grpc 1.66.0.pre5 → 1.67.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +19 -10
- data/include/grpc/credentials.h +1 -1
- data/include/grpc/event_engine/README.md +1 -1
- data/include/grpc/event_engine/internal/slice_cast.h +1 -1
- data/include/grpc/event_engine/slice.h +0 -1
- data/include/grpc/event_engine/slice_buffer.h +0 -1
- data/include/grpc/grpc_crl_provider.h +1 -1
- data/include/grpc/impl/channel_arg_names.h +1 -1
- data/include/grpc/support/log.h +34 -32
- data/include/grpc/support/sync_generic.h +2 -4
- data/src/core/channelz/channelz.cc +0 -1
- data/src/core/channelz/channelz_registry.cc +0 -1
- data/src/core/client_channel/client_channel.cc +10 -7
- data/src/core/client_channel/client_channel.h +1 -1
- data/src/core/client_channel/client_channel_filter.cc +21 -18
- data/src/core/client_channel/client_channel_filter.h +1 -1
- data/src/core/client_channel/client_channel_internal.h +0 -2
- data/src/core/client_channel/config_selector.h +0 -1
- data/src/core/client_channel/dynamic_filters.cc +0 -2
- data/src/core/client_channel/local_subchannel_pool.cc +0 -2
- data/src/core/client_channel/retry_filter.h +0 -1
- data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
- data/src/core/client_channel/subchannel.cc +21 -27
- data/src/core/client_channel/subchannel_stream_client.cc +1 -1
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
- data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
- data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
- data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
- data/src/core/handshaker/handshaker.cc +21 -29
- data/src/core/handshaker/security/secure_endpoint.cc +3 -3
- data/src/core/handshaker/security/security_handshaker.cc +60 -72
- data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
- data/src/core/lib/backoff/backoff.cc +7 -10
- data/src/core/lib/backoff/backoff.h +4 -6
- data/src/core/lib/channel/channel_stack.cc +0 -1
- data/src/core/lib/channel/channel_stack.h +0 -1
- data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
- data/src/core/lib/channel/connected_channel.cc +0 -1
- data/src/core/lib/channel/promise_based_filter.cc +146 -194
- data/src/core/lib/channel/promise_based_filter.h +1 -1
- data/src/core/lib/compression/compression_internal.cc +0 -1
- data/src/core/lib/config/config_vars.cc +11 -1
- data/src/core/lib/config/config_vars.h +8 -0
- data/src/core/lib/config/core_configuration.cc +0 -1
- data/src/core/lib/config/core_configuration.h +0 -1
- data/src/core/lib/debug/event_log.cc +0 -1
- data/src/core/lib/debug/trace_flags.cc +4 -18
- data/src/core/lib/debug/trace_flags.h +2 -5
- data/src/core/lib/debug/trace_impl.h +6 -0
- data/src/core/lib/event_engine/ares_resolver.cc +89 -56
- data/src/core/lib/event_engine/ares_resolver.h +0 -9
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
- data/src/core/lib/event_engine/forkable.cc +0 -1
- data/src/core/lib/event_engine/forkable.h +0 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
- data/src/core/lib/event_engine/resolved_address.cc +0 -1
- data/src/core/lib/event_engine/slice.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
- data/src/core/lib/experiments/config.cc +12 -10
- data/src/core/lib/experiments/experiments.cc +45 -66
- data/src/core/lib/experiments/experiments.h +22 -27
- data/src/core/lib/gprpp/chunked_vector.h +0 -1
- data/src/core/lib/gprpp/down_cast.h +0 -1
- data/src/core/lib/gprpp/host_port.cc +0 -1
- data/src/core/lib/gprpp/load_file.cc +0 -1
- data/src/core/lib/gprpp/mpscq.h +0 -1
- data/src/core/lib/gprpp/single_set_ptr.h +0 -1
- data/src/core/lib/gprpp/status_helper.cc +0 -1
- data/src/core/lib/gprpp/sync.h +0 -1
- data/src/core/lib/gprpp/table.h +28 -0
- data/src/core/lib/gprpp/thd.h +0 -1
- data/src/core/lib/gprpp/time.h +0 -1
- data/src/core/lib/gprpp/time_util.cc +0 -1
- data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
- data/src/core/lib/gprpp/windows/thd.cc +0 -1
- data/src/core/lib/gprpp/work_serializer.cc +23 -34
- data/src/core/lib/iomgr/buffer_list.cc +0 -1
- data/src/core/lib/iomgr/call_combiner.h +6 -8
- data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
- data/src/core/lib/iomgr/closure.h +5 -8
- data/src/core/lib/iomgr/combiner.cc +6 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +13 -18
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
- data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
- data/src/core/lib/iomgr/ev_posix.cc +55 -44
- data/src/core/lib/iomgr/ev_posix.h +0 -5
- data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.cc +6 -9
- data/src/core/lib/iomgr/exec_ctx.h +26 -16
- data/src/core/lib/iomgr/executor.cc +43 -33
- data/src/core/lib/iomgr/fork_windows.cc +0 -1
- data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
- data/src/core/lib/iomgr/iocp_windows.cc +0 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
- data/src/core/lib/iomgr/lockfree_event.cc +7 -11
