grpc 1.65.0 → 1.65.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +1 -1
- data/src/core/client_channel/subchannel.cc +10 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +6 -6
- data/src/core/ext/transport/inproc/inproc_transport.cc +2 -2
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +2 -2
- data/src/core/handshaker/http_connect/http_proxy_mapper.cc +7 -10
- data/src/core/lib/compression/message_compress.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +6 -6
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +12 -6
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -2
- data/src/core/lib/event_engine/windows/win_socket.cc +4 -2
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +5 -4
- data/src/core/lib/experiments/config.cc +11 -9
- data/src/core/lib/experiments/experiments.cc +1 -1
- data/src/core/lib/experiments/experiments.h +1 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +30 -30
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +4 -4
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -17
- data/src/core/lib/iomgr/socket_windows.cc +3 -3
- data/src/core/lib/iomgr/tcp_posix.cc +2 -2
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -12
- data/src/core/lib/iomgr/tcp_server_windows.cc +2 -2
- data/src/core/lib/promise/party.cc +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +2 -2
- data/src/core/load_balancing/grpclb/grpclb.cc +14 -15
- data/src/core/server/server.cc +1 -1
- data/src/core/util/log.cc +10 -8
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +7 -61
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +43 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +21 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +31 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +6 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +10 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +26 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +83 -33
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -8
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +14 -13
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +22 -16
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +15 -15
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -27
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +59 -20
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +1 -1
- metadata +3 -3
@@ -374,22 +374,21 @@ grpc_error_handle grpc_set_socket_tcp_user_timeout(
|
|
374
374
|
// if it is available.
|
375
375
|
if (g_socket_supports_tcp_user_timeout.load() == 0) {
|
376
376
|
if (0 != getsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &newval, &len)) {
|
377
|
-
|
378
|
-
|
379
|
-
|
377
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
378
|
+
<< "TCP_USER_TIMEOUT is not available. TCP_USER_TIMEOUT won't be "
|
379
|
+
"used thereafter";
|
380
380
|
g_socket_supports_tcp_user_timeout.store(-1);
|
381
381
|
} else {
|
382
|
-
|
383
|
-
|
384
|
-
|
382
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
383
|
+
<< "TCP_USER_TIMEOUT is available. TCP_USER_TIMEOUT will be used "
|
384
|
+
"thereafter";
|
385
385
|
g_socket_supports_tcp_user_timeout.store(1);
|
386
386
|
}
|
387
387
|
}
|
388
388
|
if (g_socket_supports_tcp_user_timeout.load() > 0) {
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
}
|
389
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
390
|
+
<< "Enabling TCP_USER_TIMEOUT with a timeout of " << timeout
|
391
|
+
<< " ms";
|
393
392
|
if (0 != setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &timeout,
|
394
393
|
sizeof(timeout))) {
|
395
394
|
gpr_log(GPR_ERROR, "setsockopt(TCP_USER_TIMEOUT) %s",
|
@@ -402,10 +401,9 @@ grpc_error_handle grpc_set_socket_tcp_user_timeout(
|
|
402
401
|
return absl::OkStatus();
|
403
402
|
}
|
404
