grpc 1.65.0 → 1.65.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +1 -1
- data/src/core/client_channel/subchannel.cc +10 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +6 -6
- data/src/core/ext/transport/inproc/inproc_transport.cc +2 -2
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +2 -2
- data/src/core/handshaker/http_connect/http_proxy_mapper.cc +7 -10
- data/src/core/lib/compression/message_compress.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +6 -6
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +12 -6
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -2
- data/src/core/lib/event_engine/windows/win_socket.cc +4 -2
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +5 -4
- data/src/core/lib/experiments/config.cc +11 -9
- data/src/core/lib/experiments/experiments.cc +1 -1
- data/src/core/lib/experiments/experiments.h +1 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +30 -30
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +4 -4
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -17
- data/src/core/lib/iomgr/socket_windows.cc +3 -3
- data/src/core/lib/iomgr/tcp_posix.cc +2 -2
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -12
- data/src/core/lib/iomgr/tcp_server_windows.cc +2 -2
- data/src/core/lib/promise/party.cc +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +2 -2
- data/src/core/load_balancing/grpclb/grpclb.cc +14 -15
- data/src/core/server/server.cc +1 -1
- data/src/core/util/log.cc +10 -8
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +7 -61
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +43 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +21 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +31 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +6 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +10 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +26 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +83 -33
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -8
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +14 -13
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +22 -16
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +15 -15
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -27
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +59 -20
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +1 -1
- metadata +3 -3
@@ -374,22 +374,21 @@ grpc_error_handle grpc_set_socket_tcp_user_timeout(
|
|
374
374
|
// if it is available.
|
375
375
|
if (g_socket_supports_tcp_user_timeout.load() == 0) {
|
376
376
|
if (0 != getsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &newval, &len)) {
|
377
|
-
|
378
|
-
|
379
|
-
|
377
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
378
|
+
<< "TCP_USER_TIMEOUT is not available. TCP_USER_TIMEOUT won't be "
|
379
|
+
"used thereafter";
|
380
380
|
g_socket_supports_tcp_user_timeout.store(-1);
|
381
381
|
} else {
|
382
|
-
|
383
|
-
|
384
|
-
|
382
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
383
|
+
<< "TCP_USER_TIMEOUT is available. TCP_USER_TIMEOUT will be used "
|
384
|
+
"thereafter";
|
385
385
|
g_socket_supports_tcp_user_timeout.store(1);
|
386
386
|
}
|
387
387
|
}
|
388
388
|
if (g_socket_supports_tcp_user_timeout.load() > 0) {
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
}
|
389
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
390
|
+
<< "Enabling TCP_USER_TIMEOUT with a timeout of " << timeout
|
391
|
+
<< " ms";
|
393
392
|
if (0 != setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &timeout,
|
394
393
|
sizeof(timeout))) {
|
395
394
|
gpr_log(GPR_ERROR, "setsockopt(TCP_USER_TIMEOUT) %s",
|
@@ -402,10 +401,9 @@ grpc_error_handle grpc_set_socket_tcp_user_timeout(
|
|
402
401
|
return absl::OkStatus();
|
403
402
|
}
|
404
403
|