- data/src/core/lib/iomgr/polling_entity.cc +10 -3
- data/src/core/lib/iomgr/pollset_windows.cc +0 -2
- data/src/core/lib/iomgr/resolve_address.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_mutator.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
- data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
- data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
- data/src/core/lib/iomgr/tcp_posix.cc +32 -68
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
- data/src/core/lib/iomgr/tcp_windows.cc +4 -12
- data/src/core/lib/iomgr/timer_generic.cc +46 -65
- data/src/core/lib/iomgr/timer_manager.cc +4 -5
- data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
- data/src/core/lib/iomgr/vsock.cc +0 -1
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
- data/src/core/lib/promise/activity.h +0 -1
- data/src/core/lib/promise/context.h +0 -1
- data/src/core/lib/promise/detail/join_state.h +44 -44
- data/src/core/lib/promise/detail/seq_state.h +1101 -1356
- data/src/core/lib/promise/for_each.h +8 -15
- data/src/core/lib/promise/interceptor_list.h +17 -27
- data/src/core/lib/promise/latch.h +16 -24
- data/src/core/lib/promise/map.h +1 -1
- data/src/core/lib/promise/party.cc +238 -114
- data/src/core/lib/promise/party.h +105 -308
- data/src/core/lib/promise/pipe.h +3 -4
- data/src/core/lib/promise/poll.h +0 -1
- data/src/core/lib/promise/status_flag.h +0 -1
- data/src/core/lib/resource_quota/connection_quota.cc +0 -1
- data/src/core/lib/resource_quota/memory_quota.cc +11 -19
- data/src/core/lib/resource_quota/memory_quota.h +2 -4
- data/src/core/lib/resource_quota/periodic_update.cc +2 -3
- data/src/core/lib/resource_quota/thread_quota.cc +0 -1
- data/src/core/lib/security/authorization/audit_logging.cc +0 -1
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
- data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
- data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.h +1 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
- data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
- data/src/core/lib/slice/percent_encoding.cc +0 -1
- data/src/core/lib/slice/slice.cc +0 -1
- data/src/core/lib/slice/slice.h +0 -1
- data/src/core/lib/slice/slice_buffer.cc +0 -1
- data/src/core/lib/slice/slice_internal.h +0 -1
- data/src/core/lib/slice/slice_refcount.h +6 -8
- data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
- data/src/core/lib/surface/call.cc +3 -5
- data/src/core/lib/surface/call_utils.h +0 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel_create.cc +0 -1
- data/src/core/lib/surface/channel_init.h +0 -1
- data/src/core/lib/surface/client_call.cc +0 -1
- data/src/core/lib/surface/client_call.h +0 -1
- data/src/core/lib/surface/completion_queue.cc +28 -4
- data/src/core/lib/surface/completion_queue_factory.cc +0 -1
- data/src/core/lib/surface/filter_stack_call.cc +9 -9
- data/src/core/lib/surface/filter_stack_call.h +0 -1
- data/src/core/lib/surface/lame_client.cc +0 -1
- data/src/core/lib/surface/server_call.cc +0 -1
- data/src/core/lib/surface/server_call.h +0 -1
- data/src/core/lib/surface/validate_metadata.h +0 -1
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +9 -12
- data/src/core/lib/transport/bdp_estimator.h +6 -8
- data/src/core/lib/transport/call_arena_allocator.cc +2 -16
- data/src/core/lib/transport/call_arena_allocator.h +20 -5
- data/src/core/lib/transport/call_filters.cc +6 -9
- data/src/core/lib/transport/call_spine.h +24 -13
- data/src/core/lib/transport/connectivity_state.cc +34 -42
- data/src/core/lib/transport/metadata_batch.h +41 -1
- data/src/core/lib/transport/timeout_encoding.cc +0 -1
- data/src/core/lib/transport/transport.h +6 -8
- data/src/core/lib/transport/transport_op_string.cc +0 -1
- data/src/core/lib/uri/uri_parser.cc +0 -1
- data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
- data/src/core/load_balancing/health_check_client.cc +31 -42
- data/src/core/load_balancing/oob_backend_metric.cc +2 -4
- data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
- data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
- data/src/core/load_balancing/priority/priority.cc +77 -106
- data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
- data/src/core/load_balancing/rls/rls.cc +142 -187
- data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
- data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
- data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
- data/src/core/load_balancing/xds/cds.cc +26 -43
- data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
- data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
- data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
- data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
- data/src/core/resolver/binder/binder_resolver.cc +0 -2
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
- data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
- data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