403
|
if (newval != timeout) {
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
timeout, newval);
|
404
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
405
|
+
<< "Setting TCP_USER_TIMEOUT to value " << timeout
|
406
|
+
<< " ms. Actual TCP_USER_TIMEOUT value is " << newval << " ms";
|
409
407
|
return absl::OkStatus();
|
410
408
|
}
|
411
409
|
}
|
@@ -442,7 +440,8 @@ static void probe_ipv6_once(void) {
|
|
442
440
|
int fd = socket(AF_INET6, SOCK_STREAM, 0);
|
443
441
|
g_ipv6_loopback_available = 0;
|
444
442
|
if (fd < 0) {
|
445
|
-
|
443
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
444
|
+
<< "Disabling AF_INET6 sockets because socket() failed.";
|
446
445
|
} else {
|
447
446
|
grpc_sockaddr_in6 addr;
|
448
447
|
memset(&addr, 0, sizeof(addr));
|
@@ -451,8 +450,8 @@ static void probe_ipv6_once(void) {
|
|
451
450
|
if (bind(fd, reinterpret_cast<grpc_sockaddr*>(&addr), sizeof(addr)) == 0) {
|
452
451
|
g_ipv6_loopback_available = 1;
|
453
452
|
} else {
|
454
|
-
|
455
|
-
|
453
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
454
|
+
<< "Disabling AF_INET6 sockets because ::1 is not available.";
|
456
455
|
}
|
457
456
|
close(fd);
|
458
457
|
}
|
@@ -132,7 +132,7 @@ void grpc_winsocket_shutdown(grpc_winsocket* winsocket) {
|
|
132
132
|
DisconnectEx(winsocket->socket, NULL, 0, 0);
|
133
133
|
} else {
|
134
134
|
char* utf8_message = gpr_format_message(WSAGetLastError());
|
135
|
-
|
135
|
+
VLOG(2) << "Unable to retrieve DisconnectEx pointer : " << utf8_message;
|
136
136
|
gpr_free(utf8_message);
|
137
137
|
}
|
138
138
|
// Calling closesocket triggers invocation of any pending I/O operations with
|
@@ -216,7 +216,7 @@ static void probe_ipv6_once(void) {
|
|
216
216
|
SOCKET s = socket(AF_INET6, SOCK_STREAM, 0);
|
217
217
|
g_ipv6_loopback_available = 0;
|
218
218
|
if (s == INVALID_SOCKET) {
|
219
|
-
|
219
|
+
VLOG(2) << "Disabling AF_INET6 sockets because socket() failed.";
|
220
220
|
} else {
|
221
221
|
grpc_sockaddr_in6 addr;
|
222
222
|
memset(&addr, 0, sizeof(addr));
|
@@ -225,7 +225,7 @@ static void probe_ipv6_once(void) {
|
|
225
225
|
if (bind(s, reinterpret_cast<grpc_sockaddr*>(&addr), sizeof(addr)) == 0) {
|
226
226
|
g_ipv6_loopback_available = 1;
|
227
227
|
} else {
|
228
|
-
|
228
|
+
VLOG(2) << "Disabling AF_INET6 sockets because ::1 is not available.";
|
229
229
|
}
|
230
230
|
closesocket(s);
|
231
231
|
}
|
@@ -210,7 +210,8 @@ class TcpZerocopySendCtx {
|
|
210
210
|
if (send_records_ == nullptr || free_send_records_ == nullptr) {
|
211
211
|
gpr_free(send_records_);
|
212
212
|
gpr_free(free_send_records_);
|
213
|
-
|
213
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
214
|
+
<< "Disabling TCP TX zerocopy due to memory pressure.\n";
|
214
215
|
memory_limited_ = true;
|
215
216
|
} else {
|
216
217
|
for (int idx = 0; idx < max_sends_; ++idx) {
|
@@ -806,7 +807,6 @@ static void tcp_ref(grpc_tcp* tcp) { tcp->refcount.Ref(); }
|
|
806
807
|
#endif
|
807
808
|
|
808
809
|
static void tcp_destroy(grpc_endpoint* ep) {
|
809
|
-
gpr_log(GPR_INFO, "IOMGR endpoint shutdown");
|
810
810
|
grpc_tcp* tcp = reinterpret_cast<grpc_tcp*>(ep);
|
811
811
|
ZerocopyDisableAndWaitForRemaining(tcp);
|
812
812
|
grpc_fd_shutdown(tcp->em_fd, absl::UnavailableError("endpoint shutdown"));
|
@@ -424,10 +424,9 @@ static void on_read(void* arg, grpc_error_handle err) {
|
|
424
424
|
int64_t dropped_connections_count =
|
425
425
|
num_dropped_connections.fetch_add(1, std::memory_order_relaxed) + 1;
|
426
426
|
if (dropped_connections_count % 1000 == 1) {
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
dropped_connections_count);
|
427
|
+
GRPC_TRACE_LOG(tcp, INFO)
|
428
|
+
<< "Dropped >= " << dropped_connections_count
|
429
|
+
<< " new connection attempts due to high memory pressure";
