grpc 1.66.0.pre5 → 1.67.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +19 -10
- data/include/grpc/credentials.h +1 -1
- data/include/grpc/event_engine/README.md +1 -1
- data/include/grpc/event_engine/internal/slice_cast.h +1 -1
- data/include/grpc/event_engine/slice.h +0 -1
- data/include/grpc/event_engine/slice_buffer.h +0 -1
- data/include/grpc/grpc_crl_provider.h +1 -1
- data/include/grpc/impl/channel_arg_names.h +1 -1
- data/include/grpc/support/log.h +34 -32
- data/include/grpc/support/sync_generic.h +2 -4
- data/src/core/channelz/channelz.cc +0 -1
- data/src/core/channelz/channelz_registry.cc +0 -1
- data/src/core/client_channel/client_channel.cc +10 -7
- data/src/core/client_channel/client_channel.h +1 -1
- data/src/core/client_channel/client_channel_filter.cc +21 -18
- data/src/core/client_channel/client_channel_filter.h +1 -1
- data/src/core/client_channel/client_channel_internal.h +0 -2
- data/src/core/client_channel/config_selector.h +0 -1
- data/src/core/client_channel/dynamic_filters.cc +0 -2
- data/src/core/client_channel/local_subchannel_pool.cc +0 -2
- data/src/core/client_channel/retry_filter.h +0 -1
- data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
- data/src/core/client_channel/subchannel.cc +21 -27
- data/src/core/client_channel/subchannel_stream_client.cc +1 -1
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
- data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
- data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
- data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
- data/src/core/handshaker/handshaker.cc +21 -29
- data/src/core/handshaker/security/secure_endpoint.cc +3 -3
- data/src/core/handshaker/security/security_handshaker.cc +60 -72
- data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
- data/src/core/lib/backoff/backoff.cc +7 -10
- data/src/core/lib/backoff/backoff.h +4 -6
- data/src/core/lib/channel/channel_stack.cc +0 -1
- data/src/core/lib/channel/channel_stack.h +0 -1
- data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
- data/src/core/lib/channel/connected_channel.cc +0 -1
- data/src/core/lib/channel/promise_based_filter.cc +146 -194
- data/src/core/lib/channel/promise_based_filter.h +1 -1
- data/src/core/lib/compression/compression_internal.cc +0 -1
- data/src/core/lib/config/config_vars.cc +11 -1
- data/src/core/lib/config/config_vars.h +8 -0
- data/src/core/lib/config/core_configuration.cc +0 -1
- data/src/core/lib/config/core_configuration.h +0 -1
- data/src/core/lib/debug/event_log.cc +0 -1
- data/src/core/lib/debug/trace_flags.cc +4 -18
- data/src/core/lib/debug/trace_flags.h +2 -5
- data/src/core/lib/debug/trace_impl.h +6 -0
- data/src/core/lib/event_engine/ares_resolver.cc +89 -56
- data/src/core/lib/event_engine/ares_resolver.h +0 -9
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
- data/src/core/lib/event_engine/forkable.cc +0 -1
- data/src/core/lib/event_engine/forkable.h +0 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
- data/src/core/lib/event_engine/resolved_address.cc +0 -1
- data/src/core/lib/event_engine/slice.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
- data/src/core/lib/experiments/config.cc +12 -10
- data/src/core/lib/experiments/experiments.cc +45 -66
- data/src/core/lib/experiments/experiments.h +22 -27
- data/src/core/lib/gprpp/chunked_vector.h +0 -1
- data/src/core/lib/gprpp/down_cast.h +0 -1
- data/src/core/lib/gprpp/host_port.cc +0 -1
- data/src/core/lib/gprpp/load_file.cc +0 -1
- data/src/core/lib/gprpp/mpscq.h +0 -1
- data/src/core/lib/gprpp/single_set_ptr.h +0 -1
- data/src/core/lib/gprpp/status_helper.cc +0 -1
- data/src/core/lib/gprpp/sync.h +0 -1
- data/src/core/lib/gprpp/table.h +28 -0
- data/src/core/lib/gprpp/thd.h +0 -1
- data/src/core/lib/gprpp/time.h +0 -1
- data/src/core/lib/gprpp/time_util.cc +0 -1
- data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
- data/src/core/lib/gprpp/windows/thd.cc +0 -1
- data/src/core/lib/gprpp/work_serializer.cc +23 -34
- data/src/core/lib/iomgr/buffer_list.cc +0 -1
- data/src/core/lib/iomgr/call_combiner.h +6 -8
- data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
- data/src/core/lib/iomgr/closure.h +5 -8
- data/src/core/lib/iomgr/combiner.cc +6 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +13 -18
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
- data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
- data/src/core/lib/iomgr/ev_posix.cc +55 -44
- data/src/core/lib/iomgr/ev_posix.h +0 -5
- data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.cc +6 -9
- data/src/core/lib/iomgr/exec_ctx.h +26 -16
- data/src/core/lib/iomgr/executor.cc +43 -33
- data/src/core/lib/iomgr/fork_windows.cc +0 -1
- data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
- data/src/core/lib/iomgr/iocp_windows.cc +0 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
- data/src/core/lib/iomgr/lockfree_event.cc +7 -11
- data/src/core/lib/iomgr/polling_entity.cc +10 -3
- data/src/core/lib/iomgr/pollset_windows.cc +0 -2
- data/src/core/lib/iomgr/resolve_address.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_mutator.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
- data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
- data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
- data/src/core/lib/iomgr/tcp_posix.cc +32 -68
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
- data/src/core/lib/iomgr/tcp_windows.cc +4 -12
- data/src/core/lib/iomgr/timer_generic.cc +46 -65
- data/src/core/lib/iomgr/timer_manager.cc +4 -5
- data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
- data/src/core/lib/iomgr/vsock.cc +0 -1
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
- data/src/core/lib/promise/activity.h +0 -1
- data/src/core/lib/promise/context.h +0 -1
- data/src/core/lib/promise/detail/join_state.h +44 -44
- data/src/core/lib/promise/detail/seq_state.h +1101 -1356
- data/src/core/lib/promise/for_each.h +8 -15
- data/src/core/lib/promise/interceptor_list.h +17 -27
- data/src/core/lib/promise/latch.h +16 -24
- data/src/core/lib/promise/map.h +1 -1
- data/src/core/lib/promise/party.cc +238 -114
- data/src/core/lib/promise/party.h +105 -308
- data/src/core/lib/promise/pipe.h +3 -4
- data/src/core/lib/promise/poll.h +0 -1
- data/src/core/lib/promise/status_flag.h +0 -1
- data/src/core/lib/resource_quota/connection_quota.cc +0 -1
- data/src/core/lib/resource_quota/memory_quota.cc +11 -19
- data/src/core/lib/resource_quota/memory_quota.h +2 -4
- data/src/core/lib/resource_quota/periodic_update.cc +2 -3
- data/src/core/lib/resource_quota/thread_quota.cc +0 -1
- data/src/core/lib/security/authorization/audit_logging.cc +0 -1
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
- data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
- data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.h +1 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
- data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
- data/src/core/lib/slice/percent_encoding.cc +0 -1
- data/src/core/lib/slice/slice.cc +0 -1
- data/src/core/lib/slice/slice.h +0 -1
- data/src/core/lib/slice/slice_buffer.cc +0 -1
- data/src/core/lib/slice/slice_internal.h +0 -1
- data/src/core/lib/slice/slice_refcount.h +6 -8
- data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
- data/src/core/lib/surface/call.cc +3 -5
- data/src/core/lib/surface/call_utils.h +0 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel_create.cc +0 -1
- data/src/core/lib/surface/channel_init.h +0 -1
- data/src/core/lib/surface/client_call.cc +0 -1
- data/src/core/lib/surface/client_call.h +0 -1
- data/src/core/lib/surface/completion_queue.cc +28 -4
- data/src/core/lib/surface/completion_queue_factory.cc +0 -1
- data/src/core/lib/surface/filter_stack_call.cc +9 -9
- data/src/core/lib/surface/filter_stack_call.h +0 -1