- data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
- data/src/core/resolver/endpoint_addresses.cc +0 -1
- data/src/core/resolver/fake/fake_resolver.cc +0 -1
- data/src/core/resolver/polling_resolver.cc +6 -15
- data/src/core/resolver/polling_resolver.h +1 -1
- data/src/core/resolver/xds/xds_config.cc +96 -0
- data/src/core/resolver/xds/xds_config.h +109 -0
- data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
- data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
- data/src/core/resolver/xds/xds_resolver.cc +51 -55
- data/src/core/server/server.cc +2 -2
- data/src/core/server/server_config_selector_filter.cc +0 -1
- data/src/core/server/xds_server_config_fetcher.cc +4 -6
- data/src/core/service_config/service_config_call_data.h +2 -3
- data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
- data/src/core/service_config/service_config_impl.h +0 -1
- data/src/core/telemetry/call_tracer.cc +0 -1
- data/src/core/telemetry/metrics.h +0 -1
- data/src/core/telemetry/stats_data.cc +67 -0
- data/src/core/telemetry/stats_data.h +48 -0
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
- data/src/core/tsi/fake_transport_security.cc +6 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
- data/src/core/util/alloc.cc +0 -1
- data/src/core/util/gcp_metadata_query.cc +0 -1
- data/src/core/util/http_client/httpcli.cc +12 -15
- data/src/core/util/http_client/httpcli.h +16 -11
- data/src/core/util/http_client/parser.cc +3 -4
- data/src/core/util/json/json_reader.cc +0 -1
- data/src/core/util/latent_see.cc +29 -9
- data/src/core/util/latent_see.h +122 -27
- data/src/core/util/log.cc +36 -55
- data/src/core/util/lru_cache.h +104 -0
- data/src/core/util/msys/tmpfile.cc +0 -1
- data/src/core/util/posix/sync.cc +0 -1
- data/src/core/util/posix/time.cc +0 -1
- data/src/core/util/ring_buffer.h +123 -0
- data/src/core/util/spinlock.h +1 -2
- data/src/core/util/string.cc +7 -7
- data/src/core/util/sync.cc +0 -1
- data/src/core/util/sync_abseil.cc +0 -1
- data/src/core/util/time.cc +0 -1
- data/src/core/util/unique_ptr_with_bitset.h +86 -0
- data/src/core/util/useful.h +0 -24
- data/src/core/util/windows/cpu.cc +0 -1
- data/src/core/util/windows/sync.cc +0 -1
- data/src/core/util/windows/time.cc +0 -1
- data/src/core/util/windows/tmpfile.cc +0 -1
- data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
- data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
- data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
- data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
- data/src/core/xds/grpc/xds_cluster.cc +2 -8
- data/src/core/xds/grpc/xds_cluster.h +4 -4
- data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
- data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
- data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
- data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
- data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
- data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
- data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_filter.h +11 -1
- data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
- data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
- data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
- data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
- data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
- data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
- data/src/core/xds/grpc/xds_metadata.cc +62 -0
- data/src/core/xds/grpc/xds_metadata.h +127 -0
- data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
- data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
- data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
- data/src/core/xds/grpc/xds_routing.cc +57 -22
- data/src/core/xds/grpc/xds_routing.h +10 -2
- data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
- data/src/core/xds/xds_client/xds_client.cc +124 -165
- data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
- data/src/ruby/ext/grpc/rb_channel.c +22 -16
- data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc.c +9 -8
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
- data/src/ruby/ext/grpc/rb_server.c +10 -8
- data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/call_spec.rb +53 -40
- data/src/ruby/spec/channel_spec.rb +4 -2
- data/src/ruby/spec/client_server_spec.rb +148 -507
- data/src/ruby/spec/generic/active_call_spec.rb +64 -86
- data/src/ruby/spec/support/services.rb +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
- metadata +113 -87
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
- data/src/core/util/android/log.cc +0 -48
- data/src/core/util/linux/log.cc +0 -69
- data/src/core/util/posix/log.cc +0 -69
- data/src/core/util/windows/log.cc +0 -73
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
@@ -21,12 +21,15 @@
|
|
21
21
|
#include <openssl/bytestring.h>
|
22
22
|