|
431
430
|
}
|
432
431
|
close(fd);
|
433
432
|
continue;
|
@@ -549,16 +548,14 @@ static grpc_error_handle add_wildcard_addrs_to_server(grpc_tcp_server* s,
|
|
549
548
|
}
|
550
549
|
if (*out_port > 0) {
|
551
550
|
if (!v6_err.ok()) {
|
552
|
-
|
553
|
-
|
554
|
-
|
555
|
-
grpc_core::StatusToString(v6_err).c_str());
|
551
|
+
GRPC_TRACE_LOG(tcp, INFO) << "Failed to add :: listener, "
|
552
|
+
<< "the environment may not support IPv6: "
|
553
|
+
<< grpc_core::StatusToString(v6_err);
|
556
554
|
}
|
557
555
|
if (!v4_err.ok()) {
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
grpc_core::StatusToString(v4_err).c_str());
|
556
|
+
GRPC_TRACE_LOG(tcp, INFO) << "Failed to add 0.0.0.0 listener, "
|
557
|
+
<< "the environment may not support IPv4: "
|
558
|
+
<< grpc_core::StatusToString(v4_err);
|
562
559
|
}
|
563
560
|
return absl::OkStatus();
|
564
561
|
} else {
|
@@ -386,8 +386,8 @@ static void on_accept(void* arg, grpc_error_handle error) {
|
|
386
386
|
// this is necessary in the read/write case, it's useless for the accept
|
387
387
|
// case. We only need to adjust the pending callback count
|
388
388
|
if (!error.ok()) {
|
389
|
-
|
390
|
-
|
389
|
+
VLOG(2) << "Skipping on_accept due to error: "
|
390
|
+
<< grpc_core::StatusToString(error);
|
391
391
|
|
392
392
|
gpr_mu_unlock(&sp->server->mu);
|
393
393
|
return;
|
@@ -288,13 +288,13 @@ bool Party::RunOneParticipant(int i) {
|
|
288
288
|
currently_polling_ = kNotPolling;
|
289
289
|
if (done) {
|
290
290
|
if (!name.empty()) {
|
291
|
-
|
292
|
-
|
291
|
+
GRPC_TRACE_LOG(promise_primitives, INFO)
|
292
|
+
<< DebugTag() << "[" << name << "] end poll and finish job " << i;
|
293
293
|
}
|
294
294
|
participants_[i].store(nullptr, std::memory_order_relaxed);
|
295
295
|
} else if (!name.empty()) {
|
296
|
-
|
297
|
-
|
296
|
+
GRPC_TRACE_LOG(promise_primitives, INFO)
|
297
|
+
<< DebugTag() << "[" << name << "] end poll";
|
298
298
|
}
|
299
299
|
return done;
|
300
300
|
}
|
@@ -397,8 +397,8 @@ void TlsChannelSecurityConnector::cancel_check_peer(
|
|
397
397
|
if (it != pending_verifier_requests_.end()) {
|
398
398
|
pending_verifier_request = it->second->request();
|
399
399
|
} else {
|
400
|
-
|
401
|
-
|
400
|
+
VLOG(2) << "TlsChannelSecurityConnector::cancel_check_peer: no "
|
401
|
+
"corresponding pending request found";
|
402
402
|
}
|
403
403
|
}
|
404
404
|
if (pending_verifier_request != nullptr) {
|
@@ -489,10 +489,10 @@ class GrpcLb final : public LoadBalancingPolicy {
|
|
489
489
|
new_state == GRPC_CHANNEL_TRANSIENT_FAILURE) {
|
490
490
|
// In TRANSIENT_FAILURE. Cancel the fallback timer and go into
|
491
491
|
// fallback mode immediately.
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
492
|
+
GRPC_TRACE_LOG(glb, INFO)
|
493
|
+
<< "[grpclb " << parent_.get()
|
494
|
+
<< "] balancer channel in state:TRANSIENT_FAILURE ("
|
495
|
+
<< status.ToString() << "); entering fallback mode";
|
496
496
|
parent_->fallback_at_startup_checks_pending_ = false;
|
497
497
|
parent_->channel_control_helper()->GetEventEngine()->Cancel(
|
498
498
|
*parent_->lb_fallback_timer_handle_);
|
@@ -670,11 +670,10 @@ class GrpcLb::Serverlist::AddressIterator final
|
|
670
670
|
std::string lb_token(server.load_balance_token, lb_token_length);
|
671
671
|
if (lb_token.empty()) {
|
672
672
|
auto addr_uri = grpc_sockaddr_to_uri(&addr);
|
673
|
-
|
674
|
-
|
675
|
-
|
676
|
-
|
677
|
-
: addr_uri.status().ToString().c_str());
|
673
|
+
GRPC_TRACE_LOG(glb, INFO)
|
674
|
+
<< "Missing LB token for backend address '"
|
675
|
+
<< (addr_uri.ok() ? *addr_uri : addr_uri.status().ToString())
|
676
|
+
<< "'. The empty token will be used instead";
|
678
677
|
}
|
679
678
|
// Return address with a channel arg containing LB token and stats object.