if (newval != timeout) {
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
timeout, newval);
|
404
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
405
|
+
<< "Setting TCP_USER_TIMEOUT to value " << timeout
|
406
|
+
<< " ms. Actual TCP_USER_TIMEOUT value is " << newval << " ms";
|
409
407
|
return absl::OkStatus();
|
410
408
|
}
|
411
409
|
}
|
@@ -442,7 +440,8 @@ static void probe_ipv6_once(void) {
|
|
442
440
|
int fd = socket(AF_INET6, SOCK_STREAM, 0);
|
443
441
|
g_ipv6_loopback_available = 0;
|
444
442
|
if (fd < 0) {
|
445
|
-
|
443
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
444
|
+
<< "Disabling AF_INET6 sockets because socket() failed.";
|
446
445
|
} else {
|
447
446
|
grpc_sockaddr_in6 addr;
|
448
447
|
memset(&addr, 0, sizeof(addr));
|
@@ -451,8 +450,8 @@ static void probe_ipv6_once(void) {
|
|
451
450
|
if (bind(fd, reinterpret_cast<grpc_sockaddr*>(&addr), sizeof(addr)) == 0) {
|
452
451
|
g_ipv6_loopback_available = 1;
|
453
452
|
} else {
|
454
|
-
|
455
|
-
|
453
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
454
|
+
<< "Disabling AF_INET6 sockets because ::1 is not available.";
|
456
455
|
}
|
457
456
|
close(fd);
|
458
457
|
}
|
@@ -132,7 +132,7 @@ void grpc_winsocket_shutdown(grpc_winsocket* winsocket) {
|
|
132
132
|
DisconnectEx(winsocket->socket, NULL, 0, 0);
|
133
133
|
} else {
|
134
134
|
char* utf8_message = gpr_format_message(WSAGetLastError());
|
135
|
-
|
135
|
+
VLOG(2) << "Unable to retrieve DisconnectEx pointer : " << utf8_message;
|
136
136
|
gpr_free(utf8_message);
|
137
137
|
}
|
138
138
|
// Calling closesocket triggers invocation of any pending I/O operations with
|
@@ -216,7 +216,7 @@ static void probe_ipv6_once(void) {
|
|
216
216
|
SOCKET s = socket(AF_INET6, SOCK_STREAM, 0);
|
217
217
|
g_ipv6_loopback_available = 0;
|
218
218
|
if (s == INVALID_SOCKET) {
|
219
|
-
|
219
|
+
VLOG(2) << "Disabling AF_INET6 sockets because socket() failed.";
|
220
220
|
} else {
|
221
221
|
grpc_sockaddr_in6 addr;
|
222
222
|
memset(&addr, 0, sizeof(addr));
|
@@ -225,7 +225,7 @@ static void probe_ipv6_once(void) {
|
|
225
225
|
if (bind(s, reinterpret_cast<grpc_sockaddr*>(&addr), sizeof(addr)) == 0) {
|
226
226
|
g_ipv6_loopback_available = 1;
|
227
227
|
} else {
|
228
|
-
|
228
|
+
VLOG(2) << "Disabling AF_INET6 sockets because ::1 is not available.";
|
229
229
|
}
|
230
230
|
closesocket(s);
|
231
231
|
}
|
@@ -210,7 +210,8 @@ class TcpZerocopySendCtx {
|
|
210
210
|
if (send_records_ == nullptr || free_send_records_ == nullptr) {
|
211
211
|
gpr_free(send_records_);
|
212
212
|
gpr_free(free_send_records_);
|
213
|
-
|
213
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
214
|
+
<< "Disabling TCP TX zerocopy due to memory pressure.\n";
|
214
215
|
memory_limited_ = true;
|
215
216
|
} else {
|
216
217
|
for (int idx = 0; idx < max_sends_; ++idx) {
|
@@ -806,7 +807,6 @@ static void tcp_ref(grpc_tcp* tcp) { tcp->refcount.Ref(); }
|
|
806
807
|
#endif
|
807
808
|
|
808
809
|
static void tcp_destroy(grpc_endpoint* ep) {
|
809
|
-
gpr_log(GPR_INFO, "IOMGR endpoint shutdown");
|
810
810
|
grpc_tcp* tcp = reinterpret_cast<grpc_tcp*>(ep);
|
811
811
|
ZerocopyDisableAndWaitForRemaining(tcp);
|
812
812
|
grpc_fd_shutdown(tcp->em_fd, absl::UnavailableError("endpoint shutdown"));
|
@@ -424,10 +424,9 @@ static void on_read(void* arg, grpc_error_handle err) {
|
|
424
424
|
int64_t dropped_connections_count =
|
425
425
|
num_dropped_connections.fetch_add(1, std::memory_order_relaxed) + 1;
|
426
426
|
if (dropped_connections_count % 1000 == 1) {
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
dropped_connections_count);
|
427
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
428
|
+
<< "Dropped >= " << dropped_connections_count
|
429
|
+
<< " new connection attempts due to high memory pressure";
