551
|
+
return -1;
|
552
|
+
}
|
553
|
+
return (int)out_len;
|
554
|
+
}
|
555
|
+
|
556
|
+
int RSA_public_decrypt(size_t flen, const uint8_t *from, uint8_t *to, RSA *rsa,
|
557
|
+
int padding) {
|
558
|
+
size_t out_len;
|
559
|
+
if (!RSA_verify_raw(rsa, &out_len, to, RSA_size(rsa), from, flen, padding)) {
|
560
|
+
return -1;
|
561
|
+
}
|
562
|
+
|
563
|
+
if (out_len > INT_MAX) {
|
564
|
+
OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);
|
565
|
+
return -1;
|
566
|
+
}
|
567
|
+
return (int)out_len;
|
568
|
+
}
|
@@ -154,6 +154,38 @@ int pmbtoken_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
|
154
154
|
// function is used to confirm H was computed as expected.
|
155
155
|
OPENSSL_EXPORT int pmbtoken_exp2_get_h_for_testing(uint8_t out[97]);
|
156
156
|
|
157
|
+
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
158
|
+
// functions for |TRUST_TOKENS_pst_v1|'s PMBTokens construction which uses
|
159
|
+
// P-384.
|
160
|
+
int pmbtoken_pst1_generate_key(CBB *out_private, CBB *out_public);
|
161
|
+
int pmbtoken_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public,
|
162
|
+
const uint8_t *secret,
|
163
|
+
size_t secret_len);
|
164
|
+
int pmbtoken_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
165
|
+
const uint8_t *in, size_t len);
|
166
|
+
int pmbtoken_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
167
|
+
const uint8_t *in, size_t len);
|
168
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) *pmbtoken_pst1_blind(CBB *cbb, size_t count,
|
169
|
+
int include_message,
|
170
|
+
const uint8_t *msg,
|
171
|
+
size_t msg_len);
|
172
|
+
int pmbtoken_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
173
|
+
size_t num_requested, size_t num_to_issue,
|
174
|
+
uint8_t private_metadata);
|
175
|
+
STACK_OF(TRUST_TOKEN) *pmbtoken_pst1_unblind(
|
176
|
+
const TRUST_TOKEN_CLIENT_KEY *key,
|
177
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
178
|
+
uint32_t key_id);
|
179
|
+
int pmbtoken_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
180
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
181
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
182
|
+
size_t token_len, int include_message,
|
183
|
+
const uint8_t *msg, size_t msg_len);
|
184
|
+
|
185
|
+
// pmbtoken_pst1_get_h_for_testing returns H in uncompressed coordinates. This
|
186
|
+
// function is used to confirm H was computed as expected.
|
187
|
+
OPENSSL_EXPORT int pmbtoken_pst1_get_h_for_testing(uint8_t out[97]);
|
188
|
+
|
157
189
|
|
158
190
|
// VOPRF.
|
159
191
|
//
|
@@ -191,6 +223,36 @@ int voprf_exp2_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
|
191
223
|
size_t token_len, int include_message, const uint8_t *msg,
|
192
224
|
size_t msg_len);
|
193
225
|
|
226
|
+
// The following functions implement the corresponding |TRUST_TOKENS_METHOD|
|
227
|
+
// functions for |TRUST_TOKENS_pst_v1|'s VOPRF construction which uses P-384.
|
228
|
+
int voprf_pst1_generate_key(CBB *out_private, CBB *out_public);
|
229
|
+
int voprf_pst1_derive_key_from_secret(CBB *out_private, CBB *out_public,
|
230
|
+
const uint8_t *secret, size_t secret_len);
|
231
|
+
int voprf_pst1_client_key_from_bytes(TRUST_TOKEN_CLIENT_KEY *key,
|
232
|
+
const uint8_t *in, size_t len);
|
233
|
+
int voprf_pst1_issuer_key_from_bytes(TRUST_TOKEN_ISSUER_KEY *key,
|
234
|
+
const uint8_t *in, size_t len);
|
235
|
+
STACK_OF(TRUST_TOKEN_PRETOKEN) *voprf_pst1_blind(CBB *cbb, size_t count,
|
236
|
+
int include_message,
|
237
|
+
const uint8_t *msg,
|
238
|
+
size_t msg_len);
|
239
|
+
int voprf_pst1_sign(const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs,
|
240
|
+
size_t num_requested, size_t num_to_issue,
|
241
|
+
uint8_t private_metadata);
|
242
|
+
OPENSSL_EXPORT int voprf_pst1_sign_with_proof_scalar_for_testing(
|
243
|
+
const TRUST_TOKEN_ISSUER_KEY *key, CBB *cbb, CBS *cbs, size_t num_requested,
|
244
|
+
size_t num_to_issue, uint8_t private_metadata,
|
245
|
+
const uint8_t *proof_scalar_buf, size_t proof_scalar_len);
|
246
|
+
STACK_OF(TRUST_TOKEN) *voprf_pst1_unblind(
|
247
|
+
const TRUST_TOKEN_CLIENT_KEY *key,
|
248
|
+
const STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens, CBS *cbs, size_t count,
|
249
|
+
uint32_t key_id);
|
250
|
+
int voprf_pst1_read(const TRUST_TOKEN_ISSUER_KEY *key,
|
251
|
+
uint8_t out_nonce[TRUST_TOKEN_NONCE_SIZE],
|
252
|
+
uint8_t *out_private_metadata, const uint8_t *token,
|
253
|
+
size_t token_len, int include_message, const uint8_t *msg,
|
254
|
+
size_t msg_len);
|
255
|
+
|
194
256
|
|
195
257
|
// Trust Tokens internals.
|
196
258
|
|