|
680
679
|
callback(EndpointAddresses(
|
@@ -852,12 +851,12 @@ void GrpcLb::Helper::UpdateState(grpc_connectivity_state state,
|
|
852
851
|
client_stats = parent()->lb_calld_->client_stats()->Ref();
|
853
852
|
}
|
854
853
|
if (GRPC_TRACE_FLAG_ENABLED(glb)) {
|
855
|
-
|
856
|
-
|
857
|
-
|
858
|
-
|
859
|
-
|
860
|
-
|
854
|
+
GRPC_TRACE_LOG(glb, INFO)
|
855
|
+
<< "[grpclb " << parent() << " helper " << this
|
856
|
+
<< "] state=" << ConnectivityStateName(state) << " ("
|
857
|
+
<< status.ToString() << ") wrapping child picker " << picker.get()
|
858
|
+
<< " (serverlist=" << serverlist.get()
|
859
|
+
<< ", client_stats=" << client_stats.get() << ")";
|
861
860
|
}
|
862
861
|
parent()->channel_control_helper()->UpdateState(
|
863
862
|
state, status,
|
data/src/core/server/server.cc
CHANGED
@@ -976,7 +976,7 @@ grpc_error_handle Server::SetupTransport(
|
|
976
976
|
}
|
977
977
|
t->StartConnectivityWatch(MakeOrphanable<TransportConnectivityWatcher>(
|
978
978
|
t->RefAsSubclass<ServerTransport>(), Ref()));
|
979
|
-
|
979
|
+
GRPC_TRACE_LOG(server_channel, INFO) << "Adding connection";
|
980
980
|
connections_.emplace(std::move(t));
|
981
981
|
++connections_open_;
|
982
982
|
} else {
|
data/src/core/util/log.cc
CHANGED
@@ -70,10 +70,10 @@ int gpr_should_log(gpr_log_severity severity) {
|
|
70
70
|
// MinLogLevel is. We could have saved this in a static const variable.
|
71
71
|
// But decided against it just in case anyone programatically sets absl
|
72
72
|
// min log level settings after this has been initialized.
|
73
|
-
// Same holds for
|
73
|
+
// Same holds for ABSL_VLOG_IS_ON(2).
|
74
74
|
return absl::MinLogLevel() <= absl::LogSeverityAtLeast::kInfo;
|
75
75
|
case GPR_LOG_SEVERITY_DEBUG:
|
76
|
-
return
|
76
|
+
return ABSL_VLOG_IS_ON(2);
|
77
77
|
default:
|
78
78
|
DLOG(ERROR) << "Invalid gpr_log_severity.";
|
79
79
|
return true;
|
@@ -132,15 +132,17 @@ void gpr_log_verbosity_init(void) {
|
|
132
132
|
absl::string_view verbosity = grpc_core::ConfigVars::Get().Verbosity();
|
133
133
|
DVLOG(2) << "Log verbosity: " << verbosity;
|
134
134
|
if (absl::EqualsIgnoreCase(verbosity, "INFO")) {
|
135
|
-
|
136
|
-
|
137
|
-
|
135
|
+
LOG_FIRST_N(WARNING, 1)
|
136
|
+
<< "Log level INFO is not suitable for production. Prefer WARNING or "
|
137
|
+
"ERROR. However if you see this message in a debug environmenmt or "
|
138
|
+
"test environmenmt it is safe to ignore this message.";
|
138
139
|
absl::SetVLogLevel("*grpc*/*", -1);
|
139
140
|
absl::SetMinLogLevel(absl::LogSeverityAtLeast::kInfo);
|
140
141
|
} else if (absl::EqualsIgnoreCase(verbosity, "DEBUG")) {
|
141
|
-
|
142
|
-
|
143
|
-
|
142
|
+
LOG_FIRST_N(WARNING, 1)
|
143
|
+
<< "Log level DEBUG is not suitable for production. Prefer WARNING or "
|
144
|
+
"ERROR. However if you see this message in a debug environmenmt or "
|
145
|
+
"test environmenmt it is safe to ignore this message.";
|
144
146
|
absl::SetVLogLevel("*grpc*/*", 2);
|
145
147
|
absl::SetMinLogLevel(absl::LogSeverityAtLeast::kInfo);
|
146
148
|
} else if (absl::EqualsIgnoreCase(verbosity, "ERROR")) {
|
@@ -507,11 +507,9 @@ int CBS_get_asn1_int64(CBS *cbs, int64_t *out) {
|
|
507
507
|
return 0;
|
508
508
|
}
|
509
509
|
uint8_t sign_extend[sizeof(int64_t)];
|
510
|
-
|
511
|
-
|
512
|
-
|
513
|
-
}
|
514
|
-
memcpy(out, sign_extend, sizeof(sign_extend));
|
510
|
+
OPENSSL_memset(sign_extend, is_negative ? 0xff : 0, sizeof(sign_extend));
|
511
|
+
OPENSSL_memcpy(sign_extend + sizeof(int64_t) - len, data, len);
|
512
|
+
*out = CRYPTO_load_u64_be(sign_extend);
|
515
513
|
return 1;
|
516
514
|
}
|
517
515
|
|
@@ -41,6 +41,13 @@ static_assert(alignof(union evp_aead_ctx_st_state) >=
|
|
41
41
|
|
42
42
|
static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
43
43
|
size_t key_len, size_t tag_len) {
|
44
|
+
// TODO(crbug.com/42290548): The x86_64 assembly depends on initializing
|
45
|
+
// |OPENSSL_ia32cap_P|. Move the dispatch to C. While we're here, it may be
|
46
|
+
// worth adjusting the assembly calling convention. The assembly functions do
|
47
|
+
// too much work right now. For now, explicitly initialize |OPENSSL_ia32cap_P|
|
48
|
+
// first.
