grpc 1.65.1 → 1.65.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1 -1
  3. data/src/core/client_channel/subchannel.cc +10 -7
  4. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +3 -1
  5. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +6 -6
  6. data/src/core/handshaker/http_connect/http_proxy_mapper.cc +7 -10
  7. data/src/core/lib/compression/message_compress.cc +3 -3
  8. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +3 -3
  9. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -1
  10. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +6 -6
  11. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +7 -4
  12. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -1
  13. data/src/core/lib/event_engine/windows/win_socket.cc +4 -2
  14. data/src/core/lib/event_engine/windows/windows_endpoint.cc +5 -4
  15. data/src/core/lib/experiments/config.cc +11 -9
  16. data/src/core/lib/iomgr/endpoint_pair_windows.cc +4 -4
  17. data/src/core/lib/iomgr/socket_windows.cc +3 -3
  18. data/src/core/lib/iomgr/tcp_posix.cc +2 -1
  19. data/src/core/lib/iomgr/tcp_server_posix.cc +9 -12
  20. data/src/core/lib/iomgr/tcp_server_windows.cc +2 -2
  21. data/src/core/lib/promise/party.cc +4 -4
  22. data/src/core/load_balancing/grpclb/grpclb.cc +14 -15
  23. data/src/core/util/log.cc +2 -2
  24. data/src/ruby/lib/grpc/version.rb +1 -1
  25. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +3 -5
  26. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +7 -0
  27. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.c +4 -1
  28. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +0 -15
  29. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +7 -61
  30. data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +43 -1
  31. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +21 -0
  32. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +31 -7
  33. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +0 -2
  34. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +5 -0
  35. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +6 -4
  36. data/third_party/boringssl-with-bazel/src/crypto/internal.h +22 -10
  37. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +1 -0
  38. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +6 -11
  39. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +6 -0
  40. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +10 -0
  41. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +26 -12
  42. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +83 -33
  43. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -8
  44. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +4 -4
  45. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +14 -13
  46. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +22 -16
  47. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -1
  48. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +2 -1
  49. data/third_party/boringssl-with-bazel/src/ssl/internal.h +15 -15
  50. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +1 -0
  51. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -27
  52. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +59 -20
  53. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +1 -1
  54. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +2 -1
  55. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +1 -1
  56. metadata +3 -3
@@ -24,23 +24,6 @@
24
24
  static_assert(sizeof(ossl_ssize_t) == sizeof(size_t),
25
25
  "ossl_ssize_t should be the same size as size_t");
26
26
 
27
- #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
28
- (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
29
- defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
30
- // x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
31
- // for the asm to work correctly, unless compiled without asm code.
32
- #define NEED_CPUID
33
-
34
- #else
35
-
36
- // Otherwise, don't emit a static initialiser.
37
-
38
- #if !defined(BORINGSSL_NO_STATIC_INITIALIZER)
39
- #define BORINGSSL_NO_STATIC_INITIALIZER
40
- #endif
41
-
42
- #endif // !NO_ASM && !STATIC_ARMCAP && (X86 || X86_64 || ARM || AARCH64)
43
-
44
27
 
45
28
  // Our assembly does not use the GOT to reference symbols, which means
46
29
  // references to visible symbols will often require a TEXTREL. This is
@@ -79,7 +62,7 @@ HIDDEN uint8_t BORINGSSL_function_hit[7] = {0};
79
62
  HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0};
80
63
 
81
64
  uint32_t OPENSSL_get_ia32cap(int idx) {
82
- CRYPTO_library_init();
65
+ OPENSSL_init_cpuid();
83
66
  return OPENSSL_ia32cap_P[idx];
84
67
  }
85
68
 
@@ -121,60 +104,24 @@ HIDDEN uint32_t OPENSSL_armcap_P =
121
104
  HIDDEN uint32_t OPENSSL_armcap_P = 0;
122
105
 