#include <openssl/curve25519.h>
|
23
23
|
#include <openssl/digest.h>
|
24
|
+
#include <openssl/ec.h>
|
24
25
|
#include <openssl/err.h>
|
25
26
|
#include <openssl/evp_errors.h>
|
26
27
|
#include <openssl/hkdf.h>
|
28
|
+
#include <openssl/mem.h>
|
27
29
|
#include <openssl/rand.h>
|
28
30
|
#include <openssl/sha.h>
|
29
31
|
|
32
|
+
#include "../fipsmodule/ec/internal.h"
|
30
33
|
#include "../internal.h"
|
31
34
|
|
32
35
|
|
@@ -111,7 +114,7 @@ static int hpke_labeled_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
|
|
111
114
|
const uint8_t *info, size_t info_len) {
|
112
115
|
// labeledInfo = concat(I2OSP(L, 2), "HPKE-v1", suite_id, label, info)
|
113
116
|
CBB labeled_info;
|
114
|
-
int ok = CBB_init(&labeled_info, 0) &&
|
117
|
+
int ok = CBB_init(&labeled_info, 0) && //
|
115
118
|
CBB_add_u16(&labeled_info, out_len) &&
|
116
119
|
add_label_string(&labeled_info, kHpkeVersionId) &&
|
117
120
|
CBB_add_bytes(&labeled_info, suite_id, suite_id_len) &&
|
@@ -309,6 +312,294 @@ const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void) {
|
|
309
312
|
return &kKEM;
|
310
313
|
}
|
311
314
|
|
315
|
+
#define P256_PRIVATE_KEY_LEN 32
|
316
|
+
#define P256_PUBLIC_KEY_LEN 65
|
317
|
+
#define P256_PUBLIC_VALUE_LEN 65
|
318
|
+
#define P256_SEED_LEN 32
|
319
|
+
#define P256_SHARED_KEY_LEN 32
|
320
|
+
|
321
|
+
static int p256_public_from_private(uint8_t out_pub[P256_PUBLIC_VALUE_LEN],
|
322
|
+
const uint8_t priv[P256_PRIVATE_KEY_LEN]) {
|
323
|
+
const EC_GROUP *const group = EC_group_p256();
|
324
|
+
const uint8_t kAllZeros[P256_PRIVATE_KEY_LEN] = {0};
|
325
|
+
EC_SCALAR private_scalar;
|
326
|
+
EC_JACOBIAN public_point;
|
327
|
+
EC_AFFINE public_point_affine;
|
328
|
+
|
329
|
+
if (CRYPTO_memcmp(kAllZeros, priv, sizeof(kAllZeros)) == 0) {
|
330
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
331
|
+
return 0;
|
332
|
+
}
|
333
|
+
|
334
|
+
if (!ec_scalar_from_bytes(group, &private_scalar, priv,
|
335
|
+
P256_PRIVATE_KEY_LEN) ||
|
336
|
+
!ec_point_mul_scalar_base(group, &public_point, &private_scalar) ||
|
337
|
+
!ec_jacobian_to_affine(group, &public_point_affine, &public_point)) {
|
338
|
+
return 0;
|
339
|
+
}
|
340
|
+
|
341
|
+
size_t out_len_x, out_len_y;
|
342
|
+
out_pub[0] = POINT_CONVERSION_UNCOMPRESSED;
|
343
|
+
ec_felem_to_bytes(group, &out_pub[1], &out_len_x, &public_point_affine.X);
|
344
|
+
ec_felem_to_bytes(group, &out_pub[33], &out_len_y, &public_point_affine.Y);
|
345
|
+
return 1;
|
346
|
+
}
|
347
|
+
|
348
|
+
static int p256_init_key(EVP_HPKE_KEY *key, const uint8_t *priv_key,
|
349
|
+
size_t priv_key_len) {
|
350
|
+
if (priv_key_len != P256_PRIVATE_KEY_LEN) {
|
351
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
352
|
+
return 0;
|
353
|
+
}
|
354
|
+
|
355
|
+
if (!p256_public_from_private(key->public_key, priv_key)) {
|
356
|
+
return 0;
|
357
|
+
}
|
358
|
+
|
359
|
+
OPENSSL_memcpy(key->private_key, priv_key, priv_key_len);
|
360
|
+
return 1;
|
361
|
+
}
|
362
|
+
|
363
|
+
static int p256_private_key_from_seed(uint8_t out_priv[P256_PRIVATE_KEY_LEN],
|
364
|
+
const uint8_t seed[P256_SEED_LEN]) {
|
365
|
+
// https://www.rfc-editor.org/rfc/rfc9180.html#name-derivekeypair
|
366
|
+
const uint8_t suite_id[5] = {'K', 'E', 'M',
|
367
|
+
EVP_HPKE_DHKEM_P256_HKDF_SHA256 >> 8,
|
368
|
+
EVP_HPKE_DHKEM_P256_HKDF_SHA256 & 0xff};
|
369
|
+
|
370
|
+
uint8_t dkp_prk[32];
|
371
|
+
size_t dkp_prk_len;
|
372
|
+
if (!hpke_labeled_extract(EVP_sha256(), dkp_prk, &dkp_prk_len, NULL, 0,
|
373
|
+
suite_id, sizeof(suite_id), "dkp_prk", seed,
|
374
|
+
P256_SEED_LEN)) {
|
375
|
+
return 0;
|
376
|
+
}
|
377
|
+
assert(dkp_prk_len == sizeof(dkp_prk));
|
378
|
+
|
379
|
+
const EC_GROUP *const group = EC_group_p256();
|
380
|
+
EC_SCALAR private_scalar;
|
381
|
+
|
382
|
+
for (unsigned counter = 0; counter < 256; counter++) {
|
383
|
+
const uint8_t counter_byte = counter & 0xff;
|
384
|
+
if (!hpke_labeled_expand(EVP_sha256(), out_priv, P256_PRIVATE_KEY_LEN,
|
385
|
+
dkp_prk, sizeof(dkp_prk), suite_id,
|
386
|
+
sizeof(suite_id), "candidate", &counter_byte,
|
387
|
+
sizeof(counter_byte))) {
|
388
|
+
return 0;
|
389
|
+
}
|
390
|
+
|
391
|
+
// This checks that the scalar is less than the order.
|
392
|
+
if (ec_scalar_from_bytes(group, &private_scalar, out_priv,
|
393
|
+
P256_PRIVATE_KEY_LEN)) {
|
394
|
+
return 1;
|
395
|
+
}
|
396
|
+
}
|
397
|
+
|
398
|
+
// This happens with probability of 2^-(32*256).
|
399
|
+
OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
|
400
|
+
return 0;
|
401
|
+
}
|
402
|
+
|
403
|
+
static int p256_generate_key(EVP_HPKE_KEY *key) {
|
404
|
+
uint8_t seed[P256_SEED_LEN];
|
405
|
+
RAND_bytes(seed, sizeof(seed));
|
406
|
+
if (!p256_private_key_from_seed(key->private_key, seed) ||
|
407
|
+
!p256_public_from_private(key->public_key, key->private_key)) {
|
408
|
+
return 0;
|
409
|
+
}
|
410
|
+
return 1;
|
411
|
+
}
|
412
|
+
|
413
|
+
