grpc 1.65.1 → 1.65.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +1 -1
- data/src/core/client_channel/subchannel.cc +10 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +6 -6
- data/src/core/handshaker/http_connect/http_proxy_mapper.cc +7 -10
- data/src/core/lib/compression/message_compress.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +6 -6
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +7 -4
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +4 -2
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +5 -4
- data/src/core/lib/experiments/config.cc +11 -9
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +4 -4
- data/src/core/lib/iomgr/socket_windows.cc +3 -3
- data/src/core/lib/iomgr/tcp_posix.cc +2 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -12
- data/src/core/lib/iomgr/tcp_server_windows.cc +2 -2
- data/src/core/lib/promise/party.cc +4 -4
- data/src/core/load_balancing/grpclb/grpclb.cc +14 -15
- data/src/core/util/log.cc +2 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +7 -61
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +43 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +21 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +31 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +6 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +10 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +26 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +83 -33
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -8
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +14 -13
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +22 -16
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +15 -15
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -27
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +59 -20
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +1 -1
- metadata +3 -3
@@ -24,23 +24,6 @@
|
|
24
24
|
static_assert(sizeof(ossl_ssize_t) == sizeof(size_t),
|
25
25
|
"ossl_ssize_t should be the same size as size_t");
|
26
26
|
|
27
|
-
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
|
28
|
-
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
29
|
-
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
30
|
-
// x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
|
31
|
-
// for the asm to work correctly, unless compiled without asm code.
|
32
|
-
#define NEED_CPUID
|
33
|
-
|
34
|
-
#else
|
35
|
-
|
36
|
-
// Otherwise, don't emit a static initialiser.
|
37
|
-
|
38
|
-
#if !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
39
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
40
|
-
#endif
|
41
|
-
|
42
|
-
#endif // !NO_ASM && !STATIC_ARMCAP && (X86 || X86_64 || ARM || AARCH64)
|
43
|
-
|
44
27
|
|
45
28
|
// Our assembly does not use the GOT to reference symbols, which means
|
46
29
|
// references to visible symbols will often require a TEXTREL. This is
|
@@ -79,7 +62,7 @@ HIDDEN uint8_t BORINGSSL_function_hit[7] = {0};
|
|
79
62
|
HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0};
|
80
63
|
|
81
64
|
uint32_t OPENSSL_get_ia32cap(int idx) {
|
82
|
-
|
65
|
+
OPENSSL_init_cpuid();
|
83
66
|
return OPENSSL_ia32cap_P[idx];
|
84
67
|
}
|
85
68
|
|
@@ -121,60 +104,24 @@ HIDDEN uint32_t OPENSSL_armcap_P =
|
|
121
104
|
HIDDEN uint32_t OPENSSL_armcap_P = 0;
|
122
105
|
|
123
106
|
uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
|
124
|
-
|
107
|
+
OPENSSL_init_cpuid();
|
125
108
|
return &OPENSSL_armcap_P;
|
126
109
|
}
|
127
110
|
#endif
|
128
111
|
|
129
112
|
uint32_t OPENSSL_get_armcap(void) {
|
130
|
-
|
113
|
+
OPENSSL_init_cpuid();
|
131
114
|
return OPENSSL_armcap_P;
|
132
115
|
}
|
133
116
|
|
134
117
|
#endif
|
135
118
|
|
136
|
-
#if defined(BORINGSSL_FIPS)
|
137
|
-
// In FIPS mode, the power-on self-test function calls |CRYPTO_library_init|
|
138
|
-
// because we have to ensure that CPUID detection occurs first.
|
139
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
140
|
-
#endif
|
141
|
-
|
142
|
-
#if defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
143
|
-
#define OPENSSL_CDECL __cdecl
|
144
|
-
#else
|
145
|
-
#define OPENSSL_CDECL
|
146
|
-
#endif
|
147
|
-
|
148
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
149
|
-
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
150
|
-
#elif defined(_MSC_VER)
|
151
|
-
#pragma section(".CRT$XCU", read)
|
152
|
-
static void __cdecl do_library_init(void);
|
153
|
-
__declspec(allocate(".CRT$XCU")) void(*library_init_constructor)(void) =
|
154
|
-
do_library_init;
|
155
|
-
#else
|
156
|
-
static void do_library_init(void) __attribute__ ((constructor));
|
157
|
-
#endif
|
158
|
-
|
159
|
-
// do_library_init is the actual initialization function. If
|
160
|
-
// BORINGSSL_NO_STATIC_INITIALIZER isn't defined, this is set as a static
|
161
|
-
// initializer. Otherwise, it is called by CRYPTO_library_init.