|
49
|
+
OPENSSL_init_cpuid();
|
50
|
+
|
44
51
|
struct aead_chacha20_poly1305_ctx *c20_ctx =
|
45
52
|
(struct aead_chacha20_poly1305_ctx *)&ctx->state;
|
46
53
|
|
@@ -143,6 +143,9 @@ void OPENSSL_cpuid_setup(void) {
|
|
143
143
|
|
144
144
|
int CRYPTO_has_broken_NEON(void) { return 0; }
|
145
145
|
|
146
|
-
int CRYPTO_needs_hwcap2_workaround(void) {
|
146
|
+
int CRYPTO_needs_hwcap2_workaround(void) {
|
147
|
+
OPENSSL_init_cpuid();
|
148
|
+
return g_needs_hwcap2_workaround;
|
149
|
+
}
|
147
150
|
|
148
151
|
#endif // OPENSSL_ARM && OPENSSL_LINUX && !OPENSSL_STATIC_ARMCAP
|
@@ -208,15 +208,6 @@ void OPENSSL_cpuid_setup(void) {
|
|
208
208
|
// Reserved bit #30 is repurposed to signal an Intel CPU.
|
209
209
|
if (is_intel) {
|
210
210
|
edx |= (1u << 30);
|
211
|
-
|
212
|
-
// Clear the XSAVE bit on Knights Landing to mimic Silvermont. This enables
|
213
|
-
// some Silvermont-specific codepaths which perform better. See OpenSSL
|
214
|
-
// commit 64d92d74985ebb3d0be58a9718f9e080a14a8e7f and
|
215
|
-
// |CRYPTO_cpu_perf_is_like_silvermont|.
|
216
|
-
if ((eax & 0x0fff0ff0) == 0x00050670 /* Knights Landing */ ||
|
217
|
-
(eax & 0x0fff0ff0) == 0x00080650 /* Knights Mill (per SDE) */) {
|
218
|
-
ecx &= ~(1u << 26);
|
219
|
-
}
|
220
211
|
} else {
|
221
212
|
edx &= ~(1u << 30);
|
222
213
|
}
|
@@ -251,12 +242,6 @@ void OPENSSL_cpuid_setup(void) {
|
|
251
242
|
extended_features[0] &= ~(1u << 16);
|
252
243
|
}
|
253
244
|
|
254
|
-
// Disable ADX instructions on Knights Landing. See OpenSSL commit
|
255
|
-
// 64d92d74985ebb3d0be58a9718f9e080a14a8e7f.
|
256
|
-
if ((ecx & (1u << 26)) == 0) {
|
257
|
-
extended_features[0] &= ~(1u << 19);
|
258
|
-
}
|
259
|
-
|
260
245
|
OPENSSL_ia32cap_P[0] = edx;
|
261
246
|
OPENSSL_ia32cap_P[1] = ecx;
|
262
247
|
OPENSSL_ia32cap_P[2] = extended_features[0];
|
@@ -24,23 +24,6 @@
|
|
24
24
|
static_assert(sizeof(ossl_ssize_t) == sizeof(size_t),
|
25
25
|
"ossl_ssize_t should be the same size as size_t");
|
26
26
|
|
27
|
-
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
|
28
|
-
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
29
|
-
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
30
|
-
// x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
|
31
|
-
// for the asm to work correctly, unless compiled without asm code.
|
32
|
-
#define NEED_CPUID
|
33
|
-
|
34
|
-
#else
|
35
|
-
|
36
|
-
// Otherwise, don't emit a static initialiser.