static int p256(uint8_t out_dh[P256_SHARED_KEY_LEN],
|
414
|
+
const uint8_t my_private[P256_PRIVATE_KEY_LEN],
|
415
|
+
const uint8_t their_public[P256_PUBLIC_VALUE_LEN]) {
|
416
|
+
const EC_GROUP *const group = EC_group_p256();
|
417
|
+
EC_SCALAR private_scalar;
|
418
|
+
EC_FELEM x, y;
|
419
|
+
EC_JACOBIAN shared_point, their_point;
|
420
|
+
EC_AFFINE their_point_affine, shared_point_affine;
|
421
|
+
|
422
|
+
if (their_public[0] != POINT_CONVERSION_UNCOMPRESSED ||
|
423
|
+
!ec_felem_from_bytes(group, &x, &their_public[1], 32) ||
|
424
|
+
!ec_felem_from_bytes(group, &y, &their_public[33], 32) ||
|
425
|
+
!ec_point_set_affine_coordinates(group, &their_point_affine, &x, &y) ||
|
426
|
+
!ec_scalar_from_bytes(group, &private_scalar, my_private,
|
427
|
+
P256_PRIVATE_KEY_LEN)) {
|
428
|
+
OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
|
429
|
+
return 0;
|
430
|
+
}
|
431
|
+
|
432
|
+
ec_affine_to_jacobian(group, &their_point, &their_point_affine);
|
433
|
+
if (!ec_point_mul_scalar(group, &shared_point, &their_point,
|
434
|
+
&private_scalar) ||
|
435
|
+
!ec_jacobian_to_affine(group, &shared_point_affine, &shared_point)) {
|
436
|
+
OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
|
437
|
+
return 0;
|
438
|
+
}
|
439
|
+
|
440
|
+
size_t out_len;
|
441
|
+
ec_felem_to_bytes(group, out_dh, &out_len, &shared_point_affine.X);
|
442
|
+
assert(out_len == P256_SHARED_KEY_LEN);
|
443
|
+
return 1;
|
444
|
+
}
|
445
|
+
|
446
|
+
static int p256_encap_with_seed(const EVP_HPKE_KEM *kem,
|
447
|
+
uint8_t *out_shared_secret,
|
448
|
+
size_t *out_shared_secret_len, uint8_t *out_enc,
|
449
|
+
size_t *out_enc_len, size_t max_enc,
|
450
|
+
const uint8_t *peer_public_key,
|
451
|
+
size_t peer_public_key_len, const uint8_t *seed,
|
452
|
+
size_t seed_len) {
|
453
|
+
if (max_enc < P256_PUBLIC_VALUE_LEN) {
|
454
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
|
455
|
+
return 0;
|
456
|
+
}
|
457
|
+
if (seed_len != P256_SEED_LEN) {
|
458
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
459
|
+
return 0;
|
460
|
+
}
|
461
|
+
uint8_t private_key[P256_PRIVATE_KEY_LEN];
|
462
|
+
if (!p256_private_key_from_seed(private_key, seed)) {
|
463
|
+
return 0;
|
464
|
+
}
|
465
|
+
p256_public_from_private(out_enc, private_key);
|
466
|
+
|
467
|
+
uint8_t dh[P256_SHARED_KEY_LEN];
|
468
|
+
if (peer_public_key_len != P256_PUBLIC_VALUE_LEN ||
|
469
|
+
!p256(dh, private_key, peer_public_key)) {
|
470
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
471
|
+
return 0;
|
472
|
+
}
|
473
|
+
|
474
|
+
uint8_t kem_context[2 * P256_PUBLIC_VALUE_LEN];
|
475
|
+
OPENSSL_memcpy(kem_context, out_enc, P256_PUBLIC_VALUE_LEN);
|
476
|
+
OPENSSL_memcpy(kem_context + P256_PUBLIC_VALUE_LEN, peer_public_key,
|
477
|
+
P256_PUBLIC_VALUE_LEN);
|
478
|
+
if (!dhkem_extract_and_expand(kem->id, EVP_sha256(), out_shared_secret,
|
479
|
+
SHA256_DIGEST_LENGTH, dh, sizeof(dh),
|
480
|
+
kem_context, sizeof(kem_context))) {
|
481
|
+
return 0;
|
482
|
+
}
|
483
|
+
|
484
|
+
*out_enc_len = P256_PUBLIC_VALUE_LEN;
|
485
|
+
*out_shared_secret_len = SHA256_DIGEST_LENGTH;
|
486
|
+
return 1;
|
487
|
+
}
|
488
|
+
|
489
|
+
static int p256_decap(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
|
490
|
+
size_t *out_shared_secret_len, const uint8_t *enc,
|
491
|
+
size_t enc_len) {
|
492
|
+
uint8_t dh[P256_SHARED_KEY_LEN];
|
493
|
+
if (enc_len != P256_PUBLIC_VALUE_LEN || //
|
494
|
+
!p256(dh, key->private_key, enc)) {
|
495
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
496
|
+
return 0;
|
497
|
+
}
|
498
|
+
|
499
|
+
uint8_t kem_context[2 * P256_PUBLIC_VALUE_LEN];
|
500
|
+
OPENSSL_memcpy(kem_context, enc, P256_PUBLIC_VALUE_LEN);
|
501
|
+
OPENSSL_memcpy(kem_context + P256_PUBLIC_VALUE_LEN, key->public_key,
|
502
|
+
P256_PUBLIC_VALUE_LEN);
|
503
|
+
if (!dhkem_extract_and_expand(key->kem->id, EVP_sha256(), out_shared_secret,
|
504
|
+
SHA256_DIGEST_LENGTH, dh, sizeof(dh),
|
505
|
+
kem_context, sizeof(kem_context))) {
|
506
|
+
return 0;
|
507
|
+
}
|
508
|
+
|
509
|
+
*out_shared_secret_len = SHA256_DIGEST_LENGTH;
|
510
|
+
return 1;
|
511
|
+
}
|
512
|
+
|
513
|
+
static int p256_auth_encap_with_seed(
|
514
|
+
const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
|
515
|
+
size_t *out_shared_secret_len, uint8_t *out_enc, size_t *out_enc_len,
|
516
|
+
size_t max_enc, const uint8_t *peer_public_key, size_t peer_public_key_len,
|
517
|
+
const uint8_t *seed, size_t seed_len) {
|
518
|
+
if (max_enc < P256_PUBLIC_VALUE_LEN) {
|
519
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
|
520
|
+
return 0;
|
521
|
+
}
|
522
|
+
if (seed_len != P256_SEED_LEN) {
|
523
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
|
524
|
+
return 0;
|
525
|
+
}
|
526
|
+
uint8_t private_key[P256_PRIVATE_KEY_LEN];
|
527
|
+
if (!p256_private_key_from_seed(private_key, seed)) {
|
528
|
+
return 0;
|
529
|
+
}
|
530
|
+