|
162
|
-
static void OPENSSL_CDECL do_library_init(void) {
|
163
|
-
// WARNING: this function may only configure the capability variables. See the
|
164
|
-
// note above about the linker bug.
|
165
119
|
#if defined(NEED_CPUID)
|
166
|
-
|
120
|
+
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
121
|
+
void OPENSSL_init_cpuid(void) { CRYPTO_once(&once, OPENSSL_cpuid_setup); }
|
167
122
|
#endif
|
168
|
-
}
|
169
123
|
|
170
|
-
void CRYPTO_library_init(void) {
|
171
|
-
// TODO(davidben): It would be tidier if this build knob could be replaced
|
172
|
-
// with an internal lazy-init mechanism that would handle things correctly
|
173
|
-
// in-library. https://crbug.com/542879
|
174
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
175
|
-
CRYPTO_once(&once, do_library_init);
|
176
|
-
#endif
|
177
|
-
}
|
124
|
+
void CRYPTO_library_init(void) {}
|
178
125
|
|
179
126
|
int CRYPTO_is_confidential_build(void) {
|
180
127
|
#if defined(BORINGSSL_CONFIDENTIAL)
|
@@ -194,7 +141,7 @@ int CRYPTO_has_asm(void) {
|
|
194
141
|
|
195
142
|
void CRYPTO_pre_sandbox_init(void) {
|
196
143
|
// Read from /proc/cpuinfo if needed.
|
197
|
-
|
144
|
+
OPENSSL_init_cpuid();
|
198
145
|
// Open /dev/urandom if needed.
|
199
146
|
CRYPTO_init_sysrand();
|
200
147
|
// Set up MADV_WIPEONFORK state if needed.
|
@@ -235,7 +182,6 @@ int ENGINE_register_all_complete(void) { return 1; }
|
|
235
182
|
void OPENSSL_load_builtin_modules(void) {}
|
236
183
|
|
237
184
|
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
|
238
|
-
CRYPTO_library_init();
|
239
185
|
return 1;
|
240
186
|
}
|
241
187
|
|
@@ -1196,7 +1196,7 @@ int DILITHIUM_generate_key_external_entropy(
|
|
1196
1196
|
|
1197
1197
|
vectork_power2_round(&values->pub.t1, &priv->t0, &values->t);
|
1198
1198
|
// t1 is public.
|
1199
|
-
CONSTTIME_DECLASSIFY(&pub.t1, sizeof(pub.t1));
|
1199
|
+
CONSTTIME_DECLASSIFY(&values->pub.t1, sizeof(values->pub.t1));
|
1200
1200
|
|
1201
1201
|
CBB cbb;
|
1202
1202
|
CBB_init_fixed(&cbb, out_encoded_public_key, DILITHIUM_PUBLIC_KEY_BYTES);
|
@@ -1214,6 +1214,48 @@ err:
|
|
1214
1214
|
return ret;
|
1215
1215
|
}
|
1216
1216
|
|
1217
|
+
int DILITHIUM_public_from_private(
|
1218
|
+
struct DILITHIUM_public_key *out_public_key,
|
1219
|
+
const struct DILITHIUM_private_key *private_key) {
|
1220
|
+
int ret = 0;
|
1221
|
+
|
1222
|
+
// Intermediate values, allocated on the heap to allow use when there is a
|
1223
|
+
// limited amount of stack.