- data/src/core/lib/surface/lame_client.cc +0 -1
- data/src/core/lib/surface/server_call.cc +0 -1
- data/src/core/lib/surface/server_call.h +0 -1
- data/src/core/lib/surface/validate_metadata.h +0 -1
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +9 -12
- data/src/core/lib/transport/bdp_estimator.h +6 -8
- data/src/core/lib/transport/call_arena_allocator.cc +2 -16
- data/src/core/lib/transport/call_arena_allocator.h +20 -5
- data/src/core/lib/transport/call_filters.cc +6 -9
- data/src/core/lib/transport/call_spine.h +24 -13
- data/src/core/lib/transport/connectivity_state.cc +34 -42
- data/src/core/lib/transport/metadata_batch.h +41 -1
- data/src/core/lib/transport/timeout_encoding.cc +0 -1
- data/src/core/lib/transport/transport.h +6 -8
- data/src/core/lib/transport/transport_op_string.cc +0 -1
- data/src/core/lib/uri/uri_parser.cc +0 -1
- data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
- data/src/core/load_balancing/health_check_client.cc +31 -42
- data/src/core/load_balancing/oob_backend_metric.cc +2 -4
- data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
- data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
- data/src/core/load_balancing/priority/priority.cc +77 -106
- data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
- data/src/core/load_balancing/rls/rls.cc +142 -187
- data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
- data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
- data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
- data/src/core/load_balancing/xds/cds.cc +26 -43
- data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
- data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
- data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
- data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
- data/src/core/resolver/binder/binder_resolver.cc +0 -2
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
- data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
- data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
- data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
- data/src/core/resolver/endpoint_addresses.cc +0 -1
- data/src/core/resolver/fake/fake_resolver.cc +0 -1
- data/src/core/resolver/polling_resolver.cc +6 -15
- data/src/core/resolver/polling_resolver.h +1 -1
- data/src/core/resolver/xds/xds_config.cc +96 -0
- data/src/core/resolver/xds/xds_config.h +109 -0
- data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
- data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
- data/src/core/resolver/xds/xds_resolver.cc +51 -55
- data/src/core/server/server.cc +2 -2
- data/src/core/server/server_config_selector_filter.cc +0 -1
- data/src/core/server/xds_server_config_fetcher.cc +4 -6
- data/src/core/service_config/service_config_call_data.h +2 -3
- data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
- data/src/core/service_config/service_config_impl.h +0 -1
- data/src/core/telemetry/call_tracer.cc +0 -1
- data/src/core/telemetry/metrics.h +0 -1
- data/src/core/telemetry/stats_data.cc +67 -0
- data/src/core/telemetry/stats_data.h +48 -0
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
- data/src/core/tsi/fake_transport_security.cc +6 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
- data/src/core/util/alloc.cc +0 -1
- data/src/core/util/gcp_metadata_query.cc +0 -1
- data/src/core/util/http_client/httpcli.cc +12 -15
- data/src/core/util/http_client/httpcli.h +16 -11
- data/src/core/util/http_client/parser.cc +3 -4
- data/src/core/util/json/json_reader.cc +0 -1
- data/src/core/util/latent_see.cc +29 -9
- data/src/core/util/latent_see.h +122 -27
- data/src/core/util/log.cc +36 -55
- data/src/core/util/lru_cache.h +104 -0
- data/src/core/util/msys/tmpfile.cc +0 -1
- data/src/core/util/posix/sync.cc +0 -1
- data/src/core/util/posix/time.cc +0 -1
- data/src/core/util/ring_buffer.h +123 -0
- data/src/core/util/spinlock.h +1 -2
- data/src/core/util/string.cc +7 -7
- data/src/core/util/sync.cc +0 -1
- data/src/core/util/sync_abseil.cc +0 -1
- data/src/core/util/time.cc +0 -1
- data/src/core/util/unique_ptr_with_bitset.h +86 -0
- data/src/core/util/useful.h +0 -24
- data/src/core/util/windows/cpu.cc +0 -1
- data/src/core/util/windows/sync.cc +0 -1
- data/src/core/util/windows/time.cc +0 -1
- data/src/core/util/windows/tmpfile.cc +0 -1
- data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
- data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
- data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
- data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
- data/src/core/xds/grpc/xds_cluster.cc +2 -8
- data/src/core/xds/grpc/xds_cluster.h +4 -4
- data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
- data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
- data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
- data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
- data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
- data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
- data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_filter.h +11 -1
- data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
- data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
- data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
- data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
- data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
- data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
- data/src/core/xds/grpc/xds_metadata.cc +62 -0
- data/src/core/xds/grpc/xds_metadata.h +127 -0
- data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
- data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
- data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
- data/src/core/xds/grpc/xds_routing.cc +57 -22
- data/src/core/xds/grpc/xds_routing.h +10 -2
- data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
- data/src/core/xds/xds_client/xds_client.cc +124 -165
- data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
- data/src/ruby/ext/grpc/rb_channel.c +22 -16
- data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc.c +9 -8
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
- data/src/ruby/ext/grpc/rb_server.c +10 -8
- data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/call_spec.rb +53 -40
- data/src/ruby/spec/channel_spec.rb +4 -2
- data/src/ruby/spec/client_server_spec.rb +148 -507
- data/src/ruby/spec/generic/active_call_spec.rb +64 -86
- data/src/ruby/spec/support/services.rb +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
- metadata +113 -87
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
- data/src/core/util/android/log.cc +0 -48
- data/src/core/util/linux/log.cc +0 -69
- data/src/core/util/posix/log.cc +0 -69
- data/src/core/util/windows/log.cc +0 -73
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
@@ -14,7 +14,9 @@
|
|
14
14
|
|
15
15
|
#include <openssl/rand.h>
|
16
16
|
|
17
|
-
#include "../
|
17
|
+
#include "../bcm_support.h"
|
18
|
+
#include "../internal.h"
|
19
|
+
#include "sysrand_internal.h"
|
18
20
|
|
19
21
|
#if defined(OPENSSL_RAND_WINDOWS)
|
20
22
|
|
@@ -88,6 +90,11 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
|
88
90
|
|
89
91
|
#endif // WINAPI_PARTITION_APP && !WINAPI_PARTITION_DESKTOP
|
90
92
|
|
93
|
+
int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
|
94
|
+
CRYPTO_sysrand(buf, len);
|
95
|
+
return 1;
|
96
|
+
}
|
97
|
+
|
91
98
|
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
92
99
|
CRYPTO_sysrand(out, requested);
|
93
100
|
}
|
@@ -468,7 +468,8 @@ DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
|
|
468
468
|
|
469
469
|
// An asn1_string_st (aka |ASN1_STRING|) represents a value of a string-like
|
470
470
|
// ASN.1 type. It contains a |type| field, and a byte string |data| field with a
|
471
|
-
// type-specific representation.