p256_public_from_private(out_enc, private_key);
|
531
|
+
|
532
|
+
uint8_t dh[2 * P256_SHARED_KEY_LEN];
|
533
|
+
if (peer_public_key_len != P256_PUBLIC_VALUE_LEN ||
|
534
|
+
!p256(dh, private_key, peer_public_key) ||
|
535
|
+
!p256(dh + P256_SHARED_KEY_LEN, key->private_key, peer_public_key)) {
|
536
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
537
|
+
return 0;
|
538
|
+
}
|
539
|
+
|
540
|
+
uint8_t kem_context[3 * P256_PUBLIC_VALUE_LEN];
|
541
|
+
OPENSSL_memcpy(kem_context, out_enc, P256_PUBLIC_VALUE_LEN);
|
542
|
+
OPENSSL_memcpy(kem_context + P256_PUBLIC_VALUE_LEN, peer_public_key,
|
543
|
+
P256_PUBLIC_VALUE_LEN);
|
544
|
+
OPENSSL_memcpy(kem_context + 2 * P256_PUBLIC_VALUE_LEN, key->public_key,
|
545
|
+
P256_PUBLIC_VALUE_LEN);
|
546
|
+
if (!dhkem_extract_and_expand(key->kem->id, EVP_sha256(), out_shared_secret,
|
547
|
+
SHA256_DIGEST_LENGTH, dh, sizeof(dh),
|
548
|
+
kem_context, sizeof(kem_context))) {
|
549
|
+
return 0;
|
550
|
+
}
|
551
|
+
|
552
|
+
*out_enc_len = P256_PUBLIC_VALUE_LEN;
|
553
|
+
*out_shared_secret_len = SHA256_DIGEST_LENGTH;
|
554
|
+
return 1;
|
555
|
+
}
|
556
|
+
|
557
|
+
static int p256_auth_decap(const EVP_HPKE_KEY *key, uint8_t *out_shared_secret,
|
558
|
+
size_t *out_shared_secret_len, const uint8_t *enc,
|
559
|
+
size_t enc_len, const uint8_t *peer_public_key,
|
560
|
+
size_t peer_public_key_len) {
|
561
|
+
uint8_t dh[2 * P256_SHARED_KEY_LEN];
|
562
|
+
if (enc_len != P256_PUBLIC_VALUE_LEN ||
|
563
|
+
peer_public_key_len != P256_PUBLIC_VALUE_LEN ||
|
564
|
+
!p256(dh, key->private_key, enc) ||
|
565
|
+
!p256(dh + P256_SHARED_KEY_LEN, key->private_key, peer_public_key)) {
|
566
|
+
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
|
567
|
+
return 0;
|
568
|
+
}
|
569
|
+
|
570
|
+
uint8_t kem_context[3 * P256_PUBLIC_VALUE_LEN];
|
571
|
+
OPENSSL_memcpy(kem_context, enc, P256_PUBLIC_VALUE_LEN);
|
572
|
+
OPENSSL_memcpy(kem_context + P256_PUBLIC_VALUE_LEN, key->public_key,
|
573
|
+
P256_PUBLIC_VALUE_LEN);
|
574
|
+
OPENSSL_memcpy(kem_context + 2 * P256_PUBLIC_VALUE_LEN, peer_public_key,
|
575
|
+
P256_PUBLIC_VALUE_LEN);
|
576
|
+
if (!dhkem_extract_and_expand(key->kem->id, EVP_sha256(), out_shared_secret,
|
577
|
+
SHA256_DIGEST_LENGTH, dh, sizeof(dh),
|
578
|
+
kem_context, sizeof(kem_context))) {
|
579
|
+
return 0;
|
580
|
+
}
|
581
|
+
|
582
|
+
*out_shared_secret_len = SHA256_DIGEST_LENGTH;
|
583
|
+
return 1;
|
584
|
+
}
|
585
|
+
|
586
|
+
const EVP_HPKE_KEM *EVP_hpke_p256_hkdf_sha256(void) {
|
587
|
+
static const EVP_HPKE_KEM kKEM = {
|
588
|
+
/*id=*/EVP_HPKE_DHKEM_P256_HKDF_SHA256,
|
589
|
+
/*public_key_len=*/P256_PUBLIC_KEY_LEN,
|
590
|
+
/*private_key_len=*/P256_PRIVATE_KEY_LEN,
|
591
|
+
/*seed_len=*/P256_SEED_LEN,
|
592
|
+
/*enc_len=*/P256_PUBLIC_VALUE_LEN,
|
593
|
+
p256_init_key,
|
594
|
+
p256_generate_key,
|
595
|
+
p256_encap_with_seed,
|
596
|
+
p256_decap,
|
597
|
+
p256_auth_encap_with_seed,
|
598
|
+
p256_auth_decap,
|
599
|
+
};
|
600
|
+
return &kKEM;
|
601
|
+
}
|
602
|
+
|
312
603
|
uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem) { return kem->id; }
|
313
604
|
|
314
605
|
size_t EVP_HPKE_KEM_public_key_len(const EVP_HPKE_KEM *kem) {
|
@@ -398,7 +689,7 @@ int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key, uint8_t *out,
|
|
398
689
|
}
|
399
690
|
|
400
691
|
int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key, uint8_t *out,
|
401
|
-
|
692
|
+
size_t *out_len, size_t max_out) {
|
402
693
|
if (max_out < key->kem->private_key_len) {
|
403
694
|
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_BUFFER_SIZE);
|
404
695
|
return 0;
|
@@ -217,7 +217,9 @@ typedef __uint128_t uint128_t;
|
|
217
217
|
// __uint128_t division depends on intrinsics in the compiler runtime. Those
|
218
218
|
// intrinsics are missing in clang-cl (https://crbug.com/787617) and nanolibc.
|
219
219
|
// These may be bugs in the toolchain definition, but just disable it for now.
|
220
|
-
|
220
|
+
// EDK2's toolchain is missing __udivti3 (b/339380897) so cannot support
|
221
|
+
// 128-bit division currently.
|
222
|
+
#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) && !defined(__EDK2_BORINGSSL__)
|
221
223
|
#define BORINGSSL_CAN_DIVIDE_UINT128
|
222
224
|
#endif
|
223
225
|
#endif
|
@@ -272,9 +274,9 @@ typedef __uint128_t uint128_t;
|
|
272
274
|
#endif
|
273
275
|
|
274
276
|
#if defined(__GNUC__) || defined(__clang__)
|
275
|
-
#define
|
277
|
+
#define OPENSSL_ATTR_CONST __attribute__((const))
|
276
278
|
#else
|
277
|
-
#define
|
279
|
+
#define OPENSSL_ATTR_CONST
|
278
280
|
#endif
|
279
281
|
|
280
282
|
#if defined(BORINGSSL_MALLOC_FAILURE_TESTING)
|
@@ -567,11 +569,22 @@ static inline void constant_time_conditional_memcpy(void *dst, const void *src,
|
|
567
569
|
// |mask| is 0xff..ff and does nothing if |mask| is 0. The |n|-byte memory
|
568
570
|
// ranges at |dst| and |src| must not overlap, as when calling |memcpy|.