|
1224
|
+
struct values_st {
|
1225
|
+
matrix a_ntt;
|
1226
|
+
vectorl s1_ntt;
|
1227
|
+
vectork t;
|
1228
|
+
vectork t0;
|
1229
|
+
};
|
1230
|
+
struct values_st *values = OPENSSL_malloc(sizeof(*values));
|
1231
|
+
if (values == NULL) {
|
1232
|
+
goto err;
|
1233
|
+
}
|
1234
|
+
|
1235
|
+
const struct private_key *priv = private_key_from_external(private_key);
|
1236
|
+
struct public_key *pub = public_key_from_external(out_public_key);
|
1237
|
+
|
1238
|
+
OPENSSL_memcpy(pub->rho, priv->rho, sizeof(pub->rho));
|
1239
|
+
OPENSSL_memcpy(pub->public_key_hash, priv->public_key_hash,
|
1240
|
+
sizeof(pub->public_key_hash));
|
1241
|
+
|
1242
|
+
matrix_expand(&values->a_ntt, priv->rho);
|
1243
|
+
|
1244
|
+
OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt));
|
1245
|
+
vectorl_ntt(&values->s1_ntt);
|
1246
|
+
|
1247
|
+
matrix_mult(&values->t, &values->a_ntt, &values->s1_ntt);
|
1248
|
+
vectork_inverse_ntt(&values->t);
|
1249
|
+
vectork_add(&values->t, &values->t, &priv->s2);
|
1250
|
+
|
1251
|
+
vectork_power2_round(&pub->t1, &values->t0, &values->t);
|
1252
|
+
|
1253
|
+
ret = 1;
|
1254
|
+
err:
|
1255
|
+
OPENSSL_free(values);
|
1256
|
+
return ret;
|
1257
|
+
}
|
1258
|
+
|
1217
1259
|
// FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure.
|
1218
1260
|
static int dilithium_sign_with_randomizer(
|
1219
1261
|
uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES],
|
@@ -104,3 +104,24 @@ int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
|
|
104
104
|
return aes_nohw_set_decrypt_key(key, bits, aeskey);
|
105
105
|
}
|
106
106
|
}
|
107
|
+
|
108
|
+
#if defined(HWAES) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
|
109
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key|, we implement
|
110
|
+
// |aes_hw_encrypt_key_to_decrypt_key| in assembly and rely on C code to combine
|
111
|
+
// the operations.
|
112
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
113
|
+
int ret = aes_hw_set_encrypt_key(user_key, bits, key);
|
114
|
+
if (ret == 0) {
|
115
|
+
aes_hw_encrypt_key_to_decrypt_key(key);
|
116
|
+
}
|
117
|
+
return ret;
|
118
|
+
}
|
119
|
+
|
120
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
121
|
+
if (aes_hw_set_encrypt_key_alt_preferred()) {
|
122
|
+
return aes_hw_set_encrypt_key_alt(user_key, bits, key);
|
123
|
+
} else {
|
124
|
+
return aes_hw_set_encrypt_key_base(user_key, bits, key);
|
125
|
+
}
|
126
|
+
}
|
127
|
+
#endif
|
@@ -66,17 +66,41 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
|
|
66
66
|
|
67
67
|
#if defined(HWAES)
|
68
68
|
|
69
|
-
int aes_hw_set_encrypt_key(const uint8_t *user_key,
|
70
|
-
|
71
|
-
int aes_hw_set_decrypt_key(const uint8_t *user_key, const int bits,
|
72
|
-
AES_KEY *key);
|
69
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
70
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
73
71
|
void aes_hw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
74
72
|
void aes_hw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
75
73
|
void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
76
|
-
const AES_KEY *key, uint8_t *ivec,
|
74
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
77
75
|
void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len,
|
78
76
|
const AES_KEY *key, const uint8_t ivec[16]);
|
79
77
|
|
78
|
+
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
79
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key| is implemented in terms of
|
80
|
+
// |aes_hw_set_encrypt_key| and a conversion function.
|
81
|
+
void aes_hw_encrypt_key_to_decrypt_key(AES_KEY *key);
|
82
|
+
|
83
|
+
// There are two variants of this function, one which uses aeskeygenassist
|
84
|
+
// ("base") and one which uses aesenclast + pshufb ("alt"). aesenclast is
|
85
|
+
// overall faster but is slower on some older processors. It doesn't use AVX,
|
86
|
+
// but AVX is used as a proxy to detecting this. See
|
87
|
+
// https://groups.google.com/g/mailing.openssl.dev/c/OuFXwW4NfO8/m/7d2ZXVjkxVkJ
|
88
|
+
//
|
89
|
+
// TODO(davidben): It is unclear if the aeskeygenassist version is still
|
90
|
+
// worthwhile. However, the aesenclast version requires SSSE3. SSSE3 long
|
91
|
+
// predates AES-NI, but it's not clear if AES-NI implies SSSE3. In OpenSSL, the
|
92
|
+
// CCM AES-NI assembly seems to assume it does.