|
37
|
-
|
38
|
-
#if !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
39
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
40
|
-
#endif
|
41
|
-
|
42
|
-
#endif // !NO_ASM && !STATIC_ARMCAP && (X86 || X86_64 || ARM || AARCH64)
|
43
|
-
|
44
27
|
|
45
28
|
// Our assembly does not use the GOT to reference symbols, which means
|
46
29
|
// references to visible symbols will often require a TEXTREL. This is
|
@@ -79,7 +62,7 @@ HIDDEN uint8_t BORINGSSL_function_hit[7] = {0};
|
|
79
62
|
HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0};
|
80
63
|
|
81
64
|
uint32_t OPENSSL_get_ia32cap(int idx) {
|
82
|
-
|
65
|
+
OPENSSL_init_cpuid();
|
83
66
|
return OPENSSL_ia32cap_P[idx];
|
84
67
|
}
|
85
68
|
|
@@ -121,60 +104,24 @@ HIDDEN uint32_t OPENSSL_armcap_P =
|
|
121
104
|
HIDDEN uint32_t OPENSSL_armcap_P = 0;
|
122
105
|
|
123
106
|
uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
|
124
|
-
|
107
|
+
OPENSSL_init_cpuid();
|
125
108
|
return &OPENSSL_armcap_P;
|
126
109
|
}
|
127
110
|
#endif
|
128
111
|
|
129
112
|
uint32_t OPENSSL_get_armcap(void) {
|
130
|
-
|
113
|
+
OPENSSL_init_cpuid();
|
131
114
|
return OPENSSL_armcap_P;
|
132
115
|
}
|
133
116
|
|
134
117
|
#endif
|
135
118
|
|
136
|
-
#if defined(BORINGSSL_FIPS)
|
137
|
-
// In FIPS mode, the power-on self-test function calls |CRYPTO_library_init|
|
138
|
-
// because we have to ensure that CPUID detection occurs first.
|
139
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
140
|
-
#endif
|
141
|
-
|
142
|
-
#if defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
143
|
-
#define OPENSSL_CDECL __cdecl
|
144
|
-
#else
|
145
|
-
#define OPENSSL_CDECL
|
146
|
-
#endif
|
147
|
-
|
148
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
149
|
-
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
150
|
-
#elif defined(_MSC_VER)
|
151
|
-
#pragma section(".CRT$XCU", read)
|
152
|
-
static void __cdecl do_library_init(void);
|
153
|
-
__declspec(allocate(".CRT$XCU")) void(*library_init_constructor)(void) =
|
154
|
-
do_library_init;
|
155
|
-
#else
|
156
|
-
static void do_library_init(void) __attribute__ ((constructor));
|
157
|
-
#endif
|
158
|
-
|
159
|
-
// do_library_init is the actual initialization function. If
|
160
|
-
// BORINGSSL_NO_STATIC_INITIALIZER isn't defined, this is set as a static
|
161
|
-
// initializer. Otherwise, it is called by CRYPTO_library_init.
|
162
|
-
static void OPENSSL_CDECL do_library_init(void) {
|
163
|
-
// WARNING: this function may only configure the capability variables. See the
|
164
|
-
// note above about the linker bug.
|
165
119
|
#if defined(NEED_CPUID)
|
166
|
-
|
120
|
+
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
121
|
+
void OPENSSL_init_cpuid(void) { CRYPTO_once(&once, OPENSSL_cpuid_setup); }
|
167
122
|
#endif
|
168
|
-
}
|
169
123
|
|
170
|
-
void CRYPTO_library_init(void) {
|
171
|
-
// TODO(davidben): It would be tidier if this build knob could be replaced
|
172
|
-
// with an internal lazy-init mechanism that would handle things correctly
|
173
|
-
// in-library. https://crbug.com/542879
|
174
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
175
|
-
CRYPTO_once(&once, do_library_init);
|
176
|
-
#endif
|
177
|
-
}
|
124
|
+
void CRYPTO_library_init(void) {}
|
178
125
|
|
179
126
|
int CRYPTO_is_confidential_build(void) {
|
180
127
|
#if defined(BORINGSSL_CONFIDENTIAL)
|
@@ -194,7 +141,7 @@ int CRYPTO_has_asm(void) {
|
|
194
141
|
|
195
142
|
void CRYPTO_pre_sandbox_init(void) {
|
196
143
|
// Read from /proc/cpuinfo if needed.
