grpc 1.56.2 → 1.57.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +29 -22
- data/include/grpc/event_engine/event_engine.h +22 -32
- data/include/grpc/impl/grpc_types.h +3 -0
- data/include/grpc/support/port_platform.h +29 -23
- data/src/core/ext/filters/client_channel/client_channel.cc +44 -8
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +21 -52
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +19 -7
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +25 -35
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +78 -132
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +38 -15
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +22 -6
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric_internal.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +97 -71
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +56 -11
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.h +25 -0
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +6 -32
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +4 -6
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +20 -79
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +31 -19
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +7 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +3 -67
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +8 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +31 -74
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +7 -51
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +16 -87
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +16 -50
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -74
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +69 -59
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +7 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +25 -13
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +366 -311
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +17 -1
- data/src/core/ext/filters/client_channel/retry_filter.cc +39 -2498
- data/src/core/ext/filters/client_channel/retry_filter.h +91 -1
- data/src/core/ext/filters/client_channel/retry_filter_legacy_call_data.cc +2052 -0
- data/src/core/ext/filters/client_channel/retry_filter_legacy_call_data.h +442 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +38 -58
- data/src/core/ext/filters/client_channel/subchannel.h +3 -3
- data/src/core/ext/filters/client_channel/subchannel_interface_internal.h +3 -0
- data/src/core/ext/filters/rbac/rbac_filter.cc +40 -111
- data/src/core/ext/filters/rbac/rbac_filter.h +12 -30
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +162 -86
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +0 -6
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -4
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +131 -186
- data/src/core/ext/transport/chttp2/transport/decode_huff.cc +6569 -174
- data/src/core/ext/transport/chttp2/transport/decode_huff.h +2278 -441
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +9 -8
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +8 -4
- data/src/core/ext/transport/chttp2/transport/parsing.cc +15 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +27 -6
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +143 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +0 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +13 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +35 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +17 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +85 -20
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +26 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +45 -3
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +4 -3
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +21 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +30 -6
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +180 -0
- data/src/core/ext/upb-generated/envoy/data/accesslog/v3/accesslog.upb.c +558 -0
- data/src/core/ext/upb-generated/envoy/data/accesslog/v3/accesslog.upb.h +2710 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +30 -11
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +53 -24
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +30 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +110 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +41 -15
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +150 -27
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb.h +93 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +88 -76
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +11 -12
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +162 -160
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +129 -118
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +141 -135
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +19 -12
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +38 -30
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/data/accesslog/v3/accesslog.upbdefs.c +402 -0
- data/src/core/ext/upbdefs-generated/envoy/data/accesslog/v3/accesslog.upbdefs.h +111 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +80 -74
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +63 -47
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +315 -293
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +29 -29
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +33 -30
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -13
- data/src/core/ext/xds/xds_client_grpc.cc +11 -6
- data/src/core/ext/xds/xds_client_grpc.h +16 -2
- data/src/core/ext/xds/xds_client_stats.h +10 -0
- data/src/core/ext/xds/xds_cluster.cc +26 -16
- data/src/core/ext/xds/xds_endpoint.cc +4 -7
- data/src/core/ext/xds/xds_health_status.cc +0 -17
- data/src/core/ext/xds/xds_health_status.h +5 -25
- data/src/core/ext/xds/xds_lb_policy_registry.cc +39 -0
- data/src/core/ext/xds/xds_route_config.cc +4 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -3
- data/src/core/lib/address_utils/parse_address.cc +63 -1
- data/src/core/lib/address_utils/parse_address.h +8 -0
- data/src/core/lib/address_utils/sockaddr_utils.cc +46 -1
- data/src/core/lib/address_utils/sockaddr_utils.h +2 -2
- data/src/core/lib/channel/channel_args.cc +21 -10
- data/src/core/lib/channel/channel_args.h +3 -0
- data/src/core/lib/channel/connected_channel.cc +4 -1
- data/src/core/lib/channel/promise_based_filter.h +1 -0
- data/src/core/lib/debug/trace.cc +1 -4
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +2 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +1 -1
- data/src/core/lib/event_engine/event_engine.cc +0 -12
- data/src/core/lib/event_engine/forkable.cc +47 -42
- data/src/core/lib/event_engine/handle_containers.h +0 -4
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +4 -6
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +4 -6
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +25 -11
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +3 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +8 -12
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +37 -27
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +4 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +42 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +6 -0
- data/src/core/lib/event_engine/posix_engine/timer.h +10 -37
- data/src/core/lib/event_engine/tcp_socket_utils.cc +67 -7
- data/src/core/lib/event_engine/tcp_socket_utils.h +3 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +90 -37
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +32 -12
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +12 -21
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +8 -12
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +55 -54
- data/src/core/lib/event_engine/windows/windows_endpoint.h +15 -12
- data/src/core/lib/event_engine/windows/windows_engine.cc +2 -1
- data/src/core/lib/event_engine/windows/windows_engine.h +8 -12
- data/src/core/lib/experiments/config.cc +60 -22
- data/src/core/lib/experiments/config.h +20 -8
- data/src/core/lib/experiments/experiments.cc +278 -0
- data/src/core/lib/experiments/experiments.h +59 -1
- data/src/core/lib/gprpp/dual_ref_counted.h +9 -9
- data/src/core/lib/gprpp/fork.cc +8 -9
- data/src/core/lib/gprpp/fork.h +6 -5
- data/src/core/lib/gprpp/if_list.h +4530 -0
- data/src/core/lib/gprpp/orphanable.h +3 -3
- data/src/core/lib/gprpp/ref_counted.h +6 -6
- data/src/core/lib/gprpp/sorted_pack.h +3 -12
- data/src/core/lib/gprpp/status_helper.h +16 -15
- data/src/core/lib/gprpp/time.h +12 -0
- data/src/core/lib/gprpp/type_list.h +32 -0