|
93
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_capable(void) {
|
94
|
+
return hwaes_capable() && CRYPTO_is_SSSE3_capable();
|
95
|
+
}
|
96
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_preferred(void) {
|
97
|
+
return hwaes_capable() && CRYPTO_is_AVX_capable();
|
98
|
+
}
|
99
|
+
int aes_hw_set_encrypt_key_base(const uint8_t *user_key, int bits,
|
100
|
+
AES_KEY *key);
|
101
|
+
int aes_hw_set_encrypt_key_alt(const uint8_t *user_key, int bits, AES_KEY *key);
|
102
|
+
#endif // OPENSSL_X86 || OPENSSL_X86_64
|
103
|
+
|
80
104
|
#else
|
81
105
|
|
82
106
|
// If HWAES isn't defined then we provide dummy functions for each of the hwaes
|
@@ -120,7 +144,7 @@ OPENSSL_INLINE void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
120
144
|
|
121
145
|
#if defined(HWAES_ECB)
|
122
146
|
void aes_hw_ecb_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
123
|
-
const AES_KEY *key,
|
147
|
+
const AES_KEY *key, int enc);
|
124
148
|
#endif // HWAES_ECB
|
125
149
|
|
126
150
|
|
@@ -218,7 +242,7 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
218
242
|
size_t blocks, const AES_KEY *key,
|
219
243
|
const uint8_t ivec[16]);
|
220
244
|
void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
221
|
-
const AES_KEY *key, uint8_t *ivec,
|
245
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
222
246
|
|
223
247
|
|
224
248
|
#if defined(__cplusplus)
|
@@ -168,8 +168,6 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {}
|
|
168
168
|
|
169
169
|
static void __attribute__((constructor))
|
170
170
|
BORINGSSL_bcm_power_on_self_test(void) {
|
171
|
-
CRYPTO_library_init();
|
172
|
-
|
173
171
|
#if !defined(OPENSSL_ASAN)
|
174
172
|
// Integrity tests cannot run under ASAN because it involves reading the full
|
175
173
|
// .text section, which triggers the global-buffer overflow detection.
|
@@ -612,6 +612,11 @@ static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
|
|
612
612
|
}
|
613
613
|
|
614
614
|
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) {
|
615
|
+
// TODO(crbug.com/42290548): The x86_64 assembly depends on initializing
|
616
|
+
// |OPENSSL_ia32cap_P|. Move the dispatch to C. For now, explicitly initialize
|
617
|
+
// things.
|
618
|
+
OPENSSL_init_cpuid();
|
619
|
+
|
615
620
|
out->point_get_affine_coordinates = ecp_nistz256_get_affine;
|
616
621
|
out->add = ecp_nistz256_add;
|
617
622
|
out->dbl = ecp_nistz256_dbl;
|
@@ -72,7 +72,8 @@ int FIPS_query_algorithm_status(const char *algorithm) {
|
|
72
72
|
#if defined(BORINGSSL_FIPS_COUNTERS)
|
73
73
|
|
74
74
|
size_t FIPS_read_counter(enum fips_counter_t counter) {
|
75
|
-
|
75
|
+
size_t index = (size_t)counter;
|
76
|
+
if (index > fips_counter_max) {
|
76
77
|
abort();
|
77
78
|
}
|
78
79
|
|
@@ -82,11 +83,12 @@ size_t FIPS_read_counter(enum fips_counter_t counter) {
|
|
82
83
|
return 0;
|
83
84
|
}
|
84
85
|
|
85
|
-
return array[
|
86
|
+
return array[index];
|
86
87
|
}
|
87
88
|
|
88
89
|
void boringssl_fips_inc_counter(enum fips_counter_t counter) {
|
89
|
-
|
90
|
+
size_t index = (size_t)counter;
|
91
|
+
if (index > fips_counter_max) {
|
90
92
|
abort();
|
91
93
|
}
|
92
94
|
|
@@ -106,7 +108,7 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) {
|
|
106
108
|
}
|
107
109
|
}
|
108
110
|
|
109
|
-
array[
|
111
|
+
array[index]++;
|
110
112
|
}
|
111
113
|
|
112
114
|
#else
|
@@ -180,17 +180,29 @@ extern "C" {
|
|
180
180
|
#endif
|
181
181
|
|
182
182
|
|
183
|
-
#if defined(
|
184
|
-
defined(
|
185
|
-
|
183
|
+
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
|
184
|
+
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
185
|
+
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
186
|
+
// x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
|
187
|
+
// for the asm to work correctly, unless compiled without asm code.