|
197
|
-
|
144
|
+
OPENSSL_init_cpuid();
|
198
145
|
// Open /dev/urandom if needed.
|
199
146
|
CRYPTO_init_sysrand();
|
200
147
|
// Set up MADV_WIPEONFORK state if needed.
|
@@ -235,7 +182,6 @@ int ENGINE_register_all_complete(void) { return 1; }
|
|
235
182
|
void OPENSSL_load_builtin_modules(void) {}
|
236
183
|
|
237
184
|
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
|
238
|
-
CRYPTO_library_init();
|
239
185
|
return 1;
|
240
186
|
}
|
241
187
|
|
@@ -1196,7 +1196,7 @@ int DILITHIUM_generate_key_external_entropy(
|
|
1196
1196
|
|
1197
1197
|
vectork_power2_round(&values->pub.t1, &priv->t0, &values->t);
|
1198
1198
|
// t1 is public.
|
1199
|
-
CONSTTIME_DECLASSIFY(&pub.t1, sizeof(pub.t1));
|
1199
|
+
CONSTTIME_DECLASSIFY(&values->pub.t1, sizeof(values->pub.t1));
|
1200
1200
|
|
1201
1201
|
CBB cbb;
|
1202
1202
|
CBB_init_fixed(&cbb, out_encoded_public_key, DILITHIUM_PUBLIC_KEY_BYTES);
|
@@ -1214,6 +1214,48 @@ err:
|
|
1214
1214
|
return ret;
|
1215
1215
|
}
|
1216
1216
|
|
1217
|
+
int DILITHIUM_public_from_private(
|
1218
|
+
struct DILITHIUM_public_key *out_public_key,
|
1219
|
+
const struct DILITHIUM_private_key *private_key) {
|
1220
|
+
int ret = 0;
|
1221
|
+
|
1222
|
+
// Intermediate values, allocated on the heap to allow use when there is a
|
1223
|
+
// limited amount of stack.
|
1224
|
+
struct values_st {
|
1225
|
+
matrix a_ntt;
|
1226
|
+
vectorl s1_ntt;
|
1227
|
+
vectork t;
|
1228
|
+
vectork t0;
|
1229
|
+
};
|
1230
|
+
struct values_st *values = OPENSSL_malloc(sizeof(*values));
|
1231
|
+
if (values == NULL) {
|
1232
|
+
goto err;
|
1233
|
+
}
|
1234
|
+
|
1235
|
+
const struct private_key *priv = private_key_from_external(private_key);
|
1236
|
+
struct public_key *pub = public_key_from_external(out_public_key);
|
1237
|
+
|
1238
|
+
OPENSSL_memcpy(pub->rho, priv->rho, sizeof(pub->rho));
|
1239
|
+
OPENSSL_memcpy(pub->public_key_hash, priv->public_key_hash,
|
1240
|
+
sizeof(pub->public_key_hash));
|
1241
|
+
|
1242
|
+
matrix_expand(&values->a_ntt, priv->rho);
|
1243
|
+
|
1244
|
+
OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt));
|
1245
|
+
vectorl_ntt(&values->s1_ntt);
|
1246
|
+
|
1247
|
+
matrix_mult(&values->t, &values->a_ntt, &values->s1_ntt);
|
1248
|
+
vectork_inverse_ntt(&values->t);
|
1249
|
+
vectork_add(&values->t, &values->t, &priv->s2);
|
1250
|
+
|
1251
|
+
vectork_power2_round(&pub->t1, &values->t0, &values->t);
|
1252
|
+
|
1253
|
+
ret = 1;
|
1254
|
+
err:
|
1255
|
+
OPENSSL_free(values);
|
1256
|
+
return ret;
|
1257
|
+
}
|
1258
|
+
|
1217
1259
|
// FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure.
|
1218
1260
|
static int dilithium_sign_with_randomizer(
|
1219
1261
|
uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES],
|
@@ -104,3 +104,24 @@ int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
|
|
104
104
|
return aes_nohw_set_decrypt_key(key, bits, aeskey);
|
105
105
|
}
|
106
106
|
}
|
107
|
+
|
108
|
+
#if defined(HWAES) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
|
109
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key|, we implement
|
110
|
+
// |aes_hw_encrypt_key_to_decrypt_key| in assembly and rely on C code to combine
|
111
|
+
// the operations.
