grpc 1.65.1 → 1.65.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +1 -1
- data/src/core/client_channel/subchannel.cc +10 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +6 -6
- data/src/core/handshaker/http_connect/http_proxy_mapper.cc +7 -10
- data/src/core/lib/compression/message_compress.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +6 -6
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +7 -4
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +4 -2
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +5 -4
- data/src/core/lib/experiments/config.cc +11 -9
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +4 -4
- data/src/core/lib/iomgr/socket_windows.cc +3 -3
- data/src/core/lib/iomgr/tcp_posix.cc +2 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -12
- data/src/core/lib/iomgr/tcp_server_windows.cc +2 -2
- data/src/core/lib/promise/party.cc +4 -4
- data/src/core/load_balancing/grpclb/grpclb.cc +14 -15
- data/src/core/util/log.cc +2 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +7 -61
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +43 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +21 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +31 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +6 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +10 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +26 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +83 -33
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -8
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +14 -13
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +22 -16
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +15 -15
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -27
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +59 -20
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +1 -1
- metadata +3 -3
@@ -24,23 +24,6 @@
|
|
24
24
|
static_assert(sizeof(ossl_ssize_t) == sizeof(size_t),
|
25
25
|
"ossl_ssize_t should be the same size as size_t");
|
26
26
|
|
27
|
-
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
|
28
|
-
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
29
|
-
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
30
|
-
// x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
|
31
|
-
// for the asm to work correctly, unless compiled without asm code.
|
32
|
-
#define NEED_CPUID
|
33
|
-
|
34
|
-
#else
|
35
|
-
|
36
|
-
// Otherwise, don't emit a static initialiser.
|
37
|
-
|
38
|
-
#if !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
39
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
40
|
-
#endif
|
41
|
-
|
42
|
-
#endif // !NO_ASM && !STATIC_ARMCAP && (X86 || X86_64 || ARM || AARCH64)
|
43
|
-
|
44
27
|
|
45
28
|
// Our assembly does not use the GOT to reference symbols, which means
|
46
29
|
// references to visible symbols will often require a TEXTREL. This is
|
@@ -79,7 +62,7 @@ HIDDEN uint8_t BORINGSSL_function_hit[7] = {0};
|
|
79
62
|
HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0};
|
80
63
|
|
81
64
|
uint32_t OPENSSL_get_ia32cap(int idx) {
|
82
|
-
|
65
|
+
OPENSSL_init_cpuid();
|
83
66
|
return OPENSSL_ia32cap_P[idx];
|
84
67
|
}
|
85
68
|
|
@@ -121,60 +104,24 @@ HIDDEN uint32_t OPENSSL_armcap_P =
|
|
121
104
|
HIDDEN uint32_t OPENSSL_armcap_P = 0;
|
122
105
|
|
123
106
|
uint32_t *OPENSSL_get_armcap_pointer_for_test(void) {
|
124
|
-
|
107
|
+
OPENSSL_init_cpuid();
|
125
108
|
return &OPENSSL_armcap_P;
|
126
109
|
}
|
127
110
|
#endif
|
128
111
|
|
129
112
|
uint32_t OPENSSL_get_armcap(void) {
|
130
|
-
|
113
|
+
OPENSSL_init_cpuid();
|
131
114
|
return OPENSSL_armcap_P;
|
132
115
|
}
|
133
116
|
|
134
117
|
#endif
|
135
118
|
|
136
|
-
#if defined(BORINGSSL_FIPS)
|
137
|
-
// In FIPS mode, the power-on self-test function calls |CRYPTO_library_init|
|
138
|
-
// because we have to ensure that CPUID detection occurs first.