|
471
|
+
// type-specific representation. This type-specific representation does not
|
472
|
+
// always correspond to the DER encoding of the type.
|
472
473
|
//
|
473
474
|
// If |type| is one of |V_ASN1_OCTET_STRING|, |V_ASN1_UTF8STRING|,
|
474
475
|
// |V_ASN1_NUMERICSTRING|, |V_ASN1_PRINTABLESTRING|, |V_ASN1_T61STRING|,
|
@@ -568,6 +569,10 @@ OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *str);
|
|
568
569
|
// ASN1_STRING_get0_data returns a pointer to |str|'s contents. Callers should
|
569
570
|
// use |ASN1_STRING_length| to determine the length of the string. The string
|
570
571
|
// may have embedded NUL bytes and may not be NUL-terminated.
|
572
|
+
//
|
573
|
+
// The contents of an |ASN1_STRING| encode the value in some type-specific
|
574
|
+
// representation that does not always correspond to the DER encoding of the
|
575
|
+
// type. See the documentation for |ASN1_STRING| for details.
|
571
576
|
OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(
|
572
577
|
const ASN1_STRING *str);
|
573
578
|
|
@@ -575,10 +580,18 @@ OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data(
|
|
575
580
|
// should use |ASN1_STRING_length| to determine the length of the string. The
|
576
581
|
// string may have embedded NUL bytes and may not be NUL-terminated.
|
577
582
|
//
|
583
|
+
// The contents of an |ASN1_STRING| encode the value in some type-specific
|
584
|
+
// representation that does not always correspond to the DER encoding of the
|
585
|
+
// type. See the documentation for |ASN1_STRING| for details.
|
586
|
+
//
|
578
587
|
// Prefer |ASN1_STRING_get0_data|.
|
579
588
|
OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str);
|
580
589
|
|
581
590
|
// ASN1_STRING_length returns the length of |str|, in bytes.
|
591
|
+
//
|
592
|
+
// The contents of an |ASN1_STRING| encode the value in some type-specific
|
593
|
+
// representation that does not always correspond to the DER encoding of the
|
594
|
+
// type. See the documentation for |ASN1_STRING| for details.
|
582
595
|
OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str);
|
583
596
|
|
584
597
|
// ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an
|
@@ -387,9 +387,9 @@ OPENSSL_EXPORT void BN_CTX_end(BN_CTX *ctx);
|
|
387
387
|
// or |b|. It returns one on success and zero on allocation failure.
|
388
388
|
OPENSSL_EXPORT int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
389
389
|
|
390
|
-
// BN_uadd sets |r| = |a| + |b|,
|
391
|
-
// be the same pointer as either |a| or |b|. It returns one on
|
392
|
-
// on allocation failure.
|
390
|
+
// BN_uadd sets |r| = |a| + |b|, considering only the absolute values of |a| and
|
391
|
+
// |b|. |r| may be the same pointer as either |a| or |b|. It returns one on
|
392
|
+
// success and zero on allocation failure.
|
393
393
|
OPENSSL_EXPORT int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
394
394
|
|
395
395
|
// BN_add_word adds |w| to |a|. It returns one on success and zero otherwise.
|
@@ -399,9 +399,9 @@ OPENSSL_EXPORT int BN_add_word(BIGNUM *a, BN_ULONG w);
|
|
399
399
|
// or |b|. It returns one on success and zero on allocation failure.
|
400
400
|
OPENSSL_EXPORT int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
401
401
|
|
402
|
-
// BN_usub sets |r| = |a| - |b|,
|
403
|
-
// |b
|
404
|
-
// one on success and zero on
|
402
|
+
// BN_usub sets |r| = |a| - |b|, considering only the absolute values of |a| and
|
403
|
+
// |b|. The result must be non-negative, i.e. |b| <= |a|. |r| may be the same
|
404
|
+
// pointer as either |a| or |b|. It returns one on success and zero on error.
|
405
405
|
OPENSSL_EXPORT int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
|
406
406
|
|
407
407
|
// BN_sub_word subtracts |w| from |a|. It returns one on success and zero on
|
@@ -424,9 +424,14 @@ OPENSSL_EXPORT int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
|
|
424
424
|
|
425
425
|
// BN_div divides |numerator| by |divisor| and places the result in |quotient|
|
426
426
|
// and the remainder in |rem|. Either of |quotient| or |rem| may be NULL, in
|
427
|
-
// which case the respective value is not returned.
|
428
|
-
//
|
429
|
-
//
|
427
|
+
// which case the respective value is not returned. It returns one on success or
|
428
|
+
// zero on error. It is an error condition if |divisor| is zero.
|
429
|
+
//
|
430
|
+
// The outputs will be such that |quotient| * |divisor| + |rem| = |numerator|,
|
431
|
+
// with the quotient rounded towards zero. Thus, if |numerator| is negative,
|
432
|
+
// |rem| will be zero or negative. If |divisor| is negative, the sign of
|
433
|
+
// |quotient| will be flipped to compensate but otherwise rounding will be as if
|
434
|
+
// |divisor| were its absolute value.