|
431
430
|
}
|
432
431
|
close(fd);
|
433
432
|
continue;
|
@@ -549,16 +548,14 @@ static grpc_error_handle add_wildcard_addrs_to_server(grpc_tcp_server* s,
|
|
549
548
|
}
|
550
549
|
if (*out_port > 0) {
|
551
550
|
if (!v6_err.ok()) {
|
552
|
-
|
553
|
-
|
554
|
-
|
555
|
-
grpc_core::StatusToString(v6_err).c_str());
|
551
|
+
GRPC_TRACE_LOG(tcp, INFO) << "Failed to add :: listener, "
|
552
|
+
<< "the environment may not support IPv6: "
|
553
|
+
<< grpc_core::StatusToString(v6_err);
|
556
554
|
}
|
557
555
|
if (!v4_err.ok()) {
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
grpc_core::StatusToString(v4_err).c_str());
|
556
|
+
GRPC_TRACE_LOG(tcp, INFO) << "Failed to add 0.0.0.0 listener, "
|
557
|
+
<< "the environment may not support IPv4: "
|
558
|
+
<< grpc_core::StatusToString(v4_err);
|
562
559
|
}
|
563
560
|
return absl::OkStatus();
|
564
561
|
} else {
|
@@ -386,8 +386,8 @@ static void on_accept(void* arg, grpc_error_handle error) {
|
|
386
386
|
// this is necessary in the read/write case, it's useless for the accept
|
387
387
|
// case. We only need to adjust the pending callback count
|
388
388
|
if (!error.ok()) {
|
389
|
-
|
390
|
-
|
389
|
+
VLOG(2) << "Skipping on_accept due to error: "
|
390
|
+
<< grpc_core::StatusToString(error);
|
391
391
|
|
392
392
|
gpr_mu_unlock(&sp->server->mu);
|
393
393
|
return;
|
@@ -288,13 +288,13 @@ bool Party::RunOneParticipant(int i) {
|
|
288
288
|
currently_polling_ = kNotPolling;
|
289
289
|
if (done) {
|
290
290
|
if (!name.empty()) {
|
291
|
-
|
292
|
-
|
291
|
+
GRPC_TRACE_LOG(promise_primitives, INFO)
|
292
|
+
<< DebugTag() << "[" << name << "] end poll and finish job " << i;
|
293
293
|
}
|
294
294
|
participants_[i].store(nullptr, std::memory_order_relaxed);
|
295
295
|
} else if (!name.empty()) {
|
296
|
-
|
297
|
-
|
296
|
+
GRPC_TRACE_LOG(promise_primitives, INFO)
|
297
|
+
<< DebugTag() << "[" << name << "] end poll";
|
298
298
|
}
|
299
299
|
return done;
|
300
300
|
}
|
@@ -397,8 +397,8 @@ void TlsChannelSecurityConnector::cancel_check_peer(
|
|
397
397
|
if (it != pending_verifier_requests_.end()) {
|
398
398
|
pending_verifier_request = it->second->request();
|
399
399
|
} else {
|
400
|
-
|
401
|
-
|
400
|
+
VLOG(2) << "TlsChannelSecurityConnector::cancel_check_peer: no "
|
401
|
+
"corresponding pending request found";
|
402
402
|
}
|
403
403
|
}
|
404
404
|
if (pending_verifier_request != nullptr) {
|
@@ -489,10 +489,10 @@ class GrpcLb final : public LoadBalancingPolicy {
|
|
489
489
|
new_state == GRPC_CHANNEL_TRANSIENT_FAILURE) {
|
490
490
|
// In TRANSIENT_FAILURE. Cancel the fallback timer and go into
|
491
491
|
// fallback mode immediately.
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
492
|
+
GRPC_TRACE_LOG(glb, INFO)
|
493
|
+
<< "[grpclb " << parent_.get()
|
494
|
+
<< "] balancer channel in state:TRANSIENT_FAILURE ("
|
495
|
+
<< status.ToString() << "); entering fallback mode";
|
496
496
|
parent_->fallback_at_startup_checks_pending_ = false;
|
497
497
|
parent_->channel_control_helper()->GetEventEngine()->Cancel(
|
498
498
|
*parent_->lb_fallback_timer_handle_);
|
@@ -670,11 +670,10 @@ class GrpcLb::Serverlist::AddressIterator final
|
|
670
670
|
std::string lb_token(server.load_balance_token, lb_token_length);
|
671
671
|
if (lb_token.empty()) {
|
672
672
|
auto addr_uri = grpc_sockaddr_to_uri(&addr);
|
673
|
-
|
674
|
-
|
675
|
-
|
676
|
-
|
677
|
-
: addr_uri.status().ToString().c_str());
|
673
|
+
GRPC_TRACE_LOG(glb, INFO)
|
674
|
+
<< "Missing LB token for backend address '"
|
675
|
+
<< (addr_uri.ok() ? *addr_uri : addr_uri.status().ToString())
|
676
|
+
<< "'. The empty token will be used instead";
|
678
677
|
}
|
679
678
|
// Return address with a channel arg containing LB token and stats object.