|
139
|
-
#define BORINGSSL_NO_STATIC_INITIALIZER
|
140
|
-
#endif
|
141
|
-
|
142
|
-
#if defined(OPENSSL_WINDOWS) && !defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
143
|
-
#define OPENSSL_CDECL __cdecl
|
144
|
-
#else
|
145
|
-
#define OPENSSL_CDECL
|
146
|
-
#endif
|
147
|
-
|
148
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
149
|
-
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
150
|
-
#elif defined(_MSC_VER)
|
151
|
-
#pragma section(".CRT$XCU", read)
|
152
|
-
static void __cdecl do_library_init(void);
|
153
|
-
__declspec(allocate(".CRT$XCU")) void(*library_init_constructor)(void) =
|
154
|
-
do_library_init;
|
155
|
-
#else
|
156
|
-
static void do_library_init(void) __attribute__ ((constructor));
|
157
|
-
#endif
|
158
|
-
|
159
|
-
// do_library_init is the actual initialization function. If
|
160
|
-
// BORINGSSL_NO_STATIC_INITIALIZER isn't defined, this is set as a static
|
161
|
-
// initializer. Otherwise, it is called by CRYPTO_library_init.
|
162
|
-
static void OPENSSL_CDECL do_library_init(void) {
|
163
|
-
// WARNING: this function may only configure the capability variables. See the
|
164
|
-
// note above about the linker bug.
|
165
119
|
#if defined(NEED_CPUID)
|
166
|
-
|
120
|
+
static CRYPTO_once_t once = CRYPTO_ONCE_INIT;
|
121
|
+
void OPENSSL_init_cpuid(void) { CRYPTO_once(&once, OPENSSL_cpuid_setup); }
|
167
122
|
#endif
|
168
|
-
}
|
169
123
|
|
170
|
-
void CRYPTO_library_init(void) {
|
171
|
-
// TODO(davidben): It would be tidier if this build knob could be replaced
|
172
|
-
// with an internal lazy-init mechanism that would handle things correctly
|
173
|
-
// in-library. https://crbug.com/542879
|
174
|
-
#if defined(BORINGSSL_NO_STATIC_INITIALIZER)
|
175
|
-
CRYPTO_once(&once, do_library_init);
|
176
|
-
#endif
|
177
|
-
}
|
124
|
+
void CRYPTO_library_init(void) {}
|
178
125
|
|
179
126
|
int CRYPTO_is_confidential_build(void) {
|
180
127
|
#if defined(BORINGSSL_CONFIDENTIAL)
|
@@ -194,7 +141,7 @@ int CRYPTO_has_asm(void) {
|
|
194
141
|
|
195
142
|
void CRYPTO_pre_sandbox_init(void) {
|
196
143
|
// Read from /proc/cpuinfo if needed.
|
197
|
-
|
144
|
+
OPENSSL_init_cpuid();
|
198
145
|
// Open /dev/urandom if needed.
|
199
146
|
CRYPTO_init_sysrand();
|
200
147
|
// Set up MADV_WIPEONFORK state if needed.
|
@@ -235,7 +182,6 @@ int ENGINE_register_all_complete(void) { return 1; }
|
|
235
182
|
void OPENSSL_load_builtin_modules(void) {}
|
236
183
|
|
237
184
|
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
|
238
|
-
CRYPTO_library_init();
|
239
185
|
return 1;
|
240
186
|
}
|
241
187
|
|
@@ -1196,7 +1196,7 @@ int DILITHIUM_generate_key_external_entropy(
|
|
1196
1196
|
|
1197
1197
|
vectork_power2_round(&values->pub.t1, &priv->t0, &values->t);
|
1198
1198
|
// t1 is public.