123
106
  uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
124
- CRYPTO_library_init();
107
+ OPENSSL_init_cpuid();
125
108
  return &OPENSSL_armcap_P;
126
109
  }
127
110
  #endif
128
111
 
129
112
  uint32_t OPENSSL_get_armcap(void) {
130
- CRYPTO_library_init();
113
+ OPENSSL_init_cpuid();
131
114
  return OPENSSL_armcap_P;
132
115
  }
133
116
 
134
117
  #endif
135
118
 
136
- #if defined(BORINGSSL_FIPS)
137
- // In FIPS mode, the power-on self-test function calls |CRYPTO_library_init|
138
- // because we have to ensure that CPUID detection occurs first.
139
- #define BORINGSSL_NO_STATIC_INITIALIZER
140
- #endif
141
-
142
- #if defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_NO_STATIC_INITIALIZER)
143
- #define OPENSSL_CDECL __cdecl
144
- #else
145
- #define OPENSSL_CDECL
146
- #endif
147
-
148
- #if defined(BORINGSSL_NO_STATIC_INITIALIZER)
149
- static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
150
- #elif defined(_MSC_VER)
151
- #pragma section(".CRT$XCU", read)
152
- static void __cdecl do_library_init(void);
153
- __declspec(allocate(".CRT$XCU")) void(*library_init_constructor)(void) =
154
- do_library_init;
155
- #else
156
- static void do_library_init(void) __attribute__ ((constructor));
157
- #endif
158
-
159
- // do_library_init is the actual initialization function. If
160
- // BORINGSSL_NO_STATIC_INITIALIZER isn't defined, this is set as a static
161
- // initializer. Otherwise, it is called by CRYPTO_library_init.
162
- static void OPENSSL_CDECL do_library_init(void) {
163
- // WARNING: this function may only configure the capability variables. See the
164
- // note above about the linker bug.
165
119
  #if defined(NEED_CPUID)
166
- OPENSSL_cpuid_setup();
120
+ static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
121
+ void OPENSSL_init_cpuid(void) { CRYPTO_once(&once, OPENSSL_cpuid_setup); }
167
122
  #endif
168
- }
169
123
 
170
- void CRYPTO_library_init(void) {
171
- // TODO(davidben): It would be tidier if this build knob could be replaced
172
- // with an internal lazy-init mechanism that would handle things correctly
173
- // in-library. https://crbug.com/542879
174
- #if defined(BORINGSSL_NO_STATIC_INITIALIZER)
175
- CRYPTO_once(&once, do_library_init);
176
- #endif
177
- }
124
+ void CRYPTO_library_init(void) {}
178
125
 
179
126
  int CRYPTO_is_confidential_build(void) {
180
127
  #if defined(BORINGSSL_CONFIDENTIAL)
@@ -194,7 +141,7 @@ int CRYPTO_has_asm(void) {
194
141
 
195
142
  void CRYPTO_pre_sandbox_init(void) {
196
143
  // Read from /proc/cpuinfo if needed.
197
- CRYPTO_library_init();
144
+ OPENSSL_init_cpuid();
198
145
  // Open /dev/urandom if needed.
199
146
  CRYPTO_init_sysrand();
200
147
  // Set up MADV_WIPEONFORK state if needed.
@@ -235,7 +182,6 @@ int ENGINE_register_all_complete(void) { return 1; }
235
182
  void OPENSSL_load_builtin_modules(void) {}
236
183
 
237
184
  int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
238
- CRYPTO_library_init();
239
185
  return 1;
240
186
  }
241
187
 
@@ -1196,7 +1196,7 @@ int DILITHIUM_generate_key_external_entropy(
1196
1196
 
1197
1197
  vectork_power2_round(&values->pub.t1, &priv->t0, &values->t);
1198
1198
  // t1 is public.
1199
- CONSTTIME_DECLASSIFY(&pub.t1, sizeof(pub.t1));
1199
+ CONSTTIME_DECLASSIFY(&values->pub.t1, sizeof(values->pub.t1));
1200
1200
 