|
430
435
|
OPENSSL_EXPORT int BN_div(BIGNUM *quotient, BIGNUM *rem,
|
431
436
|
const BIGNUM *numerator, const BIGNUM *divisor,
|
432
437
|
BN_CTX *ctx);
|
@@ -23,16 +23,14 @@ extern "C" {
|
|
23
23
|
|
24
24
|
|
25
25
|
#if defined(OPENSSL_UNSTABLE_EXPERIMENTAL_DILITHIUM)
|
26
|
-
//
|
27
|
-
//
|
28
|
-
// and
|
29
|
-
//
|
30
|
-
//
|
31
|
-
// OPENSSL_UNSTABLE_EXPERIMENTAL_DILITHIUM.
|
26
|
+
// The ML-DSA spec has now been standardized and ML-DSA is available in
|
27
|
+
// BoringSSL. This code should no longer be used. It was intended for
|
28
|
+
// short-lived experiments and must not have been deployed anywhere durable. If
|
29
|
+
// you were using this you need to use the <openssl/mldsa.h> instead. This
|
30
|
+
// header and code will be removed from BoringSSL soon.
|
32
31
|
|
33
32
|
// Dilithium3.
|
34
33
|
|
35
|
-
|
36
34
|
// DILITHIUM_private_key contains a Dilithium3 private key. The contents of this
|
37
35
|
// object should never leave the address space since the format is unstable.
|
38
36
|
struct DILITHIUM_private_key {
|
@@ -66,13 +64,13 @@ struct DILITHIUM_public_key {
|
|
66
64
|
// DILITHIUM_generate_key generates a random public/private key pair, writes the
|
67
65
|
// encoded public key to |out_encoded_public_key| and sets |out_private_key| to
|
68
66
|
// the private key. Returns 1 on success and 0 on failure.
|
69
|
-
OPENSSL_EXPORT int DILITHIUM_generate_key(
|
67
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_generate_key(
|
70
68
|
uint8_t out_encoded_public_key[DILITHIUM_PUBLIC_KEY_BYTES],
|
71
69
|
struct DILITHIUM_private_key *out_private_key);
|
72
70
|
|
73
71
|
// DILITHIUM_public_from_private sets |*out_public_key| to the public key that
|
74
72
|
// corresponds to |private_key|. Returns 1 on success and 0 on failure.
|
75
|
-
OPENSSL_EXPORT int DILITHIUM_public_from_private(
|
73
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_public_from_private(
|
76
74
|
struct DILITHIUM_public_key *out_public_key,
|
77
75
|
const struct DILITHIUM_private_key *private_key);
|
78
76
|
|
@@ -80,14 +78,14 @@ OPENSSL_EXPORT int DILITHIUM_public_from_private(
|
|
80
78
|
// |msg_len| using |private_key| following the randomized algorithm, and writes
|
81
79
|
// the encoded signature to |out_encoded_signature|. Returns 1 on success and 0
|
82
80
|
// on failure.
|
83
|
-
OPENSSL_EXPORT int DILITHIUM_sign(
|
81
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_sign(
|
84
82
|
uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES],
|
85
83
|
const struct DILITHIUM_private_key *private_key, const uint8_t *msg,
|
86
84
|
size_t msg_len);
|
87
85
|
|
88
86
|
// DILITHIUM_verify verifies that |encoded_signature| constitutes a valid
|
89
87
|
// signature for the message |msg| of length |msg_len| using |public_key|.
|
90
|
-
OPENSSL_EXPORT int DILITHIUM_verify(
|
88
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_verify(
|
91
89
|
const struct DILITHIUM_public_key *public_key,
|
92
90
|
const uint8_t encoded_signature[DILITHIUM_SIGNATURE_BYTES],
|
93
91
|
const uint8_t *msg, size_t msg_len);
|
@@ -98,27 +96,27 @@ OPENSSL_EXPORT int DILITHIUM_verify(
|
|
98
96
|
// DILITHIUM_marshal_public_key serializes |public_key| to |out| in the standard
|
99
97
|
// format for Dilithium public keys. It returns one on success or zero on
|
100
98
|
// allocation error.
|
101
|
-
OPENSSL_EXPORT int DILITHIUM_marshal_public_key(
|
99
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_marshal_public_key(
|
102
100
|
CBB *out, const struct DILITHIUM_public_key *public_key);
|
103
101
|
|
104
102
|
// DILITHIUM_parse_public_key parses a public key, in the format generated by
|
105
103
|
// |DILITHIUM_marshal_public_key|, from |in| and writes the result to
|
106
104
|
// |out_public_key|. It returns one on success or zero on parse error or if
|
107
105
|
// there are trailing bytes in |in|.
|
108
|
-
OPENSSL_EXPORT int DILITHIUM_parse_public_key(
|
106
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_parse_public_key(
|
109
107
|
struct DILITHIUM_public_key *public_key, CBS *in);
|
110
108
|
|
111
109
|
// DILITHIUM_marshal_private_key serializes |private_key| to |out| in the
|
112
110
|
// standard format for Dilithium private keys. It returns one on success or zero
|
113
111
|
// on allocation error.
|
114
|
-
OPENSSL_EXPORT int DILITHIUM_marshal_private_key(
|
112
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_marshal_private_key(
|
115
113
|
CBB *out, const struct DILITHIUM_private_key *private_key);
|
116
114
|
|
117
115
|
// DILITHIUM_parse_private_key parses a private key, in the format generated by
|
118
116
|
// |DILITHIUM_marshal_private_key|, from |in| and writes the result to
|
119
117
|
// |out_private_key|. It returns one on success or zero on parse error or if
|
120
118
|
// there are trailing bytes in |in|.
|
121
|
-
OPENSSL_EXPORT int DILITHIUM_parse_private_key(
|
119
|
+
OPENSSL_EXPORT OPENSSL_DEPRECATED int DILITHIUM_parse_private_key(
|
122
120
|
struct DILITHIUM_private_key *private_key, CBS *in);
|
123
121
|
|
124
122
|
#endif // OPENSSL_UNSTABLE_EXPERIMENTAL_DILITHIUM
|
@@ -40,12 +40,14 @@ extern "C" {
|
|
40
40
|
// respectively.
|
41
41
|
|
42
42
|
// The following constants are KEM identifiers.
|
43
|
+
#define EVP_HPKE_DHKEM_P256_HKDF_SHA256 0x0010
|
43
44
|
#define EVP_HPKE_DHKEM_X25519_HKDF_SHA256 0x0020
|
44
45
|
|
45
46
|
// The following functions are KEM algorithms which may be used with HPKE. Note
|
46
47
|
// that, while some HPKE KEMs use KDFs internally, this is separate from the
|
47
48
|
// |EVP_HPKE_KDF| selection.
|
48
49
|
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void);
|
50
|
+
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_hpke_p256_hkdf_sha256(void);
|
49
51
|
|
50
52
|
// EVP_HPKE_KEM_id returns the HPKE KEM identifier for |kem|, which
|
51
53
|
// will be one of the |EVP_HPKE_KEM_*| constants.