|
680
679
|
callback(EndpointAddresses(
|
@@ -852,12 +851,12 @@ void GrpcLb::Helper::UpdateState(grpc_connectivity_state state,
|
|
852
851
|
client_stats = parent()->lb_calld_->client_stats()->Ref();
|
853
852
|
}
|
854
853
|
if (GRPC_TRACE_FLAG_ENABLED(glb)) {
|
855
|
-
|
856
|
-
|
857
|
-
|
858
|
-
|
859
|
-
|
860
|
-
|
854
|
+
GRPC_TRACE_LOG(glb, INFO)
|
855
|
+
<< "[grpclb " << parent() << " helper " << this
|
856
|
+
<< "] state=" << ConnectivityStateName(state) << " ("
|
857
|
+
<< status.ToString() << ") wrapping child picker " << picker.get()
|
858
|
+
<< " (serverlist=" << serverlist.get()
|
859
|
+
<< ", client_stats=" << client_stats.get() << ")";
|
861
860
|
}
|
862
861
|
parent()->channel_control_helper()->UpdateState(
|
863
862
|
state, status,
|
data/src/core/server/server.cc
CHANGED
@@ -976,7 +976,7 @@ grpc_error_handle Server::SetupTransport(
|
|
976
976
|
}
|
977
977
|
t->StartConnectivityWatch(MakeOrphanable<TransportConnectivityWatcher>(
|
978
978
|
t->RefAsSubclass<ServerTransport>(), Ref()));
|
979
|
-
|
979
|
+
GRPC_TRACE_LOG(server_channel, INFO) << "Adding connection";
|
980
980
|
connections_.emplace(std::move(t));
|
981
981
|
++connections_open_;
|
982
982
|
} else {
|
data/src/core/util/log.cc
CHANGED
@@ -70,10 +70,10 @@ int gpr_should_log(gpr_log_severity severity) {
|
|
70
70
|
// MinLogLevel is. We could have saved this in a static const variable.
|
71
71
|
// But decided against it just in case anyone programatically sets absl
|
72
72
|
// min log level settings after this has been initialized.
|
73
|
-
// Same holds for
|
73
|
+
// Same holds for ABSL_VLOG_IS_ON(2).
|
74
74
|
return absl::MinLogLevel() <= absl::LogSeverityAtLeast::kInfo;
|
75
75
|
case GPR_LOG_SEVERITY_DEBUG:
|
76
|
-
return
|
76
|
+
return ABSL_VLOG_IS_ON(2);
|
77
77
|
default:
|
78
78
|
DLOG(ERROR) << "Invalid gpr_log_severity.";
|
79
79
|
return true;
|
@@ -132,15 +132,17 @@ void gpr_log_verbosity_init(void) {
|
|
132
132
|
absl::string_view verbosity = grpc_core::ConfigVars::Get().Verbosity();
|
133
133
|
DVLOG(2) << "Log verbosity: " << verbosity;
|
134
134
|
if (absl::EqualsIgnoreCase(verbosity, "INFO")) {
|
135
|
-
|
136
|
-
|
137
|
-
|
135
|
+
LOG_FIRST_N(WARNING, 1)
|
136
|
+
<< "Log level INFO is not suitable for production. Prefer WARNING or "
|
137
|
+
"ERROR. However if you see this message in a debug environmenmt or "
|
138
|
+
"test environmenmt it is safe to ignore this message.";
|
138
139
|
absl::SetVLogLevel("*grpc*/*", -1);
|
139
140
|
absl::SetMinLogLevel(absl::LogSeverityAtLeast::kInfo);
|
140
141
|
} else if (absl::EqualsIgnoreCase(verbosity, "DEBUG")) {
|
141
|
-
|
142
|
-
|
143
|
-
|
142
|
+
LOG_FIRST_N(WARNING, 1)
|
143
|
+
<< "Log level DEBUG is not suitable for production. Prefer WARNING or "
|
144
|
+
"ERROR. However if you see this message in a debug environmenmt or "
|
145
|
+
"test environmenmt it is safe to ignore this message.";
|
144
146
|
absl::SetVLogLevel("*grpc*/*", 2);
|
145
147
|
absl::SetMinLogLevel(absl::LogSeverityAtLeast::kInfo);
|
146
148
|
} else if (absl::EqualsIgnoreCase(verbosity, "ERROR")) {
|
@@ -507,11 +507,9 @@ int CBS_get_asn1_int64(CBS *cbs, int64_t *out) {
|
|
507
507
|
return 0;
|
508
508
|
}
|
509
509
|
uint8_t sign_extend[sizeof(int64_t)];
|
510
|
-
|
511
|
-
|
512
|
-
|
513
|
-
}
|
514
|
-
memcpy(out, sign_extend, sizeof(sign_extend));
|
510
|
+
OPENSSL_memset(sign_extend, is_negative ? 0xff : 0, sizeof(sign_extend));
|
511
|
+
OPENSSL_memcpy(sign_extend + sizeof(int64_t) - len, data, len);
|
512
|
+
*out = CRYPTO_load_u64_be(sign_extend);
|
515
513
|
return 1;
|
516
514
|
}
|
517
515
|
|
@@ -41,6 +41,13 @@ static_assert(alignof(union evp_aead_ctx_st_state) >=
|
|
41
41
|
|
42
42
|
static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
43
43
|
size_t key_len, size_t tag_len) {
|
44
|
+
// TODO(crbug.com/42290548): The x86_64 assembly depends on initializing
|
45
|
+
// |OPENSSL_ia32cap_P|. Move the dispatch to C. While we're here, it may be
|
46
|
+
// worth adjusting the assembly calling convention. The assembly functions do
|
47
|
+
// too much work right now. For now, explicitly initialize |OPENSSL_ia32cap_P|
|
48
|
+
// first.