1201
1201
  CBB cbb;
1202
1202
  CBB_init_fixed(&cbb, out_encoded_public_key, DILITHIUM_PUBLIC_KEY_BYTES);
@@ -1214,6 +1214,48 @@ err:
1214
1214
  return ret;
1215
1215
  }
1216
1216
 
1217
+ int DILITHIUM_public_from_private(
1218
+ struct DILITHIUM_public_key *out_public_key,
1219
+ const struct DILITHIUM_private_key *private_key) {
1220
+ int ret = 0;
1221
+
1222
+ // Intermediate values, allocated on the heap to allow use when there is a
1223
+ // limited amount of stack.
1224
+ struct values_st {
1225
+ matrix a_ntt;
1226
+ vectorl s1_ntt;
1227
+ vectork t;
1228
+ vectork t0;
1229
+ };
1230
+ struct values_st *values = OPENSSL_malloc(sizeof(*values));
1231
+ if (values == NULL) {
1232
+ goto err;
1233
+ }
1234
+
1235
+ const struct private_key *priv = private_key_from_external(private_key);
1236
+ struct public_key *pub = public_key_from_external(out_public_key);
1237
+
1238
+ OPENSSL_memcpy(pub->rho, priv->rho, sizeof(pub->rho));
1239
+ OPENSSL_memcpy(pub->public_key_hash, priv->public_key_hash,
1240
+ sizeof(pub->public_key_hash));
1241
+
1242
+ matrix_expand(&values->a_ntt, priv->rho);
1243
+
1244
+ OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt));
1245
+ vectorl_ntt(&values->s1_ntt);
1246
+
1247
+ matrix_mult(&values->t, &values->a_ntt, &values->s1_ntt);
1248
+ vectork_inverse_ntt(&values->t);
1249
+ vectork_add(&values->t, &values->t, &priv->s2);
1250
+
1251
+ vectork_power2_round(&pub->t1, &values->t0, &values->t);
1252
+
1253
+ ret = 1;
1254
+ err:
1255
+ OPENSSL_free(values);
1256
+ return ret;
1257
+ }
1258
+
1217
1259
  // FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure.
1218
1260
  static int dilithium_sign_with_randomizer(
1219
1261
  uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES],
@@ -104,3 +104,24 @@ int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
104
104
  return aes_nohw_set_decrypt_key(key, bits, aeskey);
105
105
  }
106
106
  }
107
+
108
+ #if defined(HWAES) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
109
+ // On x86 and x86_64, |aes_hw_set_decrypt_key|, we implement
110
+ // |aes_hw_encrypt_key_to_decrypt_key| in assembly and rely on C code to combine
111
+ // the operations.
112
+ int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
113
+ int ret = aes_hw_set_encrypt_key(user_key, bits, key);
114
+ if (ret == 0) {
115
+ aes_hw_encrypt_key_to_decrypt_key(key);
116
+ }
117
+ return ret;
118
+ }
119
+
120
+ int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
121
+ if (aes_hw_set_encrypt_key_alt_preferred()) {
122
+ return aes_hw_set_encrypt_key_alt(user_key, bits, key);
123
+ } else {
124
+ return aes_hw_set_encrypt_key_base(user_key, bits, key);
125
+ }
126
+ }
127
+ #endif
@@ -66,17 +66,41 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
66
66
 
67
67
  #if defined(HWAES)
68
68
 
69
- int aes_hw_set_encrypt_key(const uint8_t *user_key, const int bits,
70
- AES_KEY *key);
71
- int aes_hw_set_decrypt_key(const uint8_t *user_key, const int bits,
72
- AES_KEY *key);
69
+ int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
70
+ int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
73
71
  void aes_hw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
74
72
  void aes_hw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
75
73
  void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
76
- const AES_KEY *key, uint8_t *ivec, const int enc);
74
+ const AES_KEY *key, uint8_t *ivec, int enc);
77
75
  void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len,
78
76
  const AES_KEY *key, const uint8_t ivec[16]);
79
77
 