- data/src/core/lib/http/httpcli.h +6 -9
- data/src/core/lib/iomgr/error.cc +32 -2
- data/src/core/lib/iomgr/error.h +9 -10
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -7
- data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
- data/src/core/lib/iomgr/exec_ctx.h +11 -0
- data/src/core/lib/iomgr/pollset.h +4 -5
- data/src/core/lib/iomgr/port.h +10 -0
- data/src/core/lib/iomgr/resolve_address.cc +13 -1
- data/src/core/lib/iomgr/resolve_address.h +17 -3
- data/src/core/lib/iomgr/sockaddr_posix.h +7 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +29 -0
- data/src/core/lib/iomgr/socket_utils_posix.cc +2 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +6 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -1
- data/src/core/lib/iomgr/tcp_posix.cc +21 -4
- data/src/core/lib/iomgr/tcp_server_posix.cc +3 -2
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -2
- data/src/core/lib/iomgr/tcp_windows.cc +1 -3
- data/src/core/lib/iomgr/vsock.cc +59 -0
- data/src/core/lib/iomgr/vsock.h +38 -0
- data/src/core/lib/iomgr/wakeup_fd_posix.h +3 -6
- data/src/core/lib/load_balancing/delegating_helper.h +115 -0
- data/src/core/lib/load_balancing/lb_policy.h +20 -0
- data/src/core/lib/load_balancing/subchannel_interface.h +6 -0
- data/src/core/lib/promise/party.h +1 -1
- data/src/core/lib/resolver/resolver_factory.h +3 -2
- data/src/core/lib/resolver/server_address.cc +9 -94
- data/src/core/lib/resolver/server_address.h +10 -64
- data/src/core/lib/resource_quota/memory_quota.h +1 -1
- data/src/core/lib/security/credentials/channel_creds_registry.h +51 -27
- data/src/core/lib/security/credentials/channel_creds_registry_init.cc +169 -9
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.h +3 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.h +6 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +30 -38
- data/src/core/lib/security/credentials/fake/fake_credentials.h +28 -0
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +3 -1
- data/src/core/lib/service_config/service_config_call_data.h +5 -0
- data/src/core/lib/slice/slice.h +16 -0
- data/src/core/lib/surface/call.cc +31 -29
- data/src/core/lib/surface/server.h +2 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata_batch.cc +7 -7
- data/src/core/lib/transport/metadata_batch.h +86 -48
- data/src/core/lib/transport/parsed_metadata.h +34 -20
- data/src/core/lib/transport/simple_slice_based_metadata.h +9 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +4 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +28 -7
- data/src/ruby/bin/math_pb.rb +24 -18
- data/src/ruby/ext/grpc/extconf.rb +19 -18
- data/src/ruby/ext/grpc/rb_call.c +62 -39
- data/src/ruby/ext/grpc/rb_call_credentials.c +0 -1
- data/src/ruby/ext/grpc/rb_channel.c +126 -49
- data/src/ruby/ext/grpc/rb_channel.h +1 -0
- data/src/ruby/ext/grpc/rb_channel_args.c +16 -2
- data/src/ruby/ext/grpc/rb_channel_args.h +4 -0
- data/src/ruby/ext/grpc/rb_channel_credentials.c +0 -1
- data/src/ruby/ext/grpc/rb_compression_options.c +0 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +22 -6
- data/src/ruby/ext/grpc/rb_event_thread.h +1 -0
- data/src/ruby/ext/grpc/rb_grpc.c +192 -30
- data/src/ruby/ext/grpc/rb_grpc.h +8 -2
- data/src/ruby/ext/grpc/rb_server.c +62 -45
- data/src/ruby/ext/grpc/rb_server_credentials.c +0 -1
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +0 -1
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +0 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_pb.rb +24 -13
- data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +24 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +25 -111
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +25 -2
- data/third_party/boringssl-with-bazel/err_data.c +552 -552
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +34 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +19 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +28 -185
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +3 -7
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +49 -46
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_64_adx.c +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +2809 -7417
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +27 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +20 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +110 -72
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +13 -10
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +35 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +3 -7
- data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +34 -72
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +12 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +12 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +17 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +277 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +180 -404
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +24 -57
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +33 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +15 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +9 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +11 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +9 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +40 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +21 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +38 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +2 -29
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +33 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +3 -8
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +198 -79
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -23
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/p5_pbev2.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +8 -5
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +48 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fuchsia.c → ios.c} +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_no_threads.c → rand_extra/trusty.c} +15 -19
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +41 -19
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_c11.c → refcount.c} +11 -17
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +147 -72
- data/third_party/boringssl-with-bazel/src/crypto/thread_none.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +6 -35
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +5 -26
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +14 -18
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +54 -143
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +8 -12
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +19 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +4 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +4 -119
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +207 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +2 -116
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +0 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +0 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +19 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +11 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +13 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +0 -61
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +127 -81
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +224 -209
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +154 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +1 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +4 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +3 -2
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +9 -65
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +20 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +24 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +37 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +125 -26
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -3
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +691 -0
- data/third_party/upb/upb/collections/map.c +3 -3
- metadata +27 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +0 -42
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.h +0 -64
- data/src/core/ext/transport/chttp2/transport/stream_map.cc +0 -177
- data/src/core/ext/transport/chttp2/transport/stream_map.h +0 -68
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +0 -89
|
@@ -94,7 +94,7 @@ static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
|
|
|
94
94
|
|
|
95
95
|
// The parameters are a named curve.