|
1199
|
-
CONSTTIME_DECLASSIFY(&pub.t1, sizeof(pub.t1));
|
1199
|
+
CONSTTIME_DECLASSIFY(&values->pub.t1, sizeof(values->pub.t1));
|
1200
1200
|
|
1201
1201
|
CBB cbb;
|
1202
1202
|
CBB_init_fixed(&cbb, out_encoded_public_key, DILITHIUM_PUBLIC_KEY_BYTES);
|
@@ -1214,6 +1214,48 @@ err:
|
|
1214
1214
|
return ret;
|
1215
1215
|
}
|
1216
1216
|
|
1217
|
+
int DILITHIUM_public_from_private(
|
1218
|
+
struct DILITHIUM_public_key *out_public_key,
|
1219
|
+
const struct DILITHIUM_private_key *private_key) {
|
1220
|
+
int ret = 0;
|
1221
|
+
|
1222
|
+
// Intermediate values, allocated on the heap to allow use when there is a
|
1223
|
+
// limited amount of stack.
|
1224
|
+
struct values_st {
|
1225
|
+
matrix a_ntt;
|
1226
|
+
vectorl s1_ntt;
|
1227
|
+
vectork t;
|
1228
|
+
vectork t0;
|
1229
|
+
};
|
1230
|
+
struct values_st *values = OPENSSL_malloc(sizeof(*values));
|
1231
|
+
if (values == NULL) {
|
1232
|
+
goto err;
|
1233
|
+
}
|
1234
|
+
|
1235
|
+
const struct private_key *priv = private_key_from_external(private_key);
|
1236
|
+
struct public_key *pub = public_key_from_external(out_public_key);
|
1237
|
+
|
1238
|
+
OPENSSL_memcpy(pub->rho, priv->rho, sizeof(pub->rho));
|
1239
|
+
OPENSSL_memcpy(pub->public_key_hash, priv->public_key_hash,
|
1240
|
+
sizeof(pub->public_key_hash));
|
1241
|
+
|
1242
|
+
matrix_expand(&values->a_ntt, priv->rho);
|
1243
|
+
|
1244
|
+
OPENSSL_memcpy(&values->s1_ntt, &priv->s1, sizeof(values->s1_ntt));
|
1245
|
+
vectorl_ntt(&values->s1_ntt);
|
1246
|
+
|
1247
|
+
matrix_mult(&values->t, &values->a_ntt, &values->s1_ntt);
|
1248
|
+
vectork_inverse_ntt(&values->t);
|
1249
|
+
vectork_add(&values->t, &values->t, &priv->s2);
|
1250
|
+
|
1251
|
+
vectork_power2_round(&pub->t1, &values->t0, &values->t);
|
1252
|
+
|
1253
|
+
ret = 1;
|
1254
|
+
err:
|
1255
|
+
OPENSSL_free(values);
|
1256
|
+
return ret;
|
1257
|
+
}
|
1258
|
+
|
1217
1259
|
// FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure.
|
1218
1260
|
static int dilithium_sign_with_randomizer(
|
1219
1261
|
uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES],
|
@@ -104,3 +104,24 @@ int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
|
|
104
104
|
return aes_nohw_set_decrypt_key(key, bits, aeskey);
|
105
105
|
}
|
106
106
|
}
|
107
|
+
|
108
|
+
#if defined(HWAES) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
|
109
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key|, we implement
|
110
|
+
// |aes_hw_encrypt_key_to_decrypt_key| in assembly and rely on C code to combine
|
111
|
+
// the operations.