78
+ #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
79
+ // On x86 and x86_64, |aes_hw_set_decrypt_key| is implemented in terms of
80
+ // |aes_hw_set_encrypt_key| and a conversion function.
81
+ void aes_hw_encrypt_key_to_decrypt_key(AES_KEY *key);
82
+
83
+ // There are two variants of this function, one which uses aeskeygenassist
84
+ // ("base") and one which uses aesenclast + pshufb ("alt"). aesenclast is
85
+ // overall faster but is slower on some older processors. It doesn't use AVX,
86
+ // but AVX is used as a proxy to detecting this. See
87
+ // https://groups.google.com/g/mailing.openssl.dev/c/OuFXwW4NfO8/m/7d2ZXVjkxVkJ
88
+ //
89
+ // TODO(davidben): It is unclear if the aeskeygenassist version is still
90
+ // worthwhile. However, the aesenclast version requires SSSE3. SSSE3 long
91
+ // predates AES-NI, but it's not clear if AES-NI implies SSSE3. In OpenSSL, the
92
+ // CCM AES-NI assembly seems to assume it does.
93
+ OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_capable(void) {
94
+ return hwaes_capable() && CRYPTO_is_SSSE3_capable();
95
+ }
96
+ OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_preferred(void) {
97
+ return hwaes_capable() && CRYPTO_is_AVX_capable();
98
+ }
99
+ int aes_hw_set_encrypt_key_base(const uint8_t *user_key, int bits,
100
+ AES_KEY *key);
101
+ int aes_hw_set_encrypt_key_alt(const uint8_t *user_key, int bits, AES_KEY *key);
102
+ #endif // OPENSSL_X86 || OPENSSL_X86_64
103
+
80
104
  #else
81
105
 
82
106
  // If HWAES isn't defined then we provide dummy functions for each of the hwaes
@@ -120,7 +144,7 @@ OPENSSL_INLINE void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
120
144
 
121
145
  #if defined(HWAES_ECB)
122
146
  void aes_hw_ecb_encrypt(const uint8_t *in, uint8_t *out, size_t length,
123
- const AES_KEY *key, const int enc);
147
+ const AES_KEY *key, int enc);
124
148
  #endif // HWAES_ECB
125
149
 
126
150
 
@@ -218,7 +242,7 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
218
242
  size_t blocks, const AES_KEY *key,
219
243
  const uint8_t ivec[16]);
220
244
  void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
221
- const AES_KEY *key, uint8_t *ivec, const int enc);
245
+ const AES_KEY *key, uint8_t *ivec, int enc);
222
246
 
223
247
 
224
248
  #if defined(__cplusplus)
@@ -168,8 +168,6 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {}
168
168
 
169
169
  static void __attribute__((constructor))
170
170
  BORINGSSL_bcm_power_on_self_test(void) {
171
- CRYPTO_library_init();
172
-
173
171
  #if !defined(OPENSSL_ASAN)
174
172
  // Integrity tests cannot run under ASAN because it involves reading the full
175
173
  // .text section, which triggers the global-buffer overflow detection.
@@ -612,6 +612,11 @@ static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
612
612
  }
613
613
 
614
614
  DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) {
615
+ // TODO(crbug.com/42290548): The x86_64 assembly depends on initializing
616
+ // |OPENSSL_ia32cap_P|. Move the dispatch to C. For now, explicitly initialize
617
+ // things.
618
+ OPENSSL_init_cpuid();
619
+
615
620
  out->point_get_affine_coordinates = ecp_nistz256_get_affine;
616
621
  out->add = ecp_nistz256_add;
617
622
  out->dbl = ecp_nistz256_dbl;
@@ -72,7 +72,8 @@ int FIPS_query_algorithm_status(const char *algorithm) {
72
72
  #if defined(BORINGSSL_FIPS_COUNTERS)
73
73
 
74
74
  size_t FIPS_read_counter(enum fips_counter_t counter) {
75
- if (counter < 0 || counter > fips_counter_max) {
75
+ size_t index = (size_t)counter;
76
+ if (index > fips_counter_max) {
76
77
  abort();
77
78
  }
78
79
 