|
|
96
96
|
EC_KEY *eckey = NULL;
|
|
97
|
-
EC_GROUP *group = EC_KEY_parse_curve_name(params);
|
|
97
|
+
const EC_GROUP *group = EC_KEY_parse_curve_name(params);
|
|
98
98
|
if (group == NULL || CBS_len(params) != 0) {
|
|
99
99
|
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
|
100
100
|
goto err;
|
|
@@ -107,12 +107,10 @@ static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
|
|
|
107
107
|
goto err;
|
|
108
108
|
}
|
|
109
109
|
|
|
110
|
-
EC_GROUP_free(group);
|
|
111
110
|
EVP_PKEY_assign_EC_KEY(out, eckey);
|
|
112
111
|
return 1;
|
|
113
112
|
|
|
114
113
|
err:
|
|
115
|
-
EC_GROUP_free(group);
|
|
116
114
|
EC_KEY_free(eckey);
|
|
117
115
|
return 0;
|
|
118
116
|
}
|
|
@@ -135,15 +133,13 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
|
|
|
135
133
|
|
|
136
134
|
static int eckey_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) {
|
|
137
135
|
// See RFC 5915.
|
|
138
|
-
EC_GROUP *group = EC_KEY_parse_parameters(params);
|
|
136
|
+
const EC_GROUP *group = EC_KEY_parse_parameters(params);
|
|
139
137
|
if (group == NULL || CBS_len(params) != 0) {
|
|
140
138
|
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
|
141
|
-
EC_GROUP_free(group);
|
|
142
139
|
return 0;
|
|
143
140
|
}
|
|
144
141
|
|
|
145
142
|
EC_KEY *ec_key = EC_KEY_parse_private_key(key, group);
|
|
146
|
-
EC_GROUP_free(group);
|
|
147
143
|
if (ec_key == NULL || CBS_len(key) != 0) {
|
|
148
144
|
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
|
149
145
|
EC_KEY_free(ec_key);
|
|
@@ -215,7 +211,7 @@ static int ec_bits(const EVP_PKEY *pkey) {
|
|
|
215
211
|
ERR_clear_error();
|
|
216
212
|
return 0;
|
|
217
213
|
}
|
|
218
|
-
return
|
|
214
|
+
return EC_GROUP_order_bits(group);
|
|
219
215
|
}
|
|
220
216
|
|
|
221
217
|
static int ec_missing_parameters(const EVP_PKEY *pkey) {
|
|
@@ -63,7 +63,7 @@
|
|
|
63
63
|
|
|
64
64
|
|
|
65
65
|
int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
|
|
66
|
-
const uint8_t *salt, size_t salt_len,
|
|
66
|
+
const uint8_t *salt, size_t salt_len, uint32_t iterations,
|
|
67
67
|
const EVP_MD *digest, size_t key_len, uint8_t *out_key) {
|
|
68
68
|
// See RFC 8018, section 5.2.
|
|
69
69
|
int ret = 0;
|
|
@@ -98,7 +98,7 @@ int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
|
|
|
98
98
|
}
|
|
99
99
|
|
|
100
100
|
OPENSSL_memcpy(out_key, digest_tmp, todo);
|
|
101
|
-
for (
|
|
101
|
+
for (uint32_t j = 1; j < iterations; j++) {
|
|
102
102
|
// Compute the remaining U_* values and XOR.
|
|
103
103
|
if (!HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL) ||
|
|
104
104
|
!HMAC_Update(&hctx, digest_tmp, md_len) ||
|
|
@@ -139,7 +139,7 @@ err:
|
|
|
139
139
|
|
|
140
140
|
int PKCS5_PBKDF2_HMAC_SHA1(const char *password, size_t password_len,
|
|
141
141
|
const uint8_t *salt, size_t salt_len,
|
|
142
|
-
|
|
142
|
+
uint32_t iterations, size_t key_len,
|
|
143
143
|
uint8_t *out_key) {
|
|
144
144
|
return PKCS5_PBKDF2_HMAC(password, password_len, salt, salt_len, iterations,
|
|
145
145
|
EVP_sha1(), key_len, out_key);
|
|
@@ -194,12 +194,12 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent) {
|
|
|
194
194
|
static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) {
|
|
195
195
|
const BIGNUM *priv_key = NULL;
|
|
196
196
|
if (ptype == 2) {
|
|
197
|
-
priv_key = x
|
|
197
|
+
priv_key = DSA_get0_priv_key(x);
|
|
198
198
|
}
|
|
199
199
|
|
|
200
200
|
const BIGNUM *pub_key = NULL;
|
|
201
201
|
if (ptype > 0) {
|
|
202
|
-
pub_key = x
|
|
202
|
+
pub_key = DSA_get0_pub_key(x);
|
|
203
203
|
}
|
|
204
204
|
|
|
205
205
|
const char *ktype = "DSA-Parameters";
|
|
@@ -210,14 +210,15 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) {
|
|
|
210
210
|
}
|
|
211
211
|
|
|
212
212
|
if (!BIO_indent(bp, off, 128) ||
|
|
213
|
-
BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(x
|
|
213
|
+
BIO_printf(bp, "%s: (%u bit)\n", ktype, BN_num_bits(DSA_get0_p(x))) <=
|
|
214
|
+
0 ||
|
|
214
215
|
// |priv_key| and |pub_key| may be NULL, in which case |bn_print| will
|
|
215
216
|
// silently skip them.