|
188
|
+
#define NEED_CPUID
|
189
|
+
|
190
|
+
// OPENSSL_cpuid_setup initializes the platform-specific feature cache. This
|
191
|
+
// function should not be called directly. Call |OPENSSL_init_cpuid| instead.
|
186
192
|
void OPENSSL_cpuid_setup(void);
|
193
|
+
|
194
|
+
// OPENSSL_init_cpuid initializes the platform-specific feature cache, if
|
195
|
+
// needed. This function is idempotent and may be called concurrently.
|
196
|
+
void OPENSSL_init_cpuid(void);
|
197
|
+
#else
|
198
|
+
OPENSSL_INLINE void OPENSSL_init_cpuid(void) {}
|
187
199
|
#endif
|
188
200
|
|
189
201
|
#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
|
190
202
|
!defined(OPENSSL_STATIC_ARMCAP)
|
191
203
|
// OPENSSL_get_armcap_pointer_for_test returns a pointer to |OPENSSL_armcap_P|
|
192
|
-
// for unit tests. Any modifications to the value must be made
|
193
|
-
//
|
204
|
+
// for unit tests. Any modifications to the value must be made before any other
|
205
|
+
// function call in BoringSSL.
|
194
206
|
OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void);
|
195
207
|
#endif
|
196
208
|
|
@@ -1521,7 +1533,6 @@ OPENSSL_INLINE int CRYPTO_is_x86_SHA_capable(void) {
|
|
1521
1533
|
// otherwise select. See chacha-x86_64.pl.
|
1522
1534
|
//
|
1523
1535
|
// Bonnell, Silvermont's predecessor in the Atom lineup, will also be matched by
|
1524
|
-
// this. |OPENSSL_cpuid_setup| forces Knights Landing to also be matched by
|
1525
1536
|
// this. Goldmont (Silvermont's successor in the Atom lineup) added XSAVE so it
|
1526
1537
|
// isn't matched by this. Various sources indicate AMD first implemented MOVBE
|
1527
1538
|
// and XSAVE at the same time in Jaguar, so it seems like AMD chips will not be
|
@@ -1530,11 +1541,12 @@ OPENSSL_INLINE int CRYPTO_cpu_perf_is_like_silvermont(void) {
|
|
1530
1541
|
// WARNING: This MUST NOT be used to guard the execution of the XSAVE
|
1531
1542
|
// instruction. This is the "hardware supports XSAVE" bit, not the OSXSAVE bit
|
1532
1543
|
// that indicates whether we can safely execute XSAVE. This bit may be set
|
1533
|
-
// even when XSAVE is disabled (by the operating system). See the
|
1534
|
-
//
|
1544
|
+
// even when XSAVE is disabled (by the operating system). See how the users of
|
1545
|
+
// this bit use it.
|
1535
1546
|
//
|
1536
|
-
//
|
1537
|
-
//
|
1547
|
+
// Historically, the XSAVE bit was artificially cleared on Knights Landing
|
1548
|
+
// and Knights Mill chips, but as Intel has removed all support from GCC,
|
1549
|
+
// LLVM, and SDE, we assume they are no longer worth special-casing.
|
1538
1550
|
int hardware_supports_xsave = (OPENSSL_get_ia32cap(1) & (1u << 26)) != 0;
|
1539
1551
|
return !hardware_supports_xsave && CRYPTO_is_MOVBE_capable();
|
1540
1552
|
}
|
@@ -32,18 +32,9 @@ extern "C" {
|
|
32
32
|
#endif
|
33
33
|
|
34
34
|
|
35
|
-
// crypto.h contains functions for
|
35
|
+
// crypto.h contains functions for library-wide initialization and properties.