|
112
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
113
|
+
int ret = aes_hw_set_encrypt_key(user_key, bits, key);
|
114
|
+
if (ret == 0) {
|
115
|
+
aes_hw_encrypt_key_to_decrypt_key(key);
|
116
|
+
}
|
117
|
+
return ret;
|
118
|
+
}
|
119
|
+
|
120
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key) {
|
121
|
+
if (aes_hw_set_encrypt_key_alt_preferred()) {
|
122
|
+
return aes_hw_set_encrypt_key_alt(user_key, bits, key);
|
123
|
+
} else {
|
124
|
+
return aes_hw_set_encrypt_key_base(user_key, bits, key);
|
125
|
+
}
|
126
|
+
}
|
127
|
+
#endif
|
@@ -66,17 +66,41 @@ OPENSSL_INLINE int vpaes_capable(void) { return CRYPTO_is_NEON_capable(); }
|
|
66
66
|
|
67
67
|
#if defined(HWAES)
|
68
68
|
|
69
|
-
int aes_hw_set_encrypt_key(const uint8_t *user_key,
|
70
|
-
|
71
|
-
int aes_hw_set_decrypt_key(const uint8_t *user_key, const int bits,
|
72
|
-
AES_KEY *key);
|
69
|
+
int aes_hw_set_encrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
70
|
+
int aes_hw_set_decrypt_key(const uint8_t *user_key, int bits, AES_KEY *key);
|
73
71
|
void aes_hw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
74
72
|
void aes_hw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
|
75
73
|
void aes_hw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
76
|
-
const AES_KEY *key, uint8_t *ivec,
|
74
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
77
75
|
void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t len,
|
78
76
|
const AES_KEY *key, const uint8_t ivec[16]);
|
79
77
|
|
78
|
+
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
|
79
|
+
// On x86 and x86_64, |aes_hw_set_decrypt_key| is implemented in terms of
|
80
|
+
// |aes_hw_set_encrypt_key| and a conversion function.
|
81
|
+
void aes_hw_encrypt_key_to_decrypt_key(AES_KEY *key);
|
82
|
+
|
83
|
+
// There are two variants of this function, one which uses aeskeygenassist
|
84
|
+
// ("base") and one which uses aesenclast + pshufb ("alt"). aesenclast is
|
85
|
+
// overall faster but is slower on some older processors. It doesn't use AVX,
|
86
|
+
// but AVX is used as a proxy to detecting this. See
|
87
|
+
// https://groups.google.com/g/mailing.openssl.dev/c/OuFXwW4NfO8/m/7d2ZXVjkxVkJ
|
88
|
+
//
|
89
|
+
// TODO(davidben): It is unclear if the aeskeygenassist version is still
|
90
|
+
// worthwhile. However, the aesenclast version requires SSSE3. SSSE3 long
|
91
|
+
// predates AES-NI, but it's not clear if AES-NI implies SSSE3. In OpenSSL, the
|
92
|
+
// CCM AES-NI assembly seems to assume it does.
|
93
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_capable(void) {
|
94
|
+
return hwaes_capable() && CRYPTO_is_SSSE3_capable();
|
95
|
+
}
|
96
|
+
OPENSSL_INLINE int aes_hw_set_encrypt_key_alt_preferred(void) {
|
97
|
+
return hwaes_capable() && CRYPTO_is_AVX_capable();
|
98
|
+
}
|
99
|
+
int aes_hw_set_encrypt_key_base(const uint8_t *user_key, int bits,
|
100
|
+
AES_KEY *key);
|
101
|
+
int aes_hw_set_encrypt_key_alt(const uint8_t *user_key, int bits, AES_KEY *key);
|
102
|
+
#endif // OPENSSL_X86 || OPENSSL_X86_64
|
103
|
+
|
80
104
|
#else
|
81
105
|
|
82
106
|
// If HWAES isn't defined then we provide dummy functions for each of the hwaes
|
@@ -120,7 +144,7 @@ OPENSSL_INLINE void aes_hw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
120
144
|
|
121
145
|
#if defined(HWAES_ECB)
|
122
146
|
void aes_hw_ecb_encrypt(const uint8_t *in, uint8_t *out, size_t length,
|
123
|
-
const AES_KEY *key,
|
147
|
+
const AES_KEY *key, int enc);
|
124
148
|
#endif // HWAES_ECB
|
125
149
|
|
126
150
|
|
@@ -218,7 +242,7 @@ void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out,
|
|
218
242
|
size_t blocks, const AES_KEY *key,
|
219
243
|
const uint8_t ivec[16]);
|
220
244
|
void aes_nohw_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
|
221
|
-
const AES_KEY *key, uint8_t *ivec,
|
245
|
+
const AES_KEY *key, uint8_t *ivec, int enc);
|
222
246
|
|
223
247
|
|
224
248
|
#if defined(__cplusplus)
|
@@ -168,8 +168,6 @@ static void BORINGSSL_maybe_set_module_text_permissions(int permission) {}
|
|
168
168
|
|
169
169
|
static void __attribute__((constructor))
|
170
170
|
BORINGSSL_bcm_power_on_self_test(void) {
|
171
|
-
CRYPTO_library_init();
|
172
|
-
|
173
171
|
#if !defined(OPENSSL_ASAN)
|
174
172
|
// Integrity tests cannot run under ASAN because it involves reading the full
|
175
173
|
// .text section, which triggers the global-buffer overflow detection.