|
|
216
217
|
!bn_print(bp, "priv:", priv_key, off) ||
|
|
217
218
|
!bn_print(bp, "pub:", pub_key, off) ||
|
|
218
|
-
!bn_print(bp, "P:", x
|
|
219
|
-
!bn_print(bp, "Q:", x
|
|
220
|
-
!bn_print(bp, "G:", x
|
|
219
|
+
!bn_print(bp, "P:", DSA_get0_p(x), off) ||
|
|
220
|
+
!bn_print(bp, "Q:", DSA_get0_q(x), off) ||
|
|
221
|
+
!bn_print(bp, "G:", DSA_get0_g(x), off)) {
|
|
221
222
|
return 0;
|
|
222
223
|
}
|
|
223
224
|
|
|
@@ -116,7 +116,6 @@
|
|
|
116
116
|
#include <openssl/crypto.h>
|
|
117
117
|
#include <openssl/err.h>
|
|
118
118
|
#include <openssl/mem.h>
|
|
119
|
-
#include <openssl/stack.h>
|
|
120
119
|
#include <openssl/thread.h>
|
|
121
120
|
|
|
122
121
|
#include "internal.h"
|
|
@@ -128,14 +127,14 @@ struct crypto_ex_data_func_st {
|
|
|
128
127
|
long argl; // Arbitary long
|
|
129
128
|
void *argp; // Arbitary void pointer
|
|
130
129
|
CRYPTO_EX_free *free_func;
|
|
130
|
+
// next points to the next |CRYPTO_EX_DATA_FUNCS| or NULL if this is the last
|
|
131
|
+
// one. It may only be read if synchronized with a read from |num_funcs|.
|
|
132
|
+
CRYPTO_EX_DATA_FUNCS *next;
|
|
131
133
|
};
|
|
132
134
|
|
|
133
135
|
int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
|
|
134
136
|
long argl, void *argp, CRYPTO_EX_free *free_func) {
|
|
135
|
-
CRYPTO_EX_DATA_FUNCS *funcs;
|
|
136
|
-
int ret = 0;
|
|
137
|
-
|
|
138
|
-
funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
|
|
137
|
+
CRYPTO_EX_DATA_FUNCS *funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
|
|
139
138
|
if (funcs == NULL) {
|
|
140
139
|
return 0;
|
|
141
140
|
}
|
|
@@ -143,37 +142,32 @@ int CRYPTO_get_ex_new_index(CRYPTO_EX_DATA_CLASS *ex_data_class, int *out_index,
|
|
|
143
142
|
funcs->argl = argl;
|
|
144
143
|
funcs->argp = argp;
|
|
145
144
|
funcs->free_func = free_func;
|
|
145
|
+
funcs->next = NULL;
|
|
146
146
|
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
if (ex_data_class->meth == NULL) {
|
|
150
|
-
ex_data_class->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
|
|
151
|
-
}
|
|
152
|
-
|
|
153
|
-
if (ex_data_class->meth == NULL) {
|
|
154
|
-
goto err;
|
|
155
|
-
}
|
|
147
|
+
CRYPTO_MUTEX_lock_write(&ex_data_class->lock);
|
|
156
148
|
|
|
149
|
+
uint32_t num_funcs = CRYPTO_atomic_load_u32(&ex_data_class->num_funcs);
|
|
157
150
|
// The index must fit in |int|.
|
|
158
|
-
if (
|
|
159
|
-
(size_t)(INT_MAX - ex_data_class->num_reserved)) {
|
|
151
|
+
if (num_funcs > (size_t)(INT_MAX - ex_data_class->num_reserved)) {
|
|
160
152
|
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
|
|
161
|
-
|
|
153
|
+
CRYPTO_MUTEX_unlock_write(&ex_data_class->lock);
|
|
154
|
+
return 0;
|
|
162
155
|
}
|
|
163
156
|
|
|
164
|
-
|
|
165
|
-
|
|
157
|
+
// Append |funcs| to the linked list.
|
|
158
|
+
if (ex_data_class->last == NULL) {
|
|
159
|
+
assert(num_funcs == 0);
|
|
160
|
+
ex_data_class->funcs = funcs;
|
|
161
|
+
ex_data_class->last = funcs;
|
|
162
|
+
} else {
|
|
163
|
+
ex_data_class->last->next = funcs;
|
|
164
|
+
ex_data_class->last = funcs;
|
|
166
165
|
}
|
|
167
|
-
funcs = NULL; // |sk_CRYPTO_EX_DATA_FUNCS_push| takes ownership.