|
49
|
+
OPENSSL_init_cpuid();
|
50
|
+
|
44
51
|
struct aead_chacha20_poly1305_ctx *c20_ctx =
|
45
52
|
(struct aead_chacha20_poly1305_ctx *)&ctx->state;
|
46
53
|
|
@@ -143,6 +143,9 @@ void OPENSSL_cpuid_setup(void) {
|
|
143
143
|
|
144
144
|
int CRYPTO_has_broken_NEON(void) { return 0; }
|
145
145
|
|
146
|
-
int CRYPTO_needs_hwcap2_workaround(void) {
|
146
|
+
int CRYPTO_needs_hwcap2_workaround(void) {
|
147
|
+
OPENSSL_init_cpuid();
|
148
|
+
return g_needs_hwcap2_workaround;
|
149
|
+
}
|
147
150
|
|
148
151
|
#endif // OPENSSL_ARM && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP
|
@@ -208,15 +208,6 @@ void OPENSSL_cpuid_setup(void) {
|
|
208
208
|
// Reserved bit #30 is repurposed to signal an Intel CPU.
|
209
209
|
if (is_intel) {
|
210
210
|
edx |= (1u << 30);
|
211
|
-
|
212
|
-
// Clear the XSAVE bit on Knights Landing to mimic Silvermont. This enables
|
213
|
-
// some Silvermont-specific codepaths which perform better. See OpenSSL
|
214
|
-
// commit 64d92d74985ebb3d0be58a9718f9e080a14a8e7f and
|
215
|
-
// |CRYPTO_cpu_perf_is_like_silvermont|.
|
216
|
-
if ((eax & 0x0fff0ff0) == 0x00050670 /* Knights Landing */ ||
|
217
|
-
(eax & 0x0fff0ff0) == 0x00080650 /* Knights Mill (per SDE) */) {
|
218
|
-
ecx &= ~(1u << 26);
|
219
|
-
}
|
220
211
|
} else {
|
221
212
|
edx &= ~(1u << 30);
|
222
213
|
}
|
@@ -251,12 +242,6 @@ void OPENSSL_cpuid_setup(void) {
|
|
251
242
|
extended_features[0] &= ~(1u << 16);
|
252
243
|
}
|
253
244
|
|
254
|
-
// Disable ADX instructions on Knights Landing. See OpenSSL commit
|
255
|
-
// 64d92d74985ebb3d0be58a9718f9e080a14a8e7f.
|
256
|
-
if ((ecx & (1u << 26)) == 0) {
|
257
|
-
extended_features[0] &= ~(1u << 19);
|
258
|
-
}
|
259
|
-
|
260
245
|
OPENSSL_ia32cap_P[0] = edx;
|
261
246
|
OPENSSL_ia32cap_P[1] = ecx;
|
262
247
|
OPENSSL_ia32cap_P[2] = extended_features[0];
|
@@ -24,23 +24,6 @@
|
|
24
24
|
static_assert(sizeof(ossl_ssize_t) == sizeof(size_t),
|
25
25
|
"ossl_ssize_t should be the same size as size_t");
|
26
26
|
|
27
|
-
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
|
28
|
-
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
29
|
-
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
30
|
-
// x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
|
31
|
-
// for the asm to work correctly, unless compiled without asm code.
|
32
|
-
#define NEED_CPUID
|
33
|
-
|
34
|
-
#else
|
35
|
-
|
36
|
-
// Otherwise, don't emit a static initialiser.
