diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-07 01:05:19 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-07 01:05:19 +0000 |
commit | 3ee1c4a4204a7feeb349a156adf7b50b595556a5 (patch) | |
tree | 9c582ddacc6bcaa666defcc6bc8f6af51ce27816 | |
parent | 6f8420b2a26bc9e38f266365e87cd2a443ba45ad (diff) | |
parent | 9f169a5cf62f5790cfe84f16db74c6bc5b116145 (diff) | |
download | open-dice-3ee1c4a4204a7feeb349a156adf7b50b595556a5.tar.gz |
Snap for 8414751 from 9f169a5cf62f5790cfe84f16db74c6bc5b116145 to tm-releaseandroid-vts-13.0_r8android-vts-13.0_r7android-vts-13.0_r6android-vts-13.0_r5android-vts-13.0_r4android-vts-13.0_r3android-vts-13.0_r2android-vts-13.0_r1android-security-13.0.0_r9android-security-13.0.0_r8android-security-13.0.0_r7android-security-13.0.0_r6android-security-13.0.0_r5android-security-13.0.0_r4android-security-13.0.0_r3android-security-13.0.0_r2android-security-13.0.0_r18android-security-13.0.0_r17android-security-13.0.0_r16android-security-13.0.0_r15android-security-13.0.0_r14android-security-13.0.0_r13android-security-13.0.0_r12android-security-13.0.0_r11android-security-13.0.0_r10android-security-13.0.0_r1android-platform-13.0.0_r2android-platform-13.0.0_r1android-cts-13.0_r8android-cts-13.0_r7android-cts-13.0_r6android-cts-13.0_r5android-cts-13.0_r4android-cts-13.0_r3android-cts-13.0_r2android-cts-13.0_r1android-13.0.0_r8android-13.0.0_r7android-13.0.0_r6android-13.0.0_r5android-13.0.0_r4android-13.0.0_r31android-13.0.0_r3android-13.0.0_r2android-13.0.0_r12android-13.0.0_r1android13-tests-releaseandroid13-security-releaseandroid13-s3-releaseandroid13-s2-releaseandroid13-s1-releaseandroid13-release
Change-Id: Id93924d63b9de41aaf44168e58a3308a96a7c4f7
-rw-r--r-- | Android.bp | 6 | ||||
-rw-r--r-- | BUILD.gn | 12 | ||||
-rw-r--r-- | BUILDCONFIG.gn | 6 | ||||
-rw-r--r-- | include/dice/dice.h | 12 | ||||
-rw-r--r-- | include/dice/known_test_values.h | 68 | ||||
-rw-r--r-- | rules.mk | 3 | ||||
-rw-r--r-- | src/android/BUILD.gn | 3 | ||||
-rw-r--r-- | src/android/bcc.c | 113 | ||||
-rw-r--r-- | src/android/bcc_test.cc | 23 | ||||
-rw-r--r-- | src/boringssl_ed25519_ops.c (renamed from src/boringssl_hash_kdf_sign_ops.c) | 26 | ||||
-rw-r--r-- | src/boringssl_hash_kdf_ops.c | 43 | ||||
-rw-r--r-- | src/dice.c | 12 | ||||
-rw-r--r-- | src/dice_test.cc | 20 | ||||
-rw-r--r-- | src/template_cert_op.c | 2 | ||||
-rw-r--r-- | third_party/boringssl/BUILD.generated.gni | 22 | ||||
-rw-r--r-- | third_party/boringssl/err_data.c | 1358 | ||||
-rw-r--r-- | toolchains/BUILD.gn | 7 |
17 files changed, 965 insertions, 771 deletions
@@ -28,7 +28,8 @@ cc_library_static { host_supported: true, vendor_available: true, srcs: [ - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/cbor_cert_op.c", "src/cbor_writer.c", "src/clear_memory.c", @@ -210,7 +211,8 @@ rust_bindgen { // import it instead from open_dice_cbor_bindgen. "--blocklist-type=DiceInputValues_", "--blocklist-type=DiceInputValues", - "--raw-line", "pub use open_dice_cbor_bindgen::DiceInputValues;", + "--raw-line", + "pub use open_dice_cbor_bindgen::DiceInputValues;", ], rustlibs: [ @@ -66,7 +66,8 @@ pw_static_library("dice_with_boringssl_ops") { ] sources = [ "src/boringssl_cert_op.c", - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/clear_memory.c", "src/dice.c", "src/utils.c", @@ -104,7 +105,8 @@ pw_static_library("dice_with_cbor_cert") { "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/cbor_cert_op.c", "src/clear_memory.c", "src/dice.c", @@ -123,7 +125,8 @@ pw_static_library("dice_with_cbor_template_cert") { "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/clear_memory.c", "src/dice.c", "src/template_cbor_cert_op.c", @@ -141,7 +144,8 @@ pw_static_library("dice_with_x509_template_cert") { "include/dice/utils.h", ] sources = [ - "src/boringssl_hash_kdf_sign_ops.c", + "src/boringssl_hash_kdf_ops.c", + "src/boringssl_ed25519_ops.c", "src/clear_memory.c", "src/dice.c", "src/template_cert_op.c", diff --git a/BUILDCONFIG.gn b/BUILDCONFIG.gn index 5a2ac67..a393863 100644 --- a/BUILDCONFIG.gn +++ b/BUILDCONFIG.gn @@ -16,5 +16,7 @@ _pigweed_directory = { import("//build_overrides/pigweed.gni") } -# The default toolchain is not used in Pigweed builds. -set_default_toolchain("${_pigweed_directory.dir_pw_toolchain}/dummy") +# The default toolchain is not used in Pigweed builds, so it is set to a +# toolchain that cannot compile C/C++ code. The top-level BUILD.gn should stamp +# a group with all of the build targets and their toolchains. +set_default_toolchain("${_pigweed_directory.dir_pw_toolchain}/default") diff --git a/include/dice/dice.h b/include/dice/dice.h index 2e83424..cf54942 100644 --- a/include/dice/dice.h +++ b/include/dice/dice.h @@ -116,6 +116,9 @@ DiceResult DiceDeriveCdiCertificateId(void* context, // Given a full set of input values and the current CDI values, computes the // next CDI values and a matching certificate. See the Open Profile for DICE // specification for a detailed explanation of this flow. +// In certain cases, the caller may not need to generate the CDI certificate. +// The caller should signal this by setting the certificate parameters to +// null/zero values appropriately. // // Parameters: // context: Context provided by the caller that is opaque to this library @@ -129,16 +132,19 @@ DiceResult DiceDeriveCdiCertificateId(void* context, // input_values: A set of input values describing the target program or // system. // next_cdi_certificate_buffer_size: The size in bytes of the buffer pointed -// to by the |next_cdi_certificate| argument. +// to by the |next_cdi_certificate| argument. This should be set to zero +// if next CDI certificate should not be computed. // next_cdi_certificate: On success, will be populated with the generated // certificate, up to |next_cdi_certificate_buffer_size| in size. If the // certificate cannot fit in the buffer, |next_cdi_certificate_size| is // populated with the required size and kDiceResultBufferTooSmall is -// returned. +// returned. This should be set to NULL if next CDI certificate should +// not be computed. // next_cdi_certificate_actual_size: On success, will be populated with the // size, in bytes, of