@@ -82,11 +83,12 @@ size_t FIPS_read_counter(enum fips_counter_t counter) {
82
83
  return 0;
83
84
  }
84
85
 
85
- return array[counter];
86
+ return array[index];
86
87
  }
87
88
 
88
89
  void boringssl_fips_inc_counter(enum fips_counter_t counter) {
89
- if (counter < 0 || counter > fips_counter_max) {
90
+ size_t index = (size_t)counter;
91
+ if (index > fips_counter_max) {
90
92
  abort();
91
93
  }
92
94
 
@@ -106,7 +108,7 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) {
106
108
  }
107
109
  }
108
110
 
109
- array[counter]++;
111
+ array[index]++;
110
112
  }
111
113
 
112
114
  #else
@@ -180,17 +180,29 @@ extern "C" {
180
180
  #endif
181
181
 
182
182
 
183
- #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || defined(OPENSSL_ARM) || \
184
- defined(OPENSSL_AARCH64)
185
- // OPENSSL_cpuid_setup initializes the platform-specific feature cache.
183
+ #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
184
+ (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
185
+ defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
186
+ // x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
187
+ // for the asm to work correctly, unless compiled without asm code.
188
+ #define NEED_CPUID
189
+
190
+ // OPENSSL_cpuid_setup initializes the platform-specific feature cache. This
191
+ // function should not be called directly. Call |OPENSSL_init_cpuid| instead.
186
192
  void OPENSSL_cpuid_setup(void);
193
+
194
+ // OPENSSL_init_cpuid initializes the platform-specific feature cache, if
195
+ // needed. This function is idempotent and may be called concurrently.
196
+ void OPENSSL_init_cpuid(void);
197
+ #else
198
+ OPENSSL_INLINE void OPENSSL_init_cpuid(void) {}
187
199
  #endif
188
200
 
189
201
  #if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
190
202
  !defined(OPENSSL_STATIC_ARMCAP)
191
203
  // OPENSSL_get_armcap_pointer_for_test returns a pointer to |OPENSSL_armcap_P|
192
- // for unit tests. Any modifications to the value must be made after
193
- // |CRYPTO_library_init| but before any other function call in BoringSSL.
204
+ // for unit tests. Any modifications to the value must be made before any other
205
+ // function call in BoringSSL.
194
206
  OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void);
195
207
  #endif
196
208
 
@@ -1521,7 +1533,6 @@ OPENSSL_INLINE int CRYPTO_is_x86_SHA_capable(void) {
1521
1533
  // otherwise select. See chacha-x86_64.pl.
1522
1534
  //
1523
1535
  // Bonnell, Silvermont's predecessor in the Atom lineup, will also be matched by
1524
- // this. |OPENSSL_cpuid_setup| forces Knights Landing to also be matched by
1525
1536
  // this. Goldmont (Silvermont's successor in the Atom lineup) added XSAVE so it
1526
1537
  // isn't matched by this. Various sources indicate AMD first implemented MOVBE
1527
1538
  // and XSAVE at the same time in Jaguar, so it seems like AMD chips will not be
@@ -1530,11 +1541,12 @@ OPENSSL_INLINE int CRYPTO_cpu_perf_is_like_silvermont(void) {
1530
1541
  // WARNING: This MUST NOT be used to guard the execution of the XSAVE
1531
1542
  // instruction. This is the "hardware supports XSAVE" bit, not the OSXSAVE bit
1532
1543
  // that indicates whether we can safely execute XSAVE. This bit may be set
1533
- // even when XSAVE is disabled (by the operating system). See the comment in
1534
- // cpu_intel.c and check how the users of this bit use it.
1544
+ // even when XSAVE is disabled (by the operating system). See how the users of
1545
+ // this bit use it.
1535
1546
  //
1536
- // We do not use |__XSAVE__| for static detection because the hack in
1537
- // |OPENSSL_cpuid_setup| for Knights Landing CPUs needs to override it.
1547
+ // Historically, the XSAVE bit was artificially cleared on Knights Landing
1548
+ // and Knights Mill chips, but as Intel has removed all support from GCC,
1549
+ // LLVM, and SDE, we assume they are no longer worth special-casing.
1538
1550
  int hardware_supports_xsave = (OPENSSL_get_ia32cap(1) & (1u << 26)) != 0;
1539
1551
  return !hardware_supports_xsave && CRYPTO_is_MOVBE_capable();
1540
1552
  }
@@ -12,6 +12,7 @@
12
12
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
13
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
14
 