|
37
|
-
|
38
|
-
#if !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
39
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
40
|
-
#endif
|
41
|
-
|
42
|
-
#endif // !NO_ASM && !STATIC_ARMCAP && (X86 || X86_64 || ARM || AARCH64)
|
43
|
-
|
44
27
|
|
45
28
|
// Our assembly does not use the GOT to reference symbols, which means
|
46
29
|
// references to visible symbols will often require a TEXTREL. This is
|
@@ -79,7 +62,7 @@ HIDDEN uint8_t BORINGSSL_function_hit[7] = {0};
|
|
79
62
|
HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0};
|
80
63
|
|
81
64
|
uint32_t OPENSSL_get_ia32cap(int idx) {
|
82
|
-
|
65
|
+
OPENSSL_init_cpuid();
|
83
66
|
return OPENSSL_ia32cap_P[idx];
|
84
67
|
}
|
85
68
|
|
@@ -121,60 +104,24 @@ HIDDEN uint32_t OPENSSL_armcap_P =
|
|
121
104
|
HIDDEN uint32_t OPENSSL_armcap_P = 0;
|
122
105
|
|
123
106
|
uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
|
124
|
-
|
107
|
+
OPENSSL_init_cpuid();
|
125
108
|
return &OPENSSL_armcap_P;
|
126
109
|
}
|
127
110
|
#endif
|
128
111
|
|
129
112
|
uint32_t OPENSSL_get_armcap(void) {
|
130
|
-
|
113
|
+
OPENSSL_init_cpuid();
|
131
114
|
return OPENSSL_armcap_P;
|
132
115
|
}
|
133
116
|
|
134
117
|
#endif
|
135
118
|
|
136
|
-
#if defined(BORINGSSL_FIPS)
|
137
|
-
// In FIPS mode, the power-on self-test function calls |CRYPTO_library_init|
|
138
|
-
// because we have to ensure that CPUID detection occurs first.
|
139
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
140
|
-
#endif
|
141
|
-
|
142
|
-
#if defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
143
|
-
#define OPENSSL_CDECL __cdecl
|
144
|
-
#else
|
145
|
-
#define OPENSSL_CDECL
|
146
|
-
#endif
|
147
|
-
|
148
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
149
|
-
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
150
|
-
#elif defined(_MSC_VER)
|
151
|
-
#pragma section(".CRT$XCU", read)
|
152
|
-
static void __cdecl do_library_init(void);
|
153
|
-
__declspec(allocate(".CRT$XCU")) void(*library_init_constructor)(void) =
|
154
|
-
do_library_init;
|
155
|
-
#else
|
156
|
-
static void do_library_init(void) __attribute__ ((constructor));
|
157
|
-
#endif
|
158
|
-
|
159
|
-
// do_library_init is the actual initialization function. If
|
160
|
-
// BORINGSSL_NO_STATIC_INITIALIZER isn't defined, this is set as a static
|
161
|
-
// initializer. Otherwise, it is called by CRYPTO_library_init.
|
162
|
-
static void OPENSSL_CDECL do_library_init(void) {
|
163
|
-
// WARNING: this function may only configure the capability variables. See the
|
164
|
-
// note above about the linker bug.
|
165
119
|
#if defined(NEED_CPUID)
|
166
|
-
|
120
|
+
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
121
|
+
void OPENSSL_init_cpuid(void) { CRYPTO_once(&once, OPENSSL_cpuid_setup); }
|
167
122
|
#endif
|
168
|
-
}
|
169
123
|
|
170
|
-
void CRYPTO_library_init(void) {
|
171
|
-
// TODO(davidben): It would be tidier if this build knob could be replaced
|
172
|
-
// with an internal lazy-init mechanism that would handle things correctly
|
173
|
-
// in-library. https://crbug.com/542879
|
174
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
175
|
-
CRYPTO_once(&once, do_library_init);
|
176
|
-
#endif
|
177
|
-
}
|
124
|
+
void CRYPTO_library_init(void) {}
|
178
125
|
|
179
126
|
int CRYPTO_is_confidential_build(void) {
|
180
127
|
#if defined(BORINGSSL_CONFIDENTIAL)
|
@@ -194,7 +141,7 @@ int CRYPTO_has_asm(void) {
|
|
194
141
|
|
195
142
|
void CRYPTO_pre_sandbox_init(void) {
|
196
143
|
// Read from /proc/cpuinfo if needed.