|
|
168
166
|
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
err:
|
|
174
|
-
CRYPTO_STATIC_MUTEX_unlock_write(&ex_data_class->lock);
|
|
175
|
-
OPENSSL_free(funcs);
|
|
176
|
-
return ret;
|
|
167
|
+
CRYPTO_atomic_store_u32(&ex_data_class->num_funcs, num_funcs + 1);
|
|
168
|
+
CRYPTO_MUTEX_unlock_write(&ex_data_class->lock);
|
|
169
|
+
*out_index = (int)num_funcs + ex_data_class->num_reserved;
|
|
170
|
+
return 1;
|
|
177
171
|
}
|
|
178
172
|
|
|
179
173
|
int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int index, void *val) {
|
|
@@ -209,33 +203,6 @@ void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) {
|
|
|
209
203
|
return sk_void_value(ad->sk, idx);
|
|
210
204
|
}
|
|
211
205
|
|
|
212
|
-
// get_func_pointers takes a copy of the CRYPTO_EX_DATA_FUNCS pointers, if any,
|
|
213
|
-
// for the given class. If there are some pointers, it sets |*out| to point to
|
|
214
|
-
// a fresh stack of them. Otherwise it sets |*out| to NULL. It returns one on
|
|
215
|
-
// success or zero on error.
|
|
216
|
-
static int get_func_pointers(STACK_OF(CRYPTO_EX_DATA_FUNCS) **out,
|
|
217
|
-
CRYPTO_EX_DATA_CLASS *ex_data_class) {
|
|
218
|
-
size_t n;
|
|
219
|
-
|
|
220
|
-
*out = NULL;
|
|
221
|
-
|
|
222
|
-
// CRYPTO_EX_DATA_FUNCS structures are static once set, so we can take a
|
|
223
|
-
// shallow copy of the list under lock and then use the structures without
|
|
224
|
-
// the lock held.
|
|
225
|
-
CRYPTO_STATIC_MUTEX_lock_read(&ex_data_class->lock);
|
|
226
|
-
n = sk_CRYPTO_EX_DATA_FUNCS_num(ex_data_class->meth);
|
|
227
|
-
if (n > 0) {
|
|
228
|
-
*out = sk_CRYPTO_EX_DATA_FUNCS_dup(ex_data_class->meth);
|
|
229
|
-
}
|
|
230
|
-
CRYPTO_STATIC_MUTEX_unlock_read(&ex_data_class->lock);
|
|
231
|
-
|
|
232
|
-
if (n > 0 && *out == NULL) {
|
|
233
|
-
return 0;
|
|
234
|
-
}
|
|
235
|
-
|
|
236
|
-
return 1;
|
|
237
|
-
}
|
|
238
|
-
|
|
239
206
|
void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad) {
|
|
240
207
|
ad->sk = NULL;
|
|
241
208
|
}
|
|
@@ -247,27 +214,22 @@ void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj,
|
|
|
247
214
|
return;
|
|
248
215
|
}
|
|
249
216
|
|
|
250
|
-
|
|
251
|
-
if (!get_func_pointers(&func_pointers, ex_data_class)) {
|
|
252
|
-
// TODO(davidben): This leaks memory on malloc error.
|
|
253
|
-
return;
|
|
254
|
-
}
|
|
255
|
-
|
|
217
|
+
uint32_t num_funcs = CRYPTO_atomic_load_u32(&ex_data_class->num_funcs);
|
|
256
218
|
// |CRYPTO_get_ex_new_index| will not allocate indices beyond |INT_MAX|.
|
|
257
|
-
assert(
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
219
|
+
assert(num_funcs <= (size_t)(INT_MAX - ex_data_class->num_reserved));
|
|
220
|
+
|
|
221
|
+
// Defer dereferencing |ex_data_class->funcs| and |funcs->next|. It must come
|
|
222
|
+
// after the |num_funcs| comparison to be correctly synchronized.
|
|
223
|
+
CRYPTO_EX_DATA_FUNCS *const *funcs = &ex_data_class->funcs;
|
|
224
|
+
for (uint32_t i = 0; i < num_funcs; i++) {
|
|
225
|
+
if ((*funcs)->free_func != NULL) {
|
|
226
|
+
int index = (int)i + ex_data_class->num_reserved;
|
|
227
|
+
void *ptr = CRYPTO_get_ex_data(ad, index);
|
|
228
|
+
(*funcs)->free_func(obj, ptr, ad, index, (*funcs)->argl, (*funcs)->argp);
|
|
266
229
|
}
|
|
230
|
+
funcs = &(*funcs)->next;
|
|
267
231
|
}
|
|
268
232
|
|
|
269
|
-
sk_CRYPTO_EX_DATA_FUNCS_free(func_pointers);
|
|
270
|
-
|
|
271
233
|
sk_void_free(ad->sk);
|
|
272
234
|
ad->sk = NULL;
|
|
273
235
|
}
|
|
@@ -211,7 +211,7 @@ int BORINGSSL_integrity_test(void) {
|
|
|
211
211
|
#endif
|
|
212
212
|
|
|
213
213
|
assert_within(rodata_start, kPrimes, rodata_end);
|
|
214
|
-
assert_within(rodata_start,
|
|
214
|
+
assert_within(rodata_start, kP256Field, rodata_end);
|
|
215
215
|
assert_within(rodata_start, kPKCS1SigPrefixes, rodata_end);
|
|
216
216
|
|
|
217
217
|
uint8_t result[SHA256_DIGEST_LENGTH];
|
|
@@ -711,15 +711,22 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
|
|
|
711
711
|
|
|
712
712
|
int bn_mod_lshift_consttime(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
|
|
713
713
|
BN_CTX *ctx) {
|
|
714
|
-
if (!BN_copy(r, a)
|
|
714
|
+
if (!BN_copy(r, a) ||
|
|
715
|
+
!bn_resize_words(r, m->width)) {
|
|
715
716
|
return 0;
|
|
716
717
|
}
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
718
|
+
|
|
719
|
+
BN_CTX_start(ctx);
|
|
720
|
+
BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx);
|
|
721
|
+
int ok = tmp != NULL;
|
|
722
|
+
if (ok) {
|
|
723
|
+
for (int i = 0; i < n; i++) {
|
|
724
|
+
bn_mod_add_words(r->d, r->d, r->d, m->d, tmp->d, m->width);
|
|
720
725
|
}
|
|
726
|
+
r->neg = 0;
|
|
721
727
|
}
|
|
722
|
-
|
|
728
|
+
BN_CTX_end(ctx);
|
|
729
|
+
return ok;
|
|
723
730
|
}
|
|
724
731
|
|
|
725
732
|
int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) {
|
|
@@ -263,15 +263,14 @@ int BN_mod_inverse_odd(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
|
|
|
263
263
|
// Now Y*a == A (mod |n|).