|
@@ -53,7 +55,7 @@ OPENSSL_EXPORT uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem);
|
|
53
55
|
|
54
56
|
// EVP_HPKE_MAX_PUBLIC_KEY_LENGTH is the maximum length of an encoded public key
|
55
57
|
// for all KEMs currently supported by this library.
|
56
|
-
#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH
|
58
|
+
#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH 65
|
57
59
|
|
58
60
|
// EVP_HPKE_KEM_public_key_len returns the length of a public key for |kem|.
|
59
61
|
// This value will be at most |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH|.
|
@@ -69,7 +71,7 @@ OPENSSL_EXPORT size_t EVP_HPKE_KEM_private_key_len(const EVP_HPKE_KEM *kem);
|
|
69
71
|
|
70
72
|
// EVP_HPKE_MAX_ENC_LENGTH is the maximum length of "enc", the encapsulated
|
71
73
|
// shared secret, for all KEMs currently supported by this library.
|
72
|
-
#define EVP_HPKE_MAX_ENC_LENGTH
|
74
|
+
#define EVP_HPKE_MAX_ENC_LENGTH 65
|
73
75
|
|
74
76
|
// EVP_HPKE_KEM_enc_len returns the length of the "enc", the encapsulated shared
|
75
77
|
// secret, for |kem|. This value will be at most |EVP_HPKE_MAX_ENC_LENGTH|.
|
@@ -233,7 +235,7 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_sender(
|
|
233
235
|
// EVP_HPKE_CTX_setup_sender_with_seed_for_testing behaves like
|
234
236
|
// |EVP_HPKE_CTX_setup_sender|, but takes a seed to behave deterministically.
|
235
237
|
// The seed's format depends on |kem|. For X25519, it is the sender's
|
236
|
-
// ephemeral private key.
|
238
|
+
// ephemeral private key. For P256, it's an HKDF input.
|
237
239
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_sender_with_seed_for_testing(
|
238
240
|
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
|
239
241
|
const EVP_HPKE_KEM *kem, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
|
@@ -265,7 +267,7 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender(
|
|
265
267
|
// EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing behaves like
|
266
268
|
// |EVP_HPKE_CTX_setup_auth_sender|, but takes a seed to behave
|
267
269
|
// deterministically. The seed's format depends on |kem|. For X25519, it is the
|
268
|
-
// sender's ephemeral private key.
|
270
|
+
// sender's ephemeral private key. For P256, it's an HKDF input.
|
269
271
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_auth_sender_with_seed_for_testing(
|
270
272
|
EVP_HPKE_CTX *ctx, uint8_t *out_enc, size_t *out_enc_len, size_t max_enc,
|
271
273
|
const EVP_HPKE_KEY *key, const EVP_HPKE_KDF *kdf, const EVP_HPKE_AEAD *aead,
|
@@ -375,8 +377,8 @@ struct evp_hpke_ctx_st {
|
|
375
377
|
|
376
378
|
struct evp_hpke_key_st {
|
377
379
|
const EVP_HPKE_KEM *kem;
|
378
|
-
uint8_t private_key[
|
379
|
-
uint8_t public_key[
|
380
|
+
uint8_t private_key[EVP_HPKE_MAX_PRIVATE_KEY_LENGTH];
|
381
|
+
uint8_t public_key[EVP_HPKE_MAX_PUBLIC_KEY_LENGTH];
|
380
382
|
};
|
381
383
|
|
382
384
|
|
@@ -0,0 +1,136 @@
|
|
1
|
+
/* Copyright (c) 2024, Google LLC
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_MLDSA_H_
|
16
|
+
#define OPENSSL_HEADER_MLDSA_H_
|
17
|
+
|
18
|
+
#include <openssl/base.h>
|
19
|
+
|
20
|
+
#if defined(__cplusplus)
|
21
|
+
extern "C" {
|
22
|
+
#endif
|
23
|
+
|
24
|
+
|
25
|
+
// ML-DSA-65.
|
26
|
+
//
|
27
|
+
// This implements the Module-Lattice-Based Digital Signature Standard from
|
28
|
+
// https://csrc.nist.gov/pubs/fips/204/final
|
29
|
+
|
30
|
+
|
31
|
+
// MLDSA65_private_key contains an ML-DSA-65 private key. The contents of this
|
32
|
+
// object should never leave the address space since the format is unstable.
|
33
|
+
struct MLDSA65_private_key {
|
34
|
+
union {
|
35
|
+
uint8_t bytes[32 + 32 + 64 + 256 * 4 * (5 + 6 + 6)];
|
36
|
+
uint32_t alignment;
|
37
|
+
} opaque;
|
38
|
+
};
|
39
|
+
|
40
|
+
// MLDSA65_public_key contains an ML-DSA-65 public key. The contents of this
|
41
|
+
// object should never leave the address space since the format is unstable.
|
42
|
+
struct MLDSA65_public_key {
|
43
|
+
union {
|
44
|
+
uint8_t bytes[32 + 64 + 256 * 4 * 6];
|
45
|
+
uint32_t alignment;
|
46
|
+
} opaque;
|
47
|
+
};
|
48
|
+
|
49
|
+
// MLDSA65_PRIVATE_KEY_BYTES is the number of bytes in an encoded ML-DSA-65
|
50
|
+
// private key.
|
51
|
+
#define MLDSA65_PRIVATE_KEY_BYTES 4032
|
52
|
+
|
53
|
+
// MLDSA65_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-DSA-65
|
54
|
+
// public key.
|
55
|
+
#define MLDSA65_PUBLIC_KEY_BYTES 1952
|
56
|
+
|
57
|
+
// MLDSA65_SIGNATURE_BYTES is the number of bytes in an encoded ML-DSA-65
|
58
|
+
// signature.
|
59
|
+
#define MLDSA65_SIGNATURE_BYTES 3309
|
60
|
+
|
61
|
+
// MLDSA_SEED_BYTES is the number of bytes in an ML-DSA seed value.
|
62
|
+
#define MLDSA_SEED_BYTES 32
|
63
|
+
|
64
|
+
// MLDSA65_generate_key generates a random public/private key pair, writes the
|
65
|
+
// encoded public key to |out_encoded_public_key|, writes the seed to
|
66
|
+
// |out_seed|, and sets |out_private_key| to the private key. Returns 1 on
|
67
|
+
// success and 0 on allocation failure.
|
68
|
+
OPENSSL_EXPORT int MLDSA65_generate_key(
|
69
|
+
uint8_t out_encoded_public_key[MLDSA65_PUBLIC_KEY_BYTES],
|
70
|
+
uint8_t out_seed[MLDSA_SEED_BYTES],
|
71
|
+
struct MLDSA65_private_key *out_private_key);
|
72
|
+
|
73
|
+
// MLDSA65_private_key_from_seed regenerates a private key from a seed value
|
74
|
+
// that was generated by |MLDSA65_generate_key|. Returns 1 on success and 0 on
|
75
|
+
// allocation failure or if |seed_len| is incorrect.