|
197
|
-
|
144
|
+
OPENSSL_init_cpuid();
|
198
145
|
// Open /dev/urandom if needed.
|
199
146
|
CRYPTO_init_sysrand();
|
200
147
|
// Set up MADV_WIPEONFORK state if needed.
|
@@ -235,7 +182,6 @@ int ENGINE_register_all_complete(void) { return 1; }
|
|
235
182
|
void OPENSSL_load_builtin_modules(void) {}
|
236
183
|
|
237
184
|
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
|
238
|
-
CRYPTO_library_init();
|
239
185
|
return 1;
|
240
186
|
}
|
241
187
|
|
@@ -1196,7 +1196,7 @@ int DILITHIUM_generate_key_external_entropy(
|
|
1196
1196
|
|
1197
1197
|
vectork_power2_round(&values->pub.t1, &priv->t0, &values->t);
|
1198
1198
|
// t1 is public.
|
1199
|
-
CONSTTIME_DECLASSIFY(&pub.t1, sizeof(pub.t1));
|
1199
|
+
CONSTTIME_DECLASSIFY(&values->pub.t1, sizeof(values->pub.t1));
|
1200
1200
|
|
1201
1201
|
CBB cbb;
|
1202
1202
|
CBB_init_fixed(&cbb, out_encoded_public_key, DILITHIUM_PUBLIC_KEY_BYTES);
|
@@ -1214,6 +1214,48 @@ err:
|
|
1214
1214
|
return ret;
|
1215
1215
|
}
|
1216
1216
|
|
1217
|
+
int DILITHIUM_public_from_private(
|
1218
|
+
struct DILITHIUM_public_key *out_public_key,
|
1219
|
+
const struct DILITHIUM_private_key *private_key) {
|
1220
|
+
int ret = 0;
|
1221
|
+
|
1222
|
+
// Intermediate values, allocated on the heap to allow use when there is a
|
1223
|
+
// limited amount of stack.
|
1224
|
+
struct values_st {
|
1225
|
+
matrix a_ntt;
|
1226
|
+
vectorl s1_ntt;
|
1227
|
+
vectork t;
|
1228
|
+
vectork t0;
|
1229
|
+
};
|
1230
|
+
struct values_st *values = OPENSSL_malloc(sizeof(*values));
|
1231
|
+
if (values == NULL) {
|
1232
|
+
goto err;
|
1233
|
+
}
|
1234
|
+
|
1235
|
+
const struct private_key *priv = private_key_from_external(private_key);
|
1236
|
+
struct public_key *pub = public_key_from_external(out_public_key);
|
1237
|
+
|
1238
|
+
OPENSSL_memcpy(pub->rho, priv->rho, sizeof(pub->rho));
|
1239
|
+
OPENSSL_memcpy(pub->public_key_hash, priv->public_key_hash,
|
1240
|
+
sizeof(pub->public_key_hash));
|
1241
|
+
|
1242
|
+
matrix_expand(&values->a_ntt, priv->rho);
|
1243
|
+
|
1244
|
+
OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt));
|
1245
|
+
vectorl_ntt(&values->s1_ntt);
|
1246
|
+
|
1247
|
+
matrix_mult(&values->t, &values->a_ntt, &values->s1_ntt);
|
1248
|
+
vectork_inverse_ntt(&values->t);
|
1249
|
+
vectork_add(&values->t, &values->t, &priv->s2);
|
1250
|
+
|
1251
|
+
vectork_power2_round(&pub->t1, &values->t0, &values->t);
|
1252
|
+
|
1253
|
+
ret = 1;
|
1254
|
+
err:
|
1255
|
+
OPENSSL_free(values);
|
1256
|
+
return ret;
|
1257
|
+
}
|
1258
|
+
|
1217
1259
|
// FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure.
|
1218
1260
|
static int dilithium_sign_with_randomizer(
|
1219
1261
|
uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES],
|
@@ -104,3 +104,24 @@ int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
|
|
104
104
|
return aes_nohw_set_decrypt_key(key, bits, aeskey);
|
105
105
|
}
|
106
106
|
}
|
107
|
+
|
108
|
+
#if defined(HWAES) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
|
109
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key|, we implement
|
110
|
+
// |aes_hw_encrypt_key_to_decrypt_key| in assembly and rely on C code to combine
|
111
|
+
// the operations.