|
@@ -612,6 +612,11 @@ static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
|
|
612
612
|
}
|
613
613
|
|
614
614
|
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) {
|
615
|
+
// TODO(crbug.com/42290548): The x86_64 assembly depends on initializing
|
616
|
+
// |OPENSSL_ia32cap_P|. Move the dispatch to C. For now, explicitly initialize
|
617
|
+
// things.
|
618
|
+
OPENSSL_init_cpuid();
|
619
|
+
|
615
620
|
out->point_get_affine_coordinates = ecp_nistz256_get_affine;
|
616
621
|
out->add = ecp_nistz256_add;
|
617
622
|
out->dbl = ecp_nistz256_dbl;
|
@@ -72,7 +72,8 @@ int FIPS_query_algorithm_status(const char *algorithm) {
|
|
72
72
|
#if defined(BORINGSSL_FIPS_COUNTERS)
|
73
73
|
|
74
74
|
size_t FIPS_read_counter(enum fips_counter_t counter) {
|
75
|
-
|
75
|
+
size_t index = (size_t)counter;
|
76
|
+
if (index > fips_counter_max) {
|
76
77
|
abort();
|
77
78
|
}
|
78
79
|
|
@@ -82,11 +83,12 @@ size_t FIPS_read_counter(enum fips_counter_t counter) {
|
|
82
83
|
return 0;
|
83
84
|
}
|
84
85
|
|
85
|
-
return array[
|
86
|
+
return array[index];
|
86
87
|
}
|
87
88
|
|
88
89
|
void boringssl_fips_inc_counter(enum fips_counter_t counter) {
|
89
|
-
|
90
|
+
size_t index = (size_t)counter;
|
91
|
+
if (index > fips_counter_max) {
|
90
92
|
abort();
|
91
93
|
}
|
92
94
|
|
@@ -106,7 +108,7 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) {
|
|
106
108
|
}
|
107
109
|
}
|
108
110
|
|
109
|
-
array[
|
111
|
+
array[index]++;
|
110
112
|
}
|
111
113
|
|
112
114
|
#else
|
@@ -180,17 +180,29 @@ extern "C" {
|
|
180
180
|
#endif
|
181
181
|
|
182
182
|
|
183
|
-
#if defined(
|
184
|
-
defined(
|
185
|
-
|
183
|
+
#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_STATIC_ARMCAP) && \
|
184
|
+
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
|
185
|
+
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
|
186
|
+
// x86, x86_64, and the ARMs need to record the result of a cpuid/getauxval call
|
187
|
+
// for the asm to work correctly, unless compiled without asm code.
|
188
|
+
#define NEED_CPUID
|
189
|
+
|
190
|
+
// OPENSSL_cpuid_setup initializes the platform-specific feature cache. This
|
191
|
+
// function should not be called directly. Call |OPENSSL_init_cpuid| instead.
|
186
192
|
void OPENSSL_cpuid_setup(void);
|
193
|
+
|
194
|
+
// OPENSSL_init_cpuid initializes the platform-specific feature cache, if
|
195
|
+
// needed. This function is idempotent and may be called concurrently.