|
76
|
+
OPENSSL_EXPORT int MLDSA65_private_key_from_seed(
|
77
|
+
struct MLDSA65_private_key *out_private_key, const uint8_t *seed,
|
78
|
+
size_t seed_len);
|
79
|
+
|
80
|
+
// MLDSA65_public_from_private sets |*out_public_key| to the public key that
|
81
|
+
// corresponds to |private_key|. Returns 1 on success and 0 on failure.
|
82
|
+
OPENSSL_EXPORT int MLDSA65_public_from_private(
|
83
|
+
struct MLDSA65_public_key *out_public_key,
|
84
|
+
const struct MLDSA65_private_key *private_key);
|
85
|
+
|
86
|
+
// MLDSA65_sign generates a signature for the message |msg| of length
|
87
|
+
// |msg_len| using |private_key| (following the randomized algorithm), and
|
88
|
+
// writes the encoded signature to |out_encoded_signature|. The |context|
|
89
|
+
// argument is also signed over and can be used to include implicit contextual
|
90
|
+
// information that isn't included in |msg|. The same value of |context| must be
|
91
|
+
// presented to |MLDSA65_verify| in order for the generated signature to be
|
92
|
+
// considered valid. |context| and |context_len| may be |NULL| and 0 to use an
|
93
|
+
// empty context (this is common). Returns 1 on success and 0 on failure.
|
94
|
+
OPENSSL_EXPORT int MLDSA65_sign(
|
95
|
+
uint8_t out_encoded_signature[MLDSA65_SIGNATURE_BYTES],
|
96
|
+
const struct MLDSA65_private_key *private_key, const uint8_t *msg,
|
97
|
+
size_t msg_len, const uint8_t *context, size_t context_len);
|
98
|
+
|
99
|
+
// MLDSA65_verify verifies that |signature| constitutes a valid
|
100
|
+
// signature for the message |msg| of length |msg_len| using |public_key|. The
|
101
|
+
// value of |context| must equal the value that was passed to |MLDSA65_sign|
|
102
|
+
// when the signature was generated. Returns 1 on success or 0 on error.
|
103
|
+
OPENSSL_EXPORT int MLDSA65_verify(const struct MLDSA65_public_key *public_key,
|
104
|
+
const uint8_t *signature,
|
105
|
+
size_t signature_len, const uint8_t *msg,
|
106
|
+
size_t msg_len, const uint8_t *context,
|
107
|
+
size_t context_len);
|
108
|
+
|
109
|
+
|
110
|
+
// Serialisation of keys.
|
111
|
+
|
112
|
+
// MLDSA65_marshal_public_key serializes |public_key| to |out| in the standard
|
113
|
+
// format for ML-DSA-65 public keys. It returns 1 on success or 0 on
|
114
|
+
// allocation error.
|
115
|
+
OPENSSL_EXPORT int MLDSA65_marshal_public_key(
|
116
|
+
CBB *out, const struct MLDSA65_public_key *public_key);
|
117
|
+
|
118
|
+
// MLDSA65_parse_public_key parses a public key, in the format generated by
|
119
|
+
// |MLDSA65_marshal_public_key|, from |in| and writes the result to
|
120
|
+
// |out_public_key|. It returns 1 on success or 0 on parse error or if
|
121
|
+
// there are trailing bytes in |in|.
|
122
|
+
OPENSSL_EXPORT int MLDSA65_parse_public_key(
|
123
|
+
struct MLDSA65_public_key *public_key, CBS *in);
|
124
|
+
|
125
|
+
// MLDSA65_parse_private_key parses a private key, in the NIST format, from |in|
|
126
|
+
// and writes the result to |out_private_key|. It returns 1 on success or 0 on
|
127
|
+
// parse error or if there are trailing bytes in |in|.
|
128
|
+
OPENSSL_EXPORT int MLDSA65_parse_private_key(
|
129
|
+
struct MLDSA65_private_key *private_key, CBS *in);
|
130
|
+
|
131
|
+
|
132
|
+
#if defined(__cplusplus)
|
133
|
+
} // extern C
|
134
|
+
#endif
|
135
|
+
|
136
|
+
#endif // OPENSSL_HEADER_MLDSA_H_
|
@@ -0,0 +1,246 @@
|
|
1
|
+
/* Copyright (c) 2024, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_MLKEM_H
|
16
|
+
#define OPENSSL_HEADER_MLKEM_H
|
17
|
+
|
18
|
+
#include <openssl/base.h>
|
19
|
+
|
20
|
+
#if defined(__cplusplus)
|
21
|
+
extern "C" {
|
22
|
+
#endif
|
23
|
+
|
24
|
+
|
25
|
+
// ML-KEM-768.
|
26
|
+
//
|
27
|
+
// This implements the Module-Lattice-Based Key-Encapsulation Mechanism from
|
28
|
+
// https://csrc.nist.gov/pubs/fips/204/final
|
29
|
+
|
30
|
+
|
31
|
+
// MLKEM768_public_key contains an ML-KEM-768 public key. The contents of this
|
32
|
+
// object should never leave the address space since the format is unstable.
|
33
|
+
struct MLKEM768_public_key {
|
34
|
+
union {
|
35
|
+
uint8_t bytes[512 * (3 + 9) + 32 + 32];
|
36
|
+
uint16_t alignment;
|
37
|
+
} opaque;
|
38
|
+
};
|
39
|
+
|
40
|
+
// MLKEM768_private_key contains an ML-KEM-768 private key. The contents of this
|
41
|
+
// object should never leave the address space since the format is unstable.
|
42
|
+
struct MLKEM768_private_key {
|
43
|
+
union {
|
44
|
+
uint8_t bytes[512 * (3 + 3 + 9) + 32 + 32 + 32];
|
45
|
+
uint16_t alignment;
|
46
|
+
} opaque;
|
47
|
+
};
|
48
|
+
|
49
|
+
// MLKEM768_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-KEM-768
|
50
|
+
// public key.
|
51
|
+
#define MLKEM768_PUBLIC_KEY_BYTES 1184
|
52
|
+
|
53
|
+
// MLKEM_SEED_BYTES is the number of bytes in an ML-KEM seed.
|
54
|
+
#define MLKEM_SEED_BYTES 64
|
55
|
+
|
56
|
+
// MLKEM768_generate_key generates a random public/private key pair, writes the
|
57
|
+
// encoded public key to |out_encoded_public_key| and sets |out_private_key| to
|
58
|
+
// the private key. If |optional_out_seed| is not NULL then the seed used to
|
59
|
+
// generate the private key is written to it.