|
569
571
|
static inline void constant_time_conditional_memxor(void *dst, const void *src,
|
570
|
-
|
572
|
+
size_t n,
|
571
573
|
const crypto_word_t mask) {
|
572
574
|
assert(!buffers_alias(dst, n, src, n));
|
573
575
|
uint8_t *out = (uint8_t *)dst;
|
574
576
|
const uint8_t *in = (const uint8_t *)src;
|
577
|
+
#if defined(__GNUC__) && !defined(__clang__)
|
578
|
+
// gcc 13.2.0 doesn't automatically vectorize this loop regardless of barrier
|
579
|
+
typedef uint8_t v32u8 __attribute__((vector_size(32), aligned(1), may_alias));
|
580
|
+
size_t n_vec = n&~(size_t)31;
|
581
|
+
v32u8 masks = ((uint8_t)mask-(v32u8){}); // broadcast
|
582
|
+
for (size_t i = 0; i < n_vec; i += 32) {
|
583
|
+
*(v32u8*)&out[i] ^= masks & *(v32u8*)&in[i];
|
584
|
+
}
|
585
|
+
out += n_vec;
|
586
|
+
n -= n_vec;
|
587
|
+
#endif
|
575
588
|
for (size_t i = 0; i < n; i++) {
|
576
589
|
out[i] ^= value_barrier_w(mask) & in[i];
|
577
590
|
}
|
@@ -1377,21 +1390,23 @@ OPENSSL_INLINE int boringssl_fips_break_test(const char *test) {
|
|
1377
1390
|
// ECX for CPUID where EAX = 1
|
1378
1391
|
// Bit 11 is used to indicate AMD XOP support, not SDBG
|
1379
1392
|
// Index 2:
|
1380
|
-
// EBX for CPUID where EAX = 7
|
1393
|
+
// EBX for CPUID where EAX = 7, ECX = 0
|
1394
|
+
// Bit 14 (for removed feature MPX) is used to indicate a preference for ymm
|
1395
|
+
// registers over zmm even when zmm registers are supported
|
1381
1396
|
// Index 3:
|
1382
|
-
// ECX for CPUID where EAX = 7
|
1397
|
+
// ECX for CPUID where EAX = 7, ECX = 0
|
1383
1398
|
//
|
1384
|
-
// Note: the CPUID bits are pre-adjusted for the OSXSAVE bit and the YMM
|
1385
|
-
// bits in XCR0, so it is not necessary to check those. (WARNING: See
|
1386
|
-
// in cpu_intel.c.)
|
1399
|
+
// Note: the CPUID bits are pre-adjusted for the OSXSAVE bit and the XMM, YMM,
|
1400
|
+
// and AVX512 bits in XCR0, so it is not necessary to check those. (WARNING: See
|
1401
|
+
// caveats in cpu_intel.c.)
|
1387
1402
|
//
|
1388
1403
|
// From C, this symbol should only be accessed with |OPENSSL_get_ia32cap|.
|
1389
1404
|
extern uint32_t OPENSSL_ia32cap_P[4];
|
1390
1405
|
|
1391
1406
|
// OPENSSL_get_ia32cap initializes the library if needed and returns the |idx|th
|
1392
|
-
// entry of |OPENSSL_ia32cap_P|. It is marked as a
|
1407
|
+
// entry of |OPENSSL_ia32cap_P|. It is marked as a const function so duplicate
|
1393
1408
|
// calls can be merged by the compiler, at least when indices match.
|
1394
|
-
|
1409
|
+
OPENSSL_ATTR_CONST uint32_t OPENSSL_get_ia32cap(int idx);
|
1395
1410
|
|
1396
1411
|
// See Intel manual, volume 2A, table 3-11.
|
1397
1412
|
|
@@ -1551,6 +1566,46 @@ OPENSSL_INLINE int CRYPTO_cpu_perf_is_like_silvermont(void) {
|
|
1551
1566
|
return !hardware_supports_xsave && CRYPTO_is_MOVBE_capable();
|
1552
1567
|
}
|
1553
1568
|
|
1569
|
+
OPENSSL_INLINE int CRYPTO_is_AVX512BW_capable(void) {
|
1570
|
+
#if defined(__AVX512BW__)
|
1571
|
+
return 1;
|
1572
|
+
#else
|
1573
|
+
return (OPENSSL_get_ia32cap(2) & (1u << 30)) != 0;
|
1574
|
+
#endif
|
1575
|
+
}
|
1576
|
+
|
1577
|
+
OPENSSL_INLINE int CRYPTO_is_AVX512VL_capable(void) {
|
1578
|
+
#if defined(__AVX512VL__)
|
1579
|
+
return 1;
|
1580
|
+
#else
|
1581
|
+
return (OPENSSL_get_ia32cap(2) & (1u << 31)) != 0;
|
1582
|
+
#endif
|
1583
|
+
}
|
1584
|
+
|
1585
|
+
// CRYPTO_cpu_avoid_zmm_registers returns 1 if zmm registers (512-bit vectors)
|
1586
|
+
// should not be used even if the CPU supports them.
|
1587
|
+
//
|
1588
|
+
// Note that this reuses the bit for the removed MPX feature.
|
1589
|
+
OPENSSL_INLINE int CRYPTO_cpu_avoid_zmm_registers(void) {
|
1590
|
+
return (OPENSSL_get_ia32cap(2) & (1u << 14)) != 0;
|
1591
|
+
}
|
1592
|
+
|
1593
|
+
OPENSSL_INLINE int CRYPTO_is_VAES_capable(void) {
|
1594
|
+
#if defined(__VAES__)
|
1595
|
+
return 1;
|
1596
|
+
#else
|
1597
|
+
return (OPENSSL_get_ia32cap(3) & (1u << 9)) != 0;
|
1598
|
+
#endif
|
1599
|
+
}
|
1600
|
+
|
1601
|
+
OPENSSL_INLINE int CRYPTO_is_VPCLMULQDQ_capable(void) {
|
1602
|
+
#if defined(__VPCLMULQDQ__)
|
1603
|
+
return 1;
|
1604
|
+
#else
|
1605
|
+
return (OPENSSL_get_ia32cap(3) & (1u << 10)) != 0;
|
1606
|
+
#endif
|
1607
|
+
}
|
1608
|
+
|
1554
1609
|
#endif // OPENSSL_X86 || OPENSSL_X86_64
|
1555
1610
|
|
1556
1611
|
#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
|
@@ -1560,9 +1615,9 @@ OPENSSL_INLINE int CRYPTO_cpu_perf_is_like_silvermont(void) {
|
|
1560
1615
|
extern uint32_t OPENSSL_armcap_P;
|
1561
1616
|
|
1562
1617
|
// OPENSSL_get_armcap initializes the library if needed and returns ARM CPU
|
1563
|
-
// capabilities. It is marked as a
|
1564
|
-
// merged by the compiler
|
1565
|
-
|
1618
|
+
// capabilities. It is marked as a const function so duplicate calls can be
|
1619
|
+
// merged by the compiler.