|
|
264
264
|
|
|
265
265
|
// Y*a == 1 (mod |n|)
|
|
266
|
-
if (
|
|
267
|
-
if (!
|
|
268
|
-
goto err;
|
|
269
|
-
}
|
|
270
|
-
} else {
|
|
271
|
-
if (!BN_nnmod(R, Y, n, ctx)) {
|
|
266
|
+
if (Y->neg || BN_ucmp(Y, n) >= 0) {
|
|
267
|
+
if (!BN_nnmod(Y, Y, n, ctx)) {
|
|
272
268
|
goto err;
|
|
273
269
|
}
|
|
274
270
|
}
|
|
271
|
+
if (!BN_copy(R, Y)) {
|
|
272
|
+
goto err;
|
|
273
|
+
}
|
|
275
274
|
|
|
276
275
|
ret = 1;
|
|
277
276
|
|
|
@@ -431,12 +431,11 @@ void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table,
|
|
|
431
431
|
|
|
432
432
|
uint64_t bn_mont_n0(const BIGNUM *n);
|
|
433
433
|
|
|
434
|
-
//
|
|
435
|
-
//
|
|
436
|
-
//
|
|
437
|
-
// treated as secret.
|
|
438
|
-
int
|
|
439
|
-
BN_CTX *ctx);
|
|
434
|
+
// bn_mont_ctx_set_RR_consttime initializes |mont->RR|. It returns one on
|
|
435
|
+
// success and zero on error. |mont->N| and |mont->n0| must have been
|
|
436
|
+
// initialized already. The bit width of |mont->N| is assumed public, but
|
|
437
|
+
// |mont->N| is otherwise treated as secret.
|
|
438
|
+
int bn_mont_ctx_set_RR_consttime(BN_MONT_CTX *mont, BN_CTX *ctx);
|
|
440
439
|
|
|
441
440
|
#if defined(_MSC_VER)
|
|
442
441
|
#if defined(OPENSSL_X86_64)
|
|
@@ -600,6 +599,13 @@ OPENSSL_EXPORT int bn_is_relatively_prime(int *out_relatively_prime,
|
|
|
600
599
|
OPENSSL_EXPORT int bn_lcm_consttime(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
|
|
601
600
|
BN_CTX *ctx);
|
|
602
601
|
|
|
602
|
+
// bn_mont_ctx_init zero-initialies |mont|.
|
|
603
|
+
void bn_mont_ctx_init(BN_MONT_CTX *mont);
|
|
604
|
+
|
|
605
|
+
// bn_mont_ctx_cleanup releases memory associated with |mont|, without freeing
|
|
606
|
+
// |mont| itself.
|
|
607
|
+
void bn_mont_ctx_cleanup(BN_MONT_CTX *mont);
|
|
608
|
+
|
|
603
609
|
|
|
604
610
|
// Constant-time modular arithmetic.