15
+ #define OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
15
16
  #include <openssl/experimental/kyber.h>
16
17
 
17
18
  #include <assert.h>
@@ -32,18 +32,9 @@ extern "C" {
32
32
  #endif
33
33
 
34
34
 
35
- // crypto.h contains functions for initializing the crypto library.
35
+ // crypto.h contains functions for library-wide initialization and properties.
36
36
 
37
37
 
38
- // CRYPTO_library_init initializes the crypto library. It must be called if the
39
- // library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does
40
- // nothing and a static initializer is used instead. It is safe to call this
41
- // function multiple times and concurrently from multiple threads.
42
- //
43
- // On some ARM configurations, this function may require filesystem access and
44
- // should be called before entering a sandbox.
45
- OPENSSL_EXPORT void CRYPTO_library_init(void);
46
-
47
38
  // CRYPTO_is_confidential_build returns one if the linked version of BoringSSL
48
39
  // has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise.
49
40
  //
@@ -164,7 +155,7 @@ OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
164
155
  #define OPENSSL_INIT_NO_LOAD_CONFIG 0
165
156
  #define OPENSSL_INIT_NO_ATEXIT 0
166
157
 
167
- // OPENSSL_init_crypto calls |CRYPTO_library_init| and returns one.
158
+ // OPENSSL_init_crypto returns one.
168
159
  OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
169
160
  const OPENSSL_INIT_SETTINGS *settings);
170
161
 
@@ -199,6 +190,10 @@ OPENSSL_EXPORT int FIPS_query_algorithm_status(const char *algorithm);
199
190
  OPENSSL_EXPORT int CRYPTO_has_broken_NEON(void);
200
191
  #endif
201
192
 
193
+ // CRYPTO_library_init does nothing. Historically, it was needed in some build
194
+ // configurations to initialization the library. This is no longer necessary.
195
+ OPENSSL_EXPORT void CRYPTO_library_init(void);
196
+
202
197
 
203
198
  #if defined(__cplusplus)
204
199
  } // extern C
@@ -70,6 +70,12 @@ OPENSSL_EXPORT int DILITHIUM_generate_key(
70
70
  uint8_t out_encoded_public_key[DILITHIUM_PUBLIC_KEY_BYTES],
71
71
  struct DILITHIUM_private_key *out_private_key);
72
72
 
73
+ // DILITHIUM_public_from_private sets |*out_public_key| to the public key that
74
+ // corresponds to |private_key|. Returns 1 on success and 0 on failure.
75
+ OPENSSL_EXPORT int DILITHIUM_public_from_private(
76
+ struct DILITHIUM_public_key *out_public_key,
77
+ const struct DILITHIUM_private_key *private_key);
78
+
73
79
  // DILITHIUM_sign generates a signature for the message |msg| of length
74
80
  // |msg_len| using |private_key| following the randomized algorithm, and writes
75
81
  // the encoded signature to |out_encoded_signature|. Returns 1 on success and 0
@@ -22,6 +22,14 @@ extern "C" {
22
22
  #endif
23
23
 