|
112
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
113
|
+
int ret = aes_hw_set_encrypt_key(user_key, bits, key);
|
114
|
+
if (ret == 0) {
|
115
|
+
aes_hw_encrypt_key_to_decrypt_key(key);
|
116
|
+
}
|
117
|
+
return ret;
|
118
|
+
}
|
119
|
+
|
120
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
121
|
+
if (aes_hw_set_encrypt_key_alt_preferred()) {
|
122
|
+
return aes_hw_set_encrypt_key_alt(user_key, bits, key);
|
123
|
+
} else {
|
124
|
+
return aes_hw_set_encrypt_key_base(user_key, bits, key);
|
125
|
+
}
|
126
|
+
}
|
127
|
+
#endif
|
@@ -66,17 +66,41 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
|
|
66
66
|
|
67
67
|
#if defined(HWAES)
|
68
68
|
|
69
|
-
int aes_hw_set_encrypt_key(const uint8_t *user_key,
|
70
|
-
|
71
|
-
int aes_hw_set_decrypt_key(const uint8_t *user_key, const int bits,
|
72
|
-
AES_KEY *key);
|
69
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
70
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
73
71
|
void aes_hw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
74
72
|
void aes_hw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
75
73
|
void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
76
|
-
const AES_KEY *key, uint8_t *ivec,
|
74
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
77
75
|
void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len,
|
78
76
|
const AES_KEY *key, const uint8_t ivec[16]);
|
79
77
|
|
78
|
+
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
79
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key| is implemented in terms of
|
80
|
+
// |aes_hw_set_encrypt_key| and a conversion function.
|
81
|
+
void aes_hw_encrypt_key_to_decrypt_key(AES_KEY *key);
|
82
|
+
|
83
|
+
// There are two variants of this function, one which uses aeskeygenassist
|
84
|
+
// ("base") and one which uses aesenclast + pshufb ("alt"). aesenclast is
|
85
|
+
// overall faster but is slower on some older processors. It doesn't use AVX,
|
86
|
+
// but AVX is used as a proxy to detecting this. See
|
87
|
+
// https://groups.google.com/g/mailing.openssl.dev/c/OuFXwW4NfO8/m/7d2ZXVjkxVkJ
|
88
|
+
//
|
89
|
+
// TODO(davidben): It is unclear if the aeskeygenassist version is still
|
90
|
+
// worthwhile. However, the aesenclast version requires SSSE3. SSSE3 long
|
91
|
+
// predates AES-NI, but it's not clear if AES-NI implies SSSE3. In OpenSSL, the
|
92
|
+
// CCM AES-NI assembly seems to assume it does.
|
93
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_capable(void) {
|
94
|
+
return hwaes_capable() && CRYPTO_is_SSSE3_capable();
|
95
|
+
}
|
96
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_preferred(void) {
|
97
|
+
return hwaes_capable() && CRYPTO_is_AVX_capable();
|
98
|
+
}
|
99
|
+
int aes_hw_set_encrypt_key_base(const uint8_t *user_key, int bits,
|
100
|
+
AES_KEY *key);
|
101
|
+
int aes_hw_set_encrypt_key_alt(const uint8_t *user_key, int bits, AES_KEY *key);
|
102
|
+
#endif // OPENSSL_X86 || OPENSSL_X86_64
|
103
|
+
|
80
104
|
#else
|
81
105
|
|
82
106
|
// If HWAES isn't defined then we provide dummy functions for each of the hwaes
|
@@ -120,7 +144,7 @@ OPENSSL_INLINE void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
120
144
|
|
121
145
|
#if defined(HWAES_ECB)
|
122
146
|
void aes_hw_ecb_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
123
|
-
const AES_KEY *key,
|
147
|
+
const AES_KEY *key, int enc);
|
124
148
|
#endif // HWAES_ECB
|
125
149
|
|
126
150
|
|
@@ -218,7 +242,7 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
218
242
|
size_t blocks, const AES_KEY *key,
|
219
243
|
const uint8_t ivec[16]);
|
220
244
|
void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
221
|
-
const AES_KEY *key, uint8_t *ivec,
|
245
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
222
246
|
|
223
247
|
|
224
248
|
#if defined(__cplusplus)
|
@@ -168,8 +168,6 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {}
|
|
168
168
|
|
169
169
|
static void __attribute__((constructor))
|
170
170
|
BORINGSSL_bcm_power_on_self_test(void) {
|
171
|
-
CRYPTO_library_init();
|
172
|
-
|
173
171
|
#if !defined(OPENSSL_ASAN)
|
174
172
|
// Integrity tests cannot run under ASAN because it involves reading the full
|
175
173
|
// .text section, which triggers the global-buffer overflow detection.
|