|
36
36
|
|
37
37
|
|
38
|
-
// CRYPTO_library_init initializes the crypto library. It must be called if the
|
39
|
-
// library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does
|
40
|
-
// nothing and a static initializer is used instead. It is safe to call this
|
41
|
-
// function multiple times and concurrently from multiple threads.
|
42
|
-
//
|
43
|
-
// On some ARM configurations, this function may require filesystem access and
|
44
|
-
// should be called before entering a sandbox.
|
45
|
-
OPENSSL_EXPORT void CRYPTO_library_init(void);
|
46
|
-
|
47
38
|
// CRYPTO_is_confidential_build returns one if the linked version of BoringSSL
|
48
39
|
// has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise.
|
49
40
|
//
|
@@ -164,7 +155,7 @@ OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
|
|
164
155
|
#define OPENSSL_INIT_NO_LOAD_CONFIG 0
|
165
156
|
#define OPENSSL_INIT_NO_ATEXIT 0
|
166
157
|
|
167
|
-
// OPENSSL_init_crypto
|
158
|
+
// OPENSSL_init_crypto returns one.
|
168
159
|
OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
|
169
160
|
const OPENSSL_INIT_SETTINGS *settings);
|
170
161
|
|
@@ -199,6 +190,10 @@ OPENSSL_EXPORT int FIPS_query_algorithm_status(const char *algorithm);
|
|
199
190
|
OPENSSL_EXPORT int CRYPTO_has_broken_NEON(void);
|
200
191
|
#endif
|
201
192
|
|
193
|
+
// CRYPTO_library_init does nothing. Historically, it was needed in some build
|
194
|
+
// configurations to initialization the library. This is no longer necessary.
|
195
|
+
OPENSSL_EXPORT void CRYPTO_library_init(void);
|
196
|
+
|
202
197
|
|
203
198
|
#if defined(__cplusplus)
|
204
199
|
} // extern C
|
@@ -70,6 +70,12 @@ OPENSSL_EXPORT int DILITHIUM_generate_key(
|
|
70
70
|
uint8_t out_encoded_public_key[DILITHIUM_PUBLIC_KEY_BYTES],
|
71
71
|
struct DILITHIUM_private_key *out_private_key);
|
72
72
|
|
73
|
+
// DILITHIUM_public_from_private sets |*out_public_key| to the public key that
|
74
|
+
// corresponds to |private_key|. Returns 1 on success and 0 on failure.
|
75
|
+
OPENSSL_EXPORT int DILITHIUM_public_from_private(
|
76
|
+
struct DILITHIUM_public_key *out_public_key,
|
77
|
+
const struct DILITHIUM_private_key *private_key);
|
78
|
+
|
73
79
|
// DILITHIUM_sign generates a signature for the message |msg| of length
|
74
80
|
// |msg_len| using |private_key| following the randomized algorithm, and writes
|
75
81
|
// the encoded signature to |out_encoded_signature|. Returns 1 on success and 0
|
@@ -22,6 +22,14 @@ extern "C" {
|
|
22
22
|
#endif
|
23
23
|
|
24
24
|
|
25
|
+
#if defined(OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER)
|
26
|
+
// This header implements experimental, draft versions of not-yet-standardized
|
27
|
+
// primitives. When the standard is complete, these functions will be removed
|
28
|
+
// and replaced with the final, incompatible standard version. They are
|
29
|
+
// available now for short-lived experiments, but must not be deployed anywhere
|
30
|
+
// durable, such as a long-lived key store. To use these functions define
|
31
|
+
// OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
|
32
|
+
|
25
33
|
// Kyber768.