24
24
 
25
+ #if defined(OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER)
26
+ // This header implements experimental, draft versions of not-yet-standardized
27
+ // primitives. When the standard is complete, these functions will be removed
28
+ // and replaced with the final, incompatible standard version. They are
29
+ // available now for short-lived experiments, but must not be deployed anywhere
30
+ // durable, such as a long-lived key store. To use these functions define
31
+ // OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
32
+
25
33
  // Kyber768.
26
34
  //
27
35
  // This implements the round-3 specification of Kyber, defined at
@@ -128,6 +136,8 @@ OPENSSL_EXPORT int KYBER_marshal_private_key(
128
136
  OPENSSL_EXPORT int KYBER_parse_private_key(
129
137
  struct KYBER_private_key *out_private_key, CBS *in);
130
138
 
139
+ #endif // OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
140
+
131
141
 
132
142
  #if defined(__cplusplus)
133
143
  } // extern C
@@ -49,6 +49,16 @@ class SpanBase {
49
49
 
50
50
  friend bool operator!=(Span<T> lhs, Span<T> rhs) { return !(lhs == rhs); }
51
51
  };
52
+
53
+ // Heuristically test whether C is a container type that can be converted into
54
+ // a Span<T> by checking for data() and size() member functions.
55
+ //
56
+ // TODO(davidben): Require C++17 support for std::is_convertible_v, etc.
57
+ template <typename C, typename T>
58
+ using EnableIfContainer = std::enable_if_t<
59
+ std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
60
+ std::is_integral<decltype(std::declval<C>().size())>::value>;
61
+
52
62
  } // namespace internal
53
63
 
54
64
  // A Span<T> is a non-owning reference to a contiguous array of objects of type
@@ -84,16 +94,6 @@ class SpanBase {
84
94
  // a reference or pointer to a container or array.
85
95
  template <typename T>
86
96
  class Span : private internal::SpanBase<const T> {
87
- private:
88
- // Heuristically test whether C is a container type that can be converted into
89
- // a Span by checking for data() and size() member functions.
90
- //
91
- // TODO(davidben): Require C++17 support for std::is_convertible_v, etc.
92
- template <typename C>
93
- using EnableIfContainer = std::enable_if_t<
94
- std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
95
- std::is_integral<decltype(std::declval<C>().size())>::value>;
96
-
97
97
  public:
98
98
  static const size_t npos = static_cast<size_t>(-1);
99
99
 
@@ -114,12 +114,12 @@ class Span : private internal::SpanBase<const T> {
114
114
  template <size_t N>
115
115
  constexpr Span(T (&array)[N]) : Span(array, N) {}
116
116
 
117
- template <typename C, typename = EnableIfContainer<C>,
117
+ template <typename C, typename = internal::EnableIfContainer<C, T>,
118
118
  typename = std::enable_if_t<std::is_const<T>::value, C>>
119
119
  constexpr Span(const C &container)
120
120
  : data_(container.data()), size_(container.size()) {}
121
121
 
122
- template <typename C, typename = EnableIfContainer<C>,
122
+ template <typename C, typename = internal::EnableIfContainer<C, T>,
123
123
  typename = std::enable_if_t<!std::is_const<T>::value, C>>
124
124
  constexpr explicit Span(C &container)
125
125
  : data_(container.data()), size_(container.size()) {}
@@ -188,6 +188,20 @@ class Span : private internal::SpanBase<const T> {
188
188
  template <typename T>
189
189
  const size_t Span<T>::npos;
190
190
 
191
+ #if __cplusplus >= 201703L
192
+ template <typename T>
193
+ Span(T *, size_t) -> Span<T>;
194
+ template <typename T, size_t size>
195
+ Span(T (&array)[size]) -> Span<T>;
196
+ template <
197
+ typename C,
198
+ typename T = std::remove_pointer_t<decltype(std::declval<C>().data())>,
199
+ typename = internal::EnableIfContainer<C, T>>
200
+ Span(C &) -> Span<T>;
201
+ #endif
202
+
203
+ // C++17 callers can instead rely on CTAD and the deduction guides defined
204
+ // above.
191
205
  template <typename T>
192
206
  constexpr Span<T> MakeSpan(T *ptr, size_t size) {
193
207
  return Span<T>(ptr, size);