the certificate data written to // |next_cdi_certificate|. If kDiceResultBufferTooSmall is returned, will -// be populated with the required buffer size. +// be populated with the required buffer size. This should be set to NULL +// if next CDI certificate should not be computed. // next_cdi_attest: On success, will be populated with the next CDI value for // attestation. // next_cdi_seal: On success, will be populated with the next CDI value for diff --git a/include/dice/known_test_values.h b/include/dice/known_test_values.h index 49ddfb9..90c565a 100644 --- a/include/dice/known_test_values.h +++ b/include/dice/known_test_values.h @@ -86,10 +86,10 @@ constexpr uint8_t kExpectedCdiSeal_ZeroInput[32] = { // 209:d=2 hl=2 l= 1 prim: ENUMERATED :00 // // Signature Algorithm: ED25519 -// cd:8e:a8:d0:f5:12:b5:28:64:11:47:11:db:12:cf:b2:27:64: -// 22:8d:a3:76:27:98:32:6e:6c:5a:44:10:ef:b3:ae:39:96:04: -// 53:57:72:a6:11:2b:58:78:59:06:0b:a6:a8:23:0a:aa:20:73: -// 91:0e:fb:1a:39:c1:d1:86:41:0b +// ba:e1:ef:9f:c5:b6:88:be:4a:67:22:b4:47:44:50:25:b6:37: +// 68:8b:1a:29:27:9e:46:c6:d0:68:d8:6d:19:ed:50:55:ca:24: +// 41:71:a5:b5:37:0d:60:2b:85:08:f9:38:6c:95:c6:77:33:11: +// a2:28:a5:49:5b:87:05:e4:e8:0d constexpr uint8_t kExpectedX509Ed25519Cert_ZeroInput[635] = { 0x30, 0x82, 0x02, 0x77, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x67, 0xc2, 0x2a, 0x88, 0x59, 0x06, 0x2b, 0x98, 0x68, @@ -118,7 +118,7 @@ constexpr uint8_t kExpectedX509Ed25519Cert_ZeroInput[635] = { 0xe8, 0xe7, 0x2b, 0x0b, 0xcd, 0x9f, 0x59, 0x34, 0x9c, 0x89, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0x01, 0x30, 0x81, 0xe3, 0x06, 0x0a, + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe3, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -138,12 +138,12 @@ constexpr uint8_t kExpectedX509Ed25519Cert_ZeroInput[635] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x05, 0x06, - 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xcd, 0x8e, 0xa8, 0xd0, 0xf5, - 0x12, 0xb5, 0x28, 0x64, 0x11, 0x47, 0x11, 0xdb, 0x12, 0xcf, 0xb2, 0x27, - 0x64, 0x22, 0x8d, 0xa3, 0x76, 0x27, 0x98, 0x32, 0x6e, 0x6c, 0x5a, 0x44, - 0x10, 0xef, 0xb3, 0xae, 0x39, 0x96, 0x04, 0x53, 0x57, 0x72, 0xa6, 0x11, - 0x2b, 0x58, 0x78, 0x59, 0x06, 0x0b, 0xa6, 0xa8, 0x23, 0x0a, 0xaa, 0x20, - 0x73, 0x91, 0x0e, 0xfb, 0x1a, 0x39, 0xc1, 0xd1, 0x86, 0x41, 0x0b}; + 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xba, 0xe1, 0xef, 0x9f, 0xc5, + 0xb6, 0x88, 0xbe, 0x4a, 0x67, 0x22, 0xb4, 0x47, 0x44, 0x50, 0x25, 0xb6, + 0x37, 0x68, 0x8b, 0x1a, 0x29, 0x27, 0x9e, 0x46, 0xc6, 0xd0, 0x68, 0xd8, + 0x6d, 0x19, 0xed, 0x50, 0x55, 0xca, 0x24, 0x41, 0x71, 0xa5, 0xb5, 0x37, + 0x0d, 0x60, 0x2b, 0x85, 0x08, 0xf9, 0x38, 0x6c, 0x95, 0xc6, 0x77, 0x33, + 0x11, 0xa2, 0x28, 0xa5, 0x49, 0x5b, 0x87, 0x05, 0xe4, 0xe8, 0x0d}; // $ openssl x509 -inform DER -noout -text -certopt ext_parse // Certificate: @@ -371,10 +371,10 @@ constexpr uint8_t kExpectedCdiSeal_HashOnlyInput[32] = { // 209:d=2 hl=2 l= 1 prim: ENUMERATED :00 // // Signature Algorithm: ED25519 -// 48:f5:68:52:d1:f3:1e:06:73:99:a4:77:be:33:61:df:5f:ce: -// 