|
26
34
|
//
|
27
35
|
// This implements the round-3 specification of Kyber, defined at
|
@@ -128,6 +136,8 @@ OPENSSL_EXPORT int KYBER_marshal_private_key(
|
|
128
136
|
OPENSSL_EXPORT int KYBER_parse_private_key(
|
129
137
|
struct KYBER_private_key *out_private_key, CBS *in);
|
130
138
|
|
139
|
+
#endif // OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
|
140
|
+
|
131
141
|
|
132
142
|
#if defined(__cplusplus)
|
133
143
|
} // extern C
|
@@ -49,6 +49,16 @@ class SpanBase {
|
|
49
49
|
|
50
50
|
friend bool operator!=(Span<T> lhs, Span<T> rhs) { return !(lhs == rhs); }
|
51
51
|
};
|
52
|
+
|
53
|
+
// Heuristically test whether C is a container type that can be converted into
|
54
|
+
// a Span<T> by checking for data() and size() member functions.
|
55
|
+
//
|
56
|
+
// TODO(davidben): Require C++17 support for std::is_convertible_v, etc.
|
57
|
+
template <typename C, typename T>
|
58
|
+
using EnableIfContainer = std::enable_if_t<
|
59
|
+
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
|
60
|
+
std::is_integral<decltype(std::declval<C>().size())>::value>;
|
61
|
+
|
52
62
|
} // namespace internal
|
53
63
|
|
54
64
|
// A Span<T> is a non-owning reference to a contiguous array of objects of type
|
@@ -84,16 +94,6 @@ class SpanBase {
|
|
84
94
|
// a reference or pointer to a container or array.
|
85
95
|
template <typename T>
|
86
96
|
class Span : private internal::SpanBase<const T> {
|
87
|
-
private:
|
88
|
-
// Heuristically test whether C is a container type that can be converted into
|
89
|
-
// a Span by checking for data() and size() member functions.
|
90
|
-
//
|
91
|
-
// TODO(davidben): Require C++17 support for std::is_convertible_v, etc.
|
92
|
-
template <typename C>
|
93
|
-
using EnableIfContainer = std::enable_if_t<
|
94
|
-
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
|
95
|
-
std::is_integral<decltype(std::declval<C>().size())>::value>;
|
96
|
-
|
97
97
|
public:
|
98
98
|
static const size_t npos = static_cast<size_t>(-1);
|
99
99
|
|
@@ -114,12 +114,12 @@ class Span : private internal::SpanBase<const T> {
|
|
114
114
|
template <size_t N>
|
115
115
|
constexpr Span(T (&array)[N]) : Span(array, N) {}
|
116
116
|
|
117
|
-
template <typename C, typename = EnableIfContainer<C>,
|
117
|
+
template <typename C, typename = internal::EnableIfContainer<C, T>,
|
118
118
|
typename = std::enable_if_t<std::is_const<T>::value, C>>
|
119
119
|
constexpr Span(const C &container)
|
120
120
|
: data_(container.data()), size_(container.size()) {}
|
121
121
|
|
122
|
-
template <typename C, typename = EnableIfContainer<C>,
|
122
|
+
template <typename C, typename = internal::EnableIfContainer<C, T>,
|
123
123
|
typename = std::enable_if_t<!std::is_const<T>::value, C>>
|
124
124
|
constexpr explicit Span(C &container)
|
125
125
|
: data_(container.data()), size_(container.size()) {}
|
@@ -188,6 +188,20 @@ class Span : private internal::SpanBase<const T> {
|
|
188
188
|
template <typename T>
|
189
189
|
const size_t Span<T>::npos;
|
190
190
|
|
191
|
+
#if __cplusplus >= 201703L
|
192
|
+
template <typename T>
|
193
|
+
Span(T *, size_t) -> Span<T>;
|
194
|
+
template <typename T, size_t size>
|
195
|
+
Span(T (&array)[size]) -> Span<T>;
|
196
|
+
template <
|
197
|
+
typename C,
|
198
|
+
typename T = std::remove_pointer_t<decltype(std::declval<C>().data())>,
|
199
|
+
typename = internal::EnableIfContainer<C, T>>
|
200
|
+
Span(C &) -> Span<T>;
|
201
|
+
#endif
|
202
|
+
|
203
|
+
// C++17 callers can instead rely on CTAD and the deduction guides defined
|
204
|
+
// above.
|
191
205
|
template <typename T>
|
192
206
|
constexpr Span<T> MakeSpan(T *ptr, size_t size) {
|
193
207
|
return Span<T>(ptr, size);
|