|
1620
|
+
OPENSSL_ATTR_CONST uint32_t OPENSSL_get_armcap(void);
|
1566
1621
|
|
1567
1622
|
// We do not detect any features at runtime on several 32-bit Arm platforms.
|
1568
1623
|
// Apple platforms and OpenBSD require NEON and moved to 64-bit to pick up Armv8
|
@@ -94,7 +94,11 @@ static void __asan_unpoison_memory_region(const void *addr, size_t size) {}
|
|
94
94
|
// Windows doesn't really support weak symbols as of May 2019, and Clang on
|
95
95
|
// Windows will emit strong symbols instead. See
|
96
96
|
// https://bugs.llvm.org/show_bug.cgi?id=37598
|
97
|
-
|
97
|
+
//
|
98
|
+
// EDK2 targets UEFI but builds as ELF and then translates the binary to
|
99
|
+
// COFF(!). Thus it builds with __ELF__ defined but cannot actually cope with
|
100
|
+
// weak symbols.
|
101
|
+
#if !defined(__EDK2_BORINGSSL__) && defined(__ELF__) && defined(__GNUC__)
|
98
102
|
#define WEAK_SYMBOL_FUNC(rettype, name, args) \
|
99
103
|
rettype name args __attribute__((weak));
|
100
104
|
#else
|
@@ -242,7 +246,7 @@ void *OPENSSL_malloc(size_t size) {
|
|
242
246
|
__asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
243
247
|
return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX;
|
244
248
|
|
245
|
-
|
249
|
+
err:
|
246
250
|
// This only works because ERR does not call OPENSSL_malloc.
|
247
251
|
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
|
248
252
|
return NULL;
|
@@ -523,7 +527,7 @@ int OPENSSL_vasprintf_internal(char **str, const char *format, va_list args,
|
|
523
527
|
*str = candidate;
|
524
528
|
return ret;
|
525
529
|
|
526
|
-
|
530
|
+
err:
|
527
531
|
deallocate(candidate);
|
528
532
|
*str = NULL;
|
529
533
|
errno = ENOMEM;
|
@@ -0,0 +1,73 @@
|
|
1
|
+
/* Copyright (c) 2024, Google LLC
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_MLDSA_INTERNAL_H
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_MLDSA_INTERNAL_H
|
17
|
+
|
18
|
+
#include <openssl/base.h>
|
19
|
+
#include <openssl/mldsa.h>
|
20
|
+
|
21
|
+
#if defined(__cplusplus)
|
22
|
+
extern "C" {
|
23
|
+
#endif
|
24
|
+
|
25
|
+
|
26
|
+
// MLDSA_SIGNATURE_RANDOMIZER_BYTES is the number of bytes of uniformly
|
27
|
+
// random entropy necessary to generate a signature in randomized mode.
|
28
|
+
#define MLDSA_SIGNATURE_RANDOMIZER_BYTES 32
|
29
|
+
|
30
|
+
// MLDSA65_generate_key_external_entropy generates a public/private key pair
|
31
|
+
// using the given seed, writes the encoded public key to
|
32
|
+
// |out_encoded_public_key| and sets |out_private_key| to the private key.
|
33
|
+
// It returns 1 on success and 0 on failure.
|
34
|
+
OPENSSL_EXPORT int MLDSA65_generate_key_external_entropy(
|
35
|
+
uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
|
36
|
+
struct MLDSA65_private_key *out_private_key,
|
37
|
+
const uint8_t entropy[MLDSA_SEED_BYTES]);
|
38
|
+
|
39
|
+
// MLDSA65_sign_internal signs |msg| using |private_key| and writes the
|
40
|
+
// signature to |out_encoded_signature|. The |context_prefix| and |context| are
|
41
|
+
// prefixed to the message, in that order, before signing. The |randomizer|
|
42
|
+
// value can be set to zero bytes in order to make a deterministic signature, or
|
43
|
+
// else filled with entropy for the usual |MLDSA_sign| behavior. It returns 1 on
|
44
|
+
// success and 0 on error.
|
45
|
+
OPENSSL_EXPORT int MLDSA65_sign_internal(
|
46
|
+
uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
|
47
|
+
const struct MLDSA65_private_key *private_key, const uint8_t *msg,
|
48
|
+
size_t msg_len, const uint8_t *context_prefix, size_t context_prefix_len,
|
49
|
+
const uint8_t *context, size_t context_len,
|
50
|
+
const uint8_t randomizer[MLDSA_SIGNATURE_RANDOMIZER_BYTES]);
|
51
|
+
|
52
|
+
// MLDSA65_verify_internal verifies that |encoded_signature| is a valid
|
53
|
+
// signature of |msg| by |public_key|. The |context_prefix| and |context| are
|
54
|
+
// prefixed to the message before verification, in that order. It returns 1 on
|
55
|
+
// success and 0 on error.
|
56
|
+
OPENSSL_EXPORT int MLDSA65_verify_internal(
|
57
|
+
const struct MLDSA65_public_key *public_key,
|
58
|
+
const uint8_t encoded_signature[MLDSA65_SIGNATURE_BYTES],
|
59
|
+
const uint8_t *msg, size_t msg_len, const uint8_t *context_prefix,
|
60
|
+
size_t context_prefix_len, const uint8_t *context, size_t context_len);
|
61
|
+
|
62
|
+
// MLDSA65_marshal_private_key serializes |private_key| to |out| in the
|
63
|
+
// NIST format for ML-DSA-65 private keys. It returns 1 on success or 0
|
64
|
+
// on allocation error.
|
65
|
+
OPENSSL_EXPORT int MLDSA65_marshal_private_key(
|
66
|
+
CBB *out, const struct MLDSA65_private_key *private_key);
|
67
|
+
|
68
|
+
|
69
|
+
#if defined(__cplusplus)
|
70
|
+
} // extern C
|
71
|
+
#endif
|
72
|
+
|
73
|
+
#endif // OPENSSL_HEADER_CRYPTO_MLDSA_INTERNAL_H
|