|
|
605
611
|
//
|
|
@@ -121,17 +121,24 @@
|
|
|
121
121
|
#include "../../internal.h"
|
|
122
122
|
|
|
123
123
|
|
|
124
|
+
void bn_mont_ctx_init(BN_MONT_CTX *mont) {
|
|
125
|
+
OPENSSL_memset(mont, 0, sizeof(BN_MONT_CTX));
|
|
126
|
+
BN_init(&mont->RR);
|
|
127
|
+
BN_init(&mont->N);
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
void bn_mont_ctx_cleanup(BN_MONT_CTX *mont) {
|
|
131
|
+
BN_free(&mont->RR);
|
|
132
|
+
BN_free(&mont->N);
|
|
133
|
+
}
|
|
134
|
+
|
|
124
135
|
BN_MONT_CTX *BN_MONT_CTX_new(void) {
|
|
125
136
|
BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX));
|
|
126
|
-
|
|
127
137
|
if (ret == NULL) {
|
|
128
138
|
return NULL;
|
|
129
139
|
}
|
|
130
140
|
|
|
131
|
-
|
|
132
|
-
BN_init(&ret->RR);
|
|
133
|
-
BN_init(&ret->N);
|
|
134
|
-
|
|
141
|
+
bn_mont_ctx_init(ret);
|
|
135
142
|
return ret;
|
|
136
143
|
}
|
|
137
144
|
|
|
@@ -140,8 +147,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) {
|
|
|
140
147
|
return;
|
|
141
148
|
}
|
|
142
149
|
|
|
143
|
-
|
|
144
|
-
BN_free(&mont->N);
|
|
150
|
+
bn_mont_ctx_cleanup(mont);
|
|
145
151
|
OPENSSL_free(mont);
|
|
146
152
|
}
|
|
147
153
|
|
|
@@ -248,19 +254,12 @@ BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) {
|
|
|
248
254
|
BN_MONT_CTX *BN_MONT_CTX_new_consttime(const BIGNUM *mod, BN_CTX *ctx) {
|
|
249
255
|
BN_MONT_CTX *mont = BN_MONT_CTX_new();
|
|
250
256
|
if (mont == NULL ||
|
|
251
|
-
!bn_mont_ctx_set_N_and_n0(mont, mod)
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
if (!bn_mod_exp_base_2_consttime(&mont->RR, lgBigR * 2, &mont->N, ctx) ||
|
|
256
|
-
!bn_resize_words(&mont->RR, mont->N.width)) {
|
|
257
|
-
goto err;
|
|
257
|
+
!bn_mont_ctx_set_N_and_n0(mont, mod) ||
|
|
258
|
+
!bn_mont_ctx_set_RR_consttime(mont, ctx)) {
|
|
259
|
+
BN_MONT_CTX_free(mont);
|
|
260
|
+
return NULL;
|
|
258
261
|
}
|
|
259
262
|
return mont;
|
|
260
|
-
|
|
261
|
-
err:
|
|
262
|
-
BN_MONT_CTX_free(mont);
|
|
263
|
-
return NULL;
|
|
264
263
|
}
|
|
265
264
|
|
|
266
265
|
int BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_MUTEX *lock,
|
|
@@ -159,27 +159,63 @@ static uint64_t bn_neg_inv_mod_r_u64(uint64_t n) {
|
|
|
159
159
|
return v;
|
|
160
160
|
}
|
|
161
161
|
|
|
162
|
-
int
|
|
163
|
-
|
|
164
|
-
assert(!
|
|
165
|
-
assert(
|
|
166
|
-
assert(
|
|
162
|
+
int bn_mont_ctx_set_RR_consttime(BN_MONT_CTX *mont, BN_CTX *ctx) {
|
|
163
|
+
assert(!BN_is_zero(&mont->N));
|
|
164
|
+
assert(!BN_is_negative(&mont->N));
|
|
165
|
+
assert(BN_is_odd(&mont->N));
|
|
166
|
+
assert(bn_minimal_width(&mont->N) == mont->N.width);
|
|
167
167
|
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
unsigned n_bits = BN_num_bits(n);
|
|
168
|
+
unsigned n_bits = BN_num_bits(&mont->N);
|
|
171
169
|
assert(n_bits != 0);
|
|
172
|
-
assert(p > n_bits);
|
|
173
170
|
if (n_bits == 1) {
|
|
174
|
-
|
|
171
|
+
BN_zero(&mont->RR);
|
|
172
|
+
return bn_resize_words(&mont->RR, mont->N.width);
|
|
175
173
|
}
|
|
176
174
|
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
175
|
+
unsigned lgBigR = mont->N.width * BN_BITS2;
|
|
176
|
+
assert(lgBigR >= n_bits);
|
|
177
|
+
|
|
178
|
+
// RR is R, or 2^lgBigR, in the Montgomery domain. We can compute 2 in the
|
|
179
|
+
// Montgomery domain, 2R or 2^(lgBigR+1), and then use Montgomery
|
|
180
|
+
// square-and-multiply to exponentiate.
|
|
181
|
+
//
|
|
182
|
+
// The multiply steps take 2^n R to 2^(n+1) R. It is faster to double
|
|
183
|
+
// the value instead. The square steps take 2^n R to 2^(2n) R. This is
|
|
184
|
+
// equivalent to doubling n times. When n is below some threshold, doubling is
|
|
185
|
+
// faster. When above, squaring is faster.
|
|
186
|
+
//
|
|
187
|
+
// We double to this threshold, then switch to Montgomery squaring. From
|
|
188
|
+
// benchmarking various 32-bit and 64-bit architectures, the word count seems
|
|
189
|
+
// to work well as a threshold. (Doubling scales linearly and Montgomery
|
|
190
|
+
// reduction scales quadratically, so the threshold should scale roughly
|
|
191
|
+
// linearly.)
|
|
192
|
+
unsigned threshold = mont->N.width;
|
|
193
|
+
unsigned iters;
|
|
194
|
+
for (iters = 0; iters < sizeof(lgBigR) * 8; iters++) {
|
|
195
|
+
if ((lgBigR >> iters) <= threshold) {
|
|
196
|
+
break;
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
// Compute 2^(lgBigR >> iters) R, or 2^((lgBigR >> iters) + lgBigR), by
|
|
201
|
+
// doubling. The first n_bits - 1 doubles can be skipped because we don't need
|
|
202
|
+
// to reduce.