|
196
|
+
void OPENSSL_init_cpuid(void);
|
197
|
+
#else
|
198
|
+
OPENSSL_INLINE void OPENSSL_init_cpuid(void) {}
|
187
199
|
#endif
|
188
200
|
|
189
201
|
#if (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) && \
|
190
202
|
!defined(OPENSSL_STATIC_ARMCAP)
|
191
203
|
// OPENSSL_get_armcap_pointer_for_test returns a pointer to |OPENSSL_armcap_P|
|
192
|
-
// for unit tests. Any modifications to the value must be made
|
193
|
-
//
|
204
|
+
// for unit tests. Any modifications to the value must be made before any other
|
205
|
+
// function call in BoringSSL.
|
194
206
|
OPENSSL_EXPORT uint32_t *OPENSSL_get_armcap_pointer_for_test(void);
|
195
207
|
#endif
|
196
208
|
|
@@ -1521,7 +1533,6 @@ OPENSSL_INLINE int CRYPTO_is_x86_SHA_capable(void) {
|
|
1521
1533
|
// otherwise select. See chacha-x86_64.pl.
|
1522
1534
|
//
|
1523
1535
|
// Bonnell, Silvermont's predecessor in the Atom lineup, will also be matched by
|
1524
|
-
// this. |OPENSSL_cpuid_setup| forces Knights Landing to also be matched by
|
1525
1536
|
// this. Goldmont (Silvermont's successor in the Atom lineup) added XSAVE so it
|
1526
1537
|
// isn't matched by this. Various sources indicate AMD first implemented MOVBE
|
1527
1538
|
// and XSAVE at the same time in Jaguar, so it seems like AMD chips will not be
|
@@ -1530,11 +1541,12 @@ OPENSSL_INLINE int CRYPTO_cpu_perf_is_like_silvermont(void) {
|
|
1530
1541
|
// WARNING: This MUST NOT be used to guard the execution of the XSAVE
|
1531
1542
|
// instruction. This is the "hardware supports XSAVE" bit, not the OSXSAVE bit
|
1532
1543
|
// that indicates whether we can safely execute XSAVE. This bit may be set
|
1533
|
-
// even when XSAVE is disabled (by the operating system). See the
|
1534
|
-
//
|
1544
|
+
// even when XSAVE is disabled (by the operating system). See how the users of
|
1545
|
+
// this bit use it.
|
1535
1546
|
//
|
1536
|
-
//
|
1537
|
-
//
|
1547
|
+
// Historically, the XSAVE bit was artificially cleared on Knights Landing
|
1548
|
+
// and Knights Mill chips, but as Intel has removed all support from GCC,
|
1549
|
+
// LLVM, and SDE, we assume they are no longer worth special-casing.
|
1538
1550
|
int hardware_supports_xsave = (OPENSSL_get_ia32cap(1) & (1u << 26)) != 0;
|
1539
1551
|
return !hardware_supports_xsave && CRYPTO_is_MOVBE_capable();
|
1540
1552
|
}
|
@@ -32,18 +32,9 @@ extern "C" {
|
|
32
32
|
#endif
|
33
33
|
|
34
34
|
|
35
|
-
// crypto.h contains functions for
|
35
|
+
// crypto.h contains functions for library-wide initialization and properties.
|
36
36
|
|
37
37
|
|
38
|
-
// CRYPTO_library_init initializes the crypto library. It must be called if the
|
39
|
-
// library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does
|
40
|
-
// nothing and a static initializer is used instead. It is safe to call this
|
41
|
-
// function multiple times and concurrently from multiple threads.
|
42
|
-
//
|
43
|
-
// On some ARM configurations, this function may require filesystem access and
|
44
|
-
// should be called before entering a sandbox.
|
45
|
-
OPENSSL_EXPORT void CRYPTO_library_init(void);
|
46
|
-
|
47
38
|
// CRYPTO_is_confidential_build returns one if the linked version of BoringSSL
|
48
39
|
// has been built with the BORINGSSL_CONFIDENTIAL define and zero otherwise.