|
60
|
+
OPENSSL_EXPORT void MLKEM768_generate_key(
|
61
|
+
uint8_t out_encoded_public_key[MLKEM768_PUBLIC_KEY_BYTES],
|
62
|
+
uint8_t optional_out_seed[MLKEM_SEED_BYTES],
|
63
|
+
struct MLKEM768_private_key *out_private_key);
|
64
|
+
|
65
|
+
// MLKEM768_private_key_from_seed derives a private key from a seed that was
|
66
|
+
// generated by |MLKEM768_generate_key|. It fails and returns 0 if |seed_len| is
|
67
|
+
// incorrect, otherwise it writes |*out_private_key| and returns 1.
|
68
|
+
OPENSSL_EXPORT int MLKEM768_private_key_from_seed(
|
69
|
+
struct MLKEM768_private_key *out_private_key, const uint8_t *seed,
|
70
|
+
size_t seed_len);
|
71
|
+
|
72
|
+
// MLKEM768_public_from_private sets |*out_public_key| to the public key that
|
73
|
+
// corresponds to |private_key|. (This is faster than parsing the output of
|
74
|
+
// |MLKEM768_generate_key| if, for some reason, you need to encapsulate to a key
|
75
|
+
// that was just generated.)
|
76
|
+
OPENSSL_EXPORT void MLKEM768_public_from_private(
|
77
|
+
struct MLKEM768_public_key *out_public_key,
|
78
|
+
const struct MLKEM768_private_key *private_key);
|
79
|
+
|
80
|
+
// MLKEM768_CIPHERTEXT_BYTES is number of bytes in the ML-KEM-768 ciphertext.
|
81
|
+
#define MLKEM768_CIPHERTEXT_BYTES 1088
|
82
|
+
|
83
|
+
// MLKEM_SHARED_SECRET_BYTES is the number of bytes in an ML-KEM shared secret.
|
84
|
+
#define MLKEM_SHARED_SECRET_BYTES 32
|
85
|
+
|
86
|
+
// MLKEM768_encap encrypts a random shared secret for |public_key|, writes the
|
87
|
+
// ciphertext to |out_ciphertext|, and writes the random shared secret to
|
88
|
+
// |out_shared_secret|.
|
89
|
+
OPENSSL_EXPORT void MLKEM768_encap(
|
90
|
+
uint8_t out_ciphertext[MLKEM768_CIPHERTEXT_BYTES],
|
91
|
+
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
|
92
|
+
const struct MLKEM768_public_key *public_key);
|
93
|
+
|
94
|
+
// MLKEM768_decap decrypts a shared secret from |ciphertext| using |private_key|
|
95
|
+
// and writes it to |out_shared_secret|. If |ciphertext_len| is incorrect it
|
96
|
+
// returns 0, otherwise it returns 1. If |ciphertext| is invalid (but of the
|
97
|
+
// correct length), |out_shared_secret| is filled with a key that will always be
|
98
|
+
// the same for the same |ciphertext| and |private_key|, but which appears to be
|
99
|
+
// random unless one has access to |private_key|. These alternatives occur in
|
100
|
+
// constant time. Any subsequent symmetric encryption using |out_shared_secret|
|
101
|
+
// must use an authenticated encryption scheme in order to discover the
|
102
|
+
// decapsulation failure.
|
103
|
+
OPENSSL_EXPORT int MLKEM768_decap(
|
104
|
+
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
|
105
|
+
const uint8_t *ciphertext, size_t ciphertext_len,
|
106
|
+
const struct MLKEM768_private_key *private_key);
|
107
|
+
|
108
|
+
|
109
|
+
// Serialisation of keys.
|
110
|
+
|
111
|
+
// MLKEM768_marshal_public_key serializes |public_key| to |out| in the standard
|
112
|
+
// format for ML-KEM-768 public keys. It returns one on success or zero on
|
113
|
+
// allocation error.
|
114
|
+
OPENSSL_EXPORT int MLKEM768_marshal_public_key(
|
115
|
+
CBB *out, const struct MLKEM768_public_key *public_key);
|
116
|
+
|
117
|
+
// MLKEM768_parse_public_key parses a public key, in the format generated by
|
118
|
+
// |MLKEM768_marshal_public_key|, from |in| and writes the result to
|
119
|
+
// |out_public_key|. It returns one on success or zero on parse error or if
|
120
|
+
// there are trailing bytes in |in|.
|
121
|
+
OPENSSL_EXPORT int MLKEM768_parse_public_key(
|
122
|
+
struct MLKEM768_public_key *out_public_key, CBS *in);
|
123
|
+
|
124
|
+
// MLKEM768_PRIVATE_KEY_BYTES is the length of the data produced by
|
125
|
+
// |MLKEM768_marshal_private_key|.
|
126
|
+
#define MLKEM768_PRIVATE_KEY_BYTES 2400
|
127
|
+
|
128
|
+
// MLKEM768_parse_private_key parses a private key, in NIST's format for
|
129
|
+
// private keys, from |in| and writes the result to |out_private_key|. It
|
130
|
+
// returns one on success or zero on parse error or if there are trailing bytes
|
131
|
+
// in |in|. This format is verbose and should be avoided. Private keys should be
|
132
|
+
// stored as seeds and parsed using |MLKEM768_private_key_from_seed|.
|
133
|
+
OPENSSL_EXPORT int MLKEM768_parse_private_key(
|
134
|
+
struct MLKEM768_private_key *out_private_key, CBS *in);
|
135
|
+
|
136
|
+
|
137
|
+
// ML-KEM-1024
|
138
|
+
//
|
139
|
+
// ML-KEM-1024 also exists. You should prefer ML-KEM-768 where possible.
|
140
|
+
|
141
|
+
// MLKEM1024_public_key contains an ML-KEM-1024 public key. The contents of this
|
142
|
+
// object should never leave the address space since the format is unstable.
|
143
|
+
struct MLKEM1024_public_key {
|
144
|
+
union {
|
145
|
+
uint8_t bytes[512 * (4 + 16) + 32 + 32];
|
146
|
+
uint16_t alignment;
|
147
|
+
} opaque;
|
148
|
+
};
|
149
|
+
|
150
|
+
// MLKEM1024_private_key contains a ML-KEM-1024 private key. The contents of
|
151
|
+
// this object should never leave the address space since the format is
|
152
|
+
// unstable.
|
153
|
+
struct MLKEM1024_private_key {
|
154
|
+
union {
|
155
|
+
uint8_t bytes[512 * (4 + 4 + 16) + 32 + 32 + 32];
|
156
|
+
uint16_t alignment;
|
157
|
+
} opaque;
|
158
|
+
};
|
159
|
+
|
160
|
+
// MLKEM1024_PUBLIC_KEY_BYTES is the number of bytes in an encoded ML-KEM-1024
|
161
|
+
// public key.