|
|
203
|
+
if (!BN_set_bit(&mont->RR, n_bits - 1) ||
|
|
204
|
+
!bn_mod_lshift_consttime(&mont->RR, &mont->RR,
|
|
205
|
+
(lgBigR >> iters) + lgBigR - (n_bits - 1),
|
|
206
|
+
&mont->N, ctx)) {
|
|
181
207
|
return 0;
|
|
182
208
|
}
|
|
183
209
|
|
|
184
|
-
|
|
210
|
+
for (unsigned i = iters - 1; i < iters; i--) {
|
|
211
|
+
if (!BN_mod_mul_montgomery(&mont->RR, &mont->RR, &mont->RR, mont, ctx)) {
|
|
212
|
+
return 0;
|
|
213
|
+
}
|
|
214
|
+
if ((lgBigR & (1u << i)) != 0 &&
|
|
215
|
+
!bn_mod_lshift1_consttime(&mont->RR, &mont->RR, &mont->N, ctx)) {
|
|
216
|
+
return 0;
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
return bn_resize_words(&mont->RR, mont->N.width);
|
|
185
221
|
}
|
|
@@ -24,13 +24,13 @@
|
|
|
24
24
|
#include "../../internal.h"
|
|
25
25
|
|
|
26
26
|
|
|
27
|
-
//
|
|
28
|
-
alignas(64) static const BN_ULONG
|
|
27
|
+
// rsaz_one is 1 in RSAZ's representation.
|
|
28
|
+
alignas(64) static const BN_ULONG rsaz_one[40] = {
|
|
29
29
|
1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
30
30
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
|
31
|
-
//
|
|
31
|
+
// rsaz_two80 is 2^80 in RSAZ's representation. Note RSAZ uses base 2^29, so this is
|
|
32
32
|
// 2^(29*2 + 22) = 2^80, not 2^(64*2 + 22).
|
|
33
|
-
alignas(64) static const BN_ULONG
|
|
33
|
+
alignas(64) static const BN_ULONG rsaz_two80[40] = {
|
|
34
34
|
0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
35
35
|
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
|
|
36
36
|
|
|
@@ -64,12 +64,12 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
|
|
|
64
64
|
// giving R = 2^(36*29) = 2^1044.
|
|
65
65
|
rsaz_1024_mul_avx2(R2, R2, R2, m, k0);
|
|
66
66
|
// R2 = 2^2048 * 2^2048 / 2^1044 = 2^3052
|
|
67
|
-
rsaz_1024_mul_avx2(R2, R2,
|
|
67
|
+
rsaz_1024_mul_avx2(R2, R2, rsaz_two80, m, k0);
|
|
68
68
|
// R2 = 2^3052 * 2^80 / 2^1044 = 2^2088 = (2^1044)^2
|
|
69
69
|
|
|
70
70
|
// table[0] = 1
|
|
71
71
|
// table[1] = a_inv^1
|
|
72
|
-
rsaz_1024_mul_avx2(result, R2,
|
|
72
|
+
rsaz_1024_mul_avx2(result, R2, rsaz_one, m, k0);
|
|
73
73
|
rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0);
|
|
74
74
|
rsaz_1024_scatter5_avx2(table_s, result, 0);
|
|
75
75
|
rsaz_1024_scatter5_avx2(table_s, a_inv, 1);
|
|
@@ -125,7 +125,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
|
|
|
125
125
|
rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
|
|
126
126
|
|
|
127
127
|
// Convert from Montgomery.
|
|
128
|
-
rsaz_1024_mul_avx2(result, result,
|
|
128
|
+
rsaz_1024_mul_avx2(result, result, rsaz_one, m, k0);
|
|
129
129
|
|
|
130
130
|
rsaz_1024_red2norm_avx2(result_norm, result);
|
|
131
131
|
BN_ULONG scratch[16];
|
|
@@ -27,9 +27,8 @@
|
|
|
27
27
|
type *name##_bss_get(void) __attribute__((const));
|
|
28
28
|
// For FIPS builds we require that CRYPTO_ONCE_INIT be zero.
|
|
29
29
|
#define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name)
|
|
30
|
-
// For FIPS builds we require that
|
|
31
|
-
#define DEFINE_STATIC_MUTEX(name)
|
|
32
|
-
DEFINE_BSS_GET(struct CRYPTO_STATIC_MUTEX, name)
|
|
30
|
+
// For FIPS builds we require that CRYPTO_MUTEX_INIT be zero.
|
|
31
|
+
#define DEFINE_STATIC_MUTEX(name) DEFINE_BSS_GET(CRYPTO_MUTEX, name)
|
|
33
32
|
// For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero.
|
|
34
33
|
#define DEFINE_STATIC_EX_DATA_CLASS(name) \
|
|
35
34
|
DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name)
|
|
@@ -40,9 +39,9 @@
|
|
|
40
39
|
#define DEFINE_STATIC_ONCE(name) \
|
|
41
40
|
static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \
|
|
42
41
|
static CRYPTO_once_t *name##_bss_get(void) { return &name; }
|
|
43
|
-
#define DEFINE_STATIC_MUTEX(name)
|
|
44
|
-
static
|
|
45
|
-
static
|
|
42
|
+
#define DEFINE_STATIC_MUTEX(name) \
|
|
43
|
+
static CRYPTO_MUTEX name = CRYPTO_MUTEX_INIT; \
|
|
44
|
+
static CRYPTO_MUTEX *name##_bss_get(void) { return &name; }
|
|
46
45
|
#define DEFINE_STATIC_EX_DATA_CLASS(name) \
|
|
47
46
|
static CRYPTO_EX_DATA_CLASS name = CRYPTO_EX_DATA_CLASS_INIT; \
|
|
48
47
|
static CRYPTO_EX_DATA_CLASS *name##_bss_get(void) { return &name; }
|