|
49
40
|
//
|
@@ -164,7 +155,7 @@ OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
|
|
164
155
|
#define OPENSSL_INIT_NO_LOAD_CONFIG 0
|
165
156
|
#define OPENSSL_INIT_NO_ATEXIT 0
|
166
157
|
|
167
|
-
// OPENSSL_init_crypto
|
158
|
+
// OPENSSL_init_crypto returns one.
|
168
159
|
OPENSSL_EXPORT int OPENSSL_init_crypto(uint64_t opts,
|
169
160
|
const OPENSSL_INIT_SETTINGS *settings);
|
170
161
|
|
@@ -199,6 +190,10 @@ OPENSSL_EXPORT int FIPS_query_algorithm_status(const char *algorithm);
|
|
199
190
|
OPENSSL_EXPORT int CRYPTO_has_broken_NEON(void);
|
200
191
|
#endif
|
201
192
|
|
193
|
+
// CRYPTO_library_init does nothing. Historically, it was needed in some build
|
194
|
+
// configurations to initialization the library. This is no longer necessary.
|
195
|
+
OPENSSL_EXPORT void CRYPTO_library_init(void);
|
196
|
+
|
202
197
|
|
203
198
|
#if defined(__cplusplus)
|
204
199
|
} // extern C
|
@@ -70,6 +70,12 @@ OPENSSL_EXPORT int DILITHIUM_generate_key(
|
|
70
70
|
uint8_t out_encoded_public_key[DILITHIUM_PUBLIC_KEY_BYTES],
|
71
71
|
struct DILITHIUM_private_key *out_private_key);
|
72
72
|
|
73
|
+
// DILITHIUM_public_from_private sets |*out_public_key| to the public key that
|
74
|
+
// corresponds to |private_key|. Returns 1 on success and 0 on failure.
|
75
|
+
OPENSSL_EXPORT int DILITHIUM_public_from_private(
|
76
|
+
struct DILITHIUM_public_key *out_public_key,
|
77
|
+
const struct DILITHIUM_private_key *private_key);
|
78
|
+
|
73
79
|
// DILITHIUM_sign generates a signature for the message |msg| of length
|
74
80
|
// |msg_len| using |private_key| following the randomized algorithm, and writes
|
75
81
|
// the encoded signature to |out_encoded_signature|. Returns 1 on success and 0
|
@@ -22,6 +22,14 @@ extern "C" {
|
|
22
22
|
#endif
|
23
23
|
|
24
24
|
|
25
|
+
#if defined(OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER)
|
26
|
+
// This header implements experimental, draft versions of not-yet-standardized
|
27
|
+
// primitives. When the standard is complete, these functions will be removed
|
28
|
+
// and replaced with the final, incompatible standard version. They are
|
29
|
+
// available now for short-lived experiments, but must not be deployed anywhere
|
30
|
+
// durable, such as a long-lived key store. To use these functions define
|
31
|
+
// OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
|
32
|
+
|
25
33
|
// Kyber768.
|
26
34
|
//
|
27
35
|
// This implements the round-3 specification of Kyber, defined at
|
@@ -128,6 +136,8 @@ OPENSSL_EXPORT int KYBER_marshal_private_key(
|
|
128
136
|
OPENSSL_EXPORT int KYBER_parse_private_key(
|
129
137
|
struct KYBER_private_key *out_private_key, CBS *in);
|
130
138
|
|
139
|
+
#endif // OPENSSL_UNSTABLE_EXPERIMENTAL_KYBER
|
140
|
+
|
131
141
|
|
132
142
|
#if defined(__cplusplus)
|
133
143
|
} // extern C
|
@@ -49,6 +49,16 @@ class SpanBase {
|
|
49
49
|
|
50
50
|
friend bool operator!=(Span<T> lhs, Span<T> rhs) { return !(lhs == rhs); }
|
51
51
|
};
|
52
|
+
|
53
|
+
// Heuristically test whether C is a container type that can be converted into
|
54
|
+
// a Span<T> by checking for data() and size() member functions.