|
112
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
113
|
+
int ret = aes_hw_set_encrypt_key(user_key, bits, key);
|
114
|
+
if (ret == 0) {
|
115
|
+
aes_hw_encrypt_key_to_decrypt_key(key);
|
116
|
+
}
|
117
|
+
return ret;
|
118
|
+
}
|
119
|
+
|
120
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
121
|
+
if (aes_hw_set_encrypt_key_alt_preferred()) {
|
122
|
+
return aes_hw_set_encrypt_key_alt(user_key, bits, key);
|
123
|
+
} else {
|
124
|
+
return aes_hw_set_encrypt_key_base(user_key, bits, key);
|
125
|
+
}
|
126
|
+
}
|
127
|
+
#endif
|
@@ -66,17 +66,41 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
|
|
66
66
|
|
67
67
|
#if defined(HWAES)
|
68
68
|
|
69
|
-
int aes_hw_set_encrypt_key(const uint8_t *user_key,
|
70
|
-
|
71
|
-
int aes_hw_set_decrypt_key(const uint8_t *user_key, const int bits,
|
72
|
-
AES_KEY *key);
|
69
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
70
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
73
71
|
void aes_hw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
74
72
|
void aes_hw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
75
73
|
void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
76
|
-
const AES_KEY *key, uint8_t *ivec,
|
74
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
77
75
|
void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len,
|
78
76
|
const AES_KEY *key, const uint8_t ivec[16]);
|
79
77
|
|
78
|
+
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
79
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key| is implemented in terms of
|
80
|
+
// |aes_hw_set_encrypt_key| and a conversion function.
|
81
|
+
void aes_hw_encrypt_key_to_decrypt_key(AES_KEY *key);
|
82
|
+
|
83
|
+
// There are two variants of this function, one which uses aeskeygenassist
|
84
|
+
// ("base") and one which uses aesenclast + pshufb ("alt"). aesenclast is
|
85
|
+
// overall faster but is slower on some older processors. It doesn't use AVX,
|
86
|
+
// but AVX is used as a proxy to detecting this. See
|
87
|
+
// https://groups.google.com/g/mailing.openssl.dev/c/OuFXwW4NfO8/m/7d2ZXVjkxVkJ
|
88
|
+
//
|
89
|
+
// TODO(davidben): It is unclear if the aeskeygenassist version is still
|
90
|
+
// worthwhile. However, the aesenclast version requires SSSE3. SSSE3 long
|
91
|
+
// predates AES-NI, but it's not clear if AES-NI implies SSSE3. In OpenSSL, the
|
92
|
+
// CCM AES-NI assembly seems to assume it does.
|
93
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_capable(void) {
|
94
|
+
return hwaes_capable() && CRYPTO_is_SSSE3_capable();
|
95
|
+
}
|
96
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_preferred(void) {
|
97
|
+
return hwaes_capable() && CRYPTO_is_AVX_capable();
|
98
|
+
}
|
99
|
+
int aes_hw_set_encrypt_key_base(const uint8_t *user_key, int bits,
|
100
|
+
AES_KEY *key);
|
101
|
+
int aes_hw_set_encrypt_key_alt(const uint8_t *user_key, int bits, AES_KEY *key);
|
102
|
+
#endif // OPENSSL_X86 || OPENSSL_X86_64
|
103
|
+
|
80
104
|
#else
|
81
105
|
|
82
106
|
// If HWAES isn't defined then we provide dummy functions for each of the hwaes
|
@@ -120,7 +144,7 @@ OPENSSL_INLINE void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
120
144
|
|
121
145
|
#if defined(HWAES_ECB)
|
122
146
|
void aes_hw_ecb_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
123
|
-
const AES_KEY *key,
|
147
|
+
const AES_KEY *key, int enc);
|
124
148
|
#endif // HWAES_ECB
|
125
149
|
|
126
150
|
|
@@ -218,7 +242,7 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
218
242
|
size_t blocks, const AES_KEY *key,
|
219
243
|
const uint8_t ivec[16]);
|
220
244
|
void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
221
|
-
const AES_KEY *key, uint8_t *ivec,
|
245
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
222
246
|
|
223
247
|
|
224
248
|
#if defined(__cplusplus)
|
@@ -168,8 +168,6 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {}
|
|
168
168
|
|
169
169
|
static void __attribute__((constructor))
|
170
170
|
BORINGSSL_bcm_power_on_self_test(void) {
|
171
|
-
CRYPTO_library_init();
|
172
|
-
|
173
171
|
#if !defined(OPENSSL_ASAN)
|
174
172
|
// Integrity tests cannot run under ASAN because it involves reading the full
|
175
173
|
// .text section, which triggers the global-buffer overflow detection.
|