|
162
|
+
#define MLKEM1024_PUBLIC_KEY_BYTES 1568
|
163
|
+
|
164
|
+
// MLKEM1024_generate_key generates a random public/private key pair, writes the
|
165
|
+
// encoded public key to |out_encoded_public_key| and sets |out_private_key| to
|
166
|
+
// the private key. If |optional_out_seed| is not NULL then the seed used to
|
167
|
+
// generate the private key is written to it.
|
168
|
+
OPENSSL_EXPORT void MLKEM1024_generate_key(
|
169
|
+
uint8_t out_encoded_public_key[MLKEM1024_PUBLIC_KEY_BYTES],
|
170
|
+
uint8_t optional_out_seed[MLKEM_SEED_BYTES],
|
171
|
+
struct MLKEM1024_private_key *out_private_key);
|
172
|
+
|
173
|
+
// MLKEM1024_private_key_from_seed derives a private key from a seed that was
|
174
|
+
// generated by |MLKEM1024_generate_key|. It fails and returns 0 if |seed_len|
|
175
|
+
// is incorrect, otherwise it writes |*out_private_key| and returns 1.
|
176
|
+
OPENSSL_EXPORT int MLKEM1024_private_key_from_seed(
|
177
|
+
struct MLKEM1024_private_key *out_private_key, const uint8_t *seed,
|
178
|
+
size_t seed_len);
|
179
|
+
|
180
|
+
// MLKEM1024_public_from_private sets |*out_public_key| to the public key that
|
181
|
+
// corresponds to |private_key|. (This is faster than parsing the output of
|
182
|
+
// |MLKEM1024_generate_key| if, for some reason, you need to encapsulate to a
|
183
|
+
// key that was just generated.)
|
184
|
+
OPENSSL_EXPORT void MLKEM1024_public_from_private(
|
185
|
+
struct MLKEM1024_public_key *out_public_key,
|
186
|
+
const struct MLKEM1024_private_key *private_key);
|
187
|
+
|
188
|
+
// MLKEM1024_CIPHERTEXT_BYTES is number of bytes in the ML-KEM-1024 ciphertext.
|
189
|
+
#define MLKEM1024_CIPHERTEXT_BYTES 1568
|
190
|
+
|
191
|
+
// MLKEM1024_encap encrypts a random shared secret for |public_key|, writes the
|
192
|
+
// ciphertext to |out_ciphertext|, and writes the random shared secret to
|
193
|
+
// |out_shared_secret|.
|
194
|
+
OPENSSL_EXPORT void MLKEM1024_encap(
|
195
|
+
uint8_t out_ciphertext[MLKEM1024_CIPHERTEXT_BYTES],
|
196
|
+
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
|
197
|
+
const struct MLKEM1024_public_key *public_key);
|
198
|
+
|
199
|
+
// MLKEM1024_decap decrypts a shared secret from |ciphertext| using
|
200
|
+
// |private_key| and writes it to |out_shared_secret|. If |ciphertext_len| is
|
201
|
+
// incorrect it returns 0, otherwise it returns 1. If |ciphertext| is invalid
|
202
|
+
// (but of the correct length), |out_shared_secret| is filled with a key that
|
203
|
+
// will always be the same for the same |ciphertext| and |private_key|, but
|
204
|
+
// which appears to be random unless one has access to |private_key|. These
|
205
|
+
// alternatives occur in constant time. Any subsequent symmetric encryption
|
206
|
+
// using |out_shared_secret| must use an authenticated encryption scheme in
|
207
|
+
// order to discover the decapsulation failure.
|
208
|
+
OPENSSL_EXPORT int MLKEM1024_decap(
|
209
|
+
uint8_t out_shared_secret[MLKEM_SHARED_SECRET_BYTES],
|
210
|
+
const uint8_t *ciphertext, size_t ciphertext_len,
|
211
|
+
const struct MLKEM1024_private_key *private_key);
|
212
|
+
|
213
|
+
|
214
|
+
// Serialisation of ML-KEM-1024 keys.
|
215
|
+
|
216
|
+
// MLKEM1024_marshal_public_key serializes |public_key| to |out| in the standard
|
217
|
+
// format for ML-KEM-1024 public keys. It returns one on success or zero on
|
218
|
+
// allocation error.
|
219
|
+
OPENSSL_EXPORT int MLKEM1024_marshal_public_key(
|
220
|
+
CBB *out, const struct MLKEM1024_public_key *public_key);
|
221
|
+
|
222
|
+
// MLKEM1024_parse_public_key parses a public key, in the format generated by
|
223
|
+
// |MLKEM1024_marshal_public_key|, from |in| and writes the result to
|
224
|
+
// |out_public_key|. It returns one on success or zero on parse error or if
|
225
|
+
// there are trailing bytes in |in|.
|
226
|
+
OPENSSL_EXPORT int MLKEM1024_parse_public_key(
|
227
|
+
struct MLKEM1024_public_key *out_public_key, CBS *in);
|
228
|
+
|
229
|
+
// MLKEM1024_PRIVATE_KEY_BYTES is the length of the data produced by
|
230
|
+
// |MLKEM1024_marshal_private_key|.
|
231
|
+
#define MLKEM1024_PRIVATE_KEY_BYTES 3168
|
232
|
+
|
233
|
+
// MLKEM1024_parse_private_key parses a private key, in NIST's format for
|
234
|
+
// private keys, from |in| and writes the result to |out_private_key|. It
|
235
|
+
// returns one on success or zero on parse error or if there are trailing bytes
|
236
|
+
// in |in|. This format is verbose and should be avoided. Private keys should be
|
237
|
+
// stored as seeds and parsed using |MLKEM1024_private_key_from_seed|.
|
238
|
+
OPENSSL_EXPORT int MLKEM1024_parse_private_key(
|
239
|
+
struct MLKEM1024_private_key *out_private_key, CBS *in);
|
240
|
+
|
241
|
+
|
242
|
+
#if defined(__cplusplus)
|
243
|
+
} // extern C
|
244
|
+
#endif
|
245
|
+
|
246
|
+
#endif // OPENSSL_HEADER_MLKEM_H
|
@@ -4255,6 +4255,9 @@ extern "C" {
|
|
4255
4255
|
#define SN_X25519Kyber768Draft00 "X25519Kyber768Draft00"
|
4256
4256
|
#define NID_X25519Kyber768Draft00 964
|
4257
4257
|
|
4258
|
+
#define SN_X25519MLKEM768 "X25519MLKEM768"
|
4259
|
+
#define NID_X25519MLKEM768 965
|
4260
|
+
|
4258
4261
|
|
4259
4262
|
#if defined(__cplusplus)
|
4260
4263
|
} /* extern C */
|