|
55
|
+
//
|
56
|
+
// TODO(davidben): Require C++17 support for std::is_convertible_v, etc.
|
57
|
+
template <typename C, typename T>
|
58
|
+
using EnableIfContainer = std::enable_if_t<
|
59
|
+
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
|
60
|
+
std::is_integral<decltype(std::declval<C>().size())>::value>;
|
61
|
+
|
52
62
|
} // namespace internal
|
53
63
|
|
54
64
|
// A Span<T> is a non-owning reference to a contiguous array of objects of type
|
@@ -84,16 +94,6 @@ class SpanBase {
|
|
84
94
|
// a reference or pointer to a container or array.
|
85
95
|
template <typename T>
|
86
96
|
class Span : private internal::SpanBase<const T> {
|
87
|
-
private:
|
88
|
-
// Heuristically test whether C is a container type that can be converted into
|
89
|
-
// a Span by checking for data() and size() member functions.
|
90
|
-
//
|
91
|
-
// TODO(davidben): Require C++17 support for std::is_convertible_v, etc.
|
92
|
-
template <typename C>
|
93
|
-
using EnableIfContainer = std::enable_if_t<
|
94
|
-
std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
|
95
|
-
std::is_integral<decltype(std::declval<C>().size())>::value>;
|
96
|
-
|
97
97
|
public:
|
98
98
|
static const size_t npos = static_cast<size_t>(-1);
|
99
99
|
|
@@ -114,12 +114,12 @@ class Span : private internal::SpanBase<const T> {
|
|
114
114
|
template <size_t N>
|
115
115
|
constexpr Span(T (&array)[N]) : Span(array, N) {}
|
116
116
|
|
117
|
-
template <typename C, typename = EnableIfContainer<C>,
|
117
|
+
template <typename C, typename = internal::EnableIfContainer<C, T>,
|
118
118
|
typename = std::enable_if_t<std::is_const<T>::value, C>>
|
119
119
|
constexpr Span(const C &container)
|
120
120
|
: data_(container.data()), size_(container.size()) {}
|
121
121
|
|
122
|
-
template <typename C, typename = EnableIfContainer<C>,
|
122
|
+
template <typename C, typename = internal::EnableIfContainer<C, T>,
|
123
123
|
typename = std::enable_if_t<!std::is_const<T>::value, C>>
|
124
124
|
constexpr explicit Span(C &container)
|
125
125
|
: data_(container.data()), size_(container.size()) {}
|
@@ -188,6 +188,20 @@ class Span : private internal::SpanBase<const T> {
|
|
188
188
|
template <typename T>
|
189
189
|
const size_t Span<T>::npos;
|
190
190
|
|
191
|
+
#if __cplusplus >= 201703L
|
192
|
+
template <typename T>
|
193
|
+
Span(T *, size_t) -> Span<T>;
|
194
|
+
template <typename T, size_t size>
|
195
|
+
Span(T (&array)[size]) -> Span<T>;
|
196
|
+
template <
|
197
|
+
typename C,
|
198
|
+
typename T = std::remove_pointer_t<decltype(std::declval<C>().data())>,
|
199
|
+
typename = internal::EnableIfContainer<C, T>>
|
200
|
+
Span(C &) -> Span<T>;
|
201
|
+
#endif
|
202
|
+
|
203
|
+
// C++17 callers can instead rely on CTAD and the deduction guides defined
|
204
|
+
// above.
|
191
205
|
template <typename T>
|
192
206
|
constexpr Span<T> MakeSpan(T *ptr, size_t size) {
|
193
207
|
return Span<T>(ptr, size);
|