3f:4f:fb:23:55:f4:94:d9:d1:d0:19:2a:01:b1:21:6b:d2:b8: -// c6:93:d8:c1:a8:c2:84:88:7a:3c:38:60:3b:20:26:8c:b5:56: -// 5f:09:a4:f4:49:9b:bb:c6:3c:09 +// 2d:26:2d:e5:ad:8f:4a:d2:78:e3:38:fe:bc:4f:60:67:d8:c3: +// 20:4b:f1:19:e1:e7:48:c5:9f:51:01:57:62:f1:0d:75:d2:6d: +// d0:1b:0b:a4:32:f6:55:5a:55:b0:86:c0:e9:f9:6a:35:7c:5e: +// 40:68:5f:05:ef:f6:52:a7:4c:05 constexpr uint8_t kExpectedX509Ed25519Cert_HashOnlyInput[635] = { 0x30, 0x82, 0x02, 0x77, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x0d, 0x04, 0x0e, 0x2f, 0x46, 0x00, 0x52, 0xa5, 0x31, @@ -403,7 +403,7 @@ constexpr uint8_t kExpectedX509Ed25519Cert_HashOnlyInput[635] = { 0x1b, 0x91, 0xdb, 0xf9, 0xb4, 0x40, 0x83, 0x32, 0xec, 0x29, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0x01, 0x30, 0x81, 0xe3, 0x06, 0x0a, + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe3, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, @@ -423,12 +423,12 @@ constexpr uint8_t kExpectedX509Ed25519Cert_HashOnlyInput[635] = { 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d, 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9, 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x05, 0x06, - 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x48, 0xf5, 0x68, 0x52, 0xd1, - 0xf3, 0x1e, 0x06, 0x73, 0x99, 0xa4, 0x77, 0xbe, 0x33, 0x61, 0xdf, 0x5f, - 0xce, 0x3f, 0x4f, 0xfb, 0x23, 0x55, 0xf4, 0x94, 0xd9, 0xd1, 0xd0, 0x19, - 0x2a, 0x01, 0xb1, 0x21, 0x6b, 0xd2, 0xb8, 0xc6, 0x93, 0xd8, 0xc1, 0xa8, - 0xc2, 0x84, 0x88, 0x7a, 0x3c, 0x38, 0x60, 0x3b, 0x20, 0x26, 0x8c, 0xb5, - 0x56, 0x5f, 0x09, 0xa4, 0xf4, 0x49, 0x9b, 0xbb, 0xc6, 0x3c, 0x09}; + 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x2d, 0x26, 0x2d, 0xe5, 0xad, + 0x8f, 0x4a, 0xd2, 0x78, 0xe3, 0x38, 0xfe, 0xbc, 0x4f, 0x60, 0x67, 0xd8, + 0xc3, 0x20, 0x4b, 0xf1, 0x19, 0xe1, 0xe7, 0x48, 0xc5, 0x9f, 0x51, 0x01, + 0x57, 0x62, 0xf1, 0x0d, 0x75, 0xd2, 0x6d, 0xd0, 0x1b, 0x0b, 0xa4, 0x32, + 0xf6, 0x55, 0x5a, 0x55, 0xb0, 0x86, 0xc0, 0xe9, 0xf9, 0x6a, 0x35, 0x7c, + 0x5e, 0x40, 0x68, 0x5f, 0x05, 0xef, 0xf6, 0x52, 0xa7, 0x4c, 0x05}; // $ openssl x509 -inform DER -noout -text -certopt ext_parse // Certificate: @@ -677,10 +677,10 @@ constexpr uint8_t kExpectedCdiSeal_DescriptorInput[32] = { // 427:d=2 hl=2 l= 1 prim: ENUMERATED :00 // // Signature Algorithm: ED25519 -// ce:e6:a6:f7:5a:09:2e:a9:f1:27:73:46:61:21:5a:f7:15:c4: -// a5:31:43:37:b5:2f:3d:c8:61:f1:d2:65:56:84:81:e2:c5:c4: -// a0:87:55:d0:55:15:ce:14:d5:8e:94:5a:f9:b7:0e:09:91:3b: -// 25:75:e2:ea:cb:7d:37:72:54:0f +// 70:3c:ba:64:6b:18:2b:3f:26:b3:67:52:3b:3d:08:f5:88:3d: +// fe:79:d4:b4:e5:70:71:1d:95:f6:9a:ac:ca:f7:23:8b:fd:e2: +// 22:5b:3b:39:82:99:02:e8:db:67:70:f2:99:9d:f7:3b:73:12: +// 6a:b0:a0:ac:49:4b:37:06:21:06 constexpr uint8_t kExpectedX509Ed25519Cert_DescriptorInput[855] = { 0x30, 0x82, 0x03, 0x53, 0x30, 0x82, 0x03, 0x05, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x52, 0x1f, 0x03, 0x5c, 0x21, 0xe3, 0x2f, 0x16, 0x74, @@ -709,7 +709,7 @@ constexpr uint8_t kExpectedX509Ed25519Cert_DescriptorInput[855] = { 0x1e, 0xae, 0x6b, 0xde, 0xd9, 0x3c, 0xe3, 0x21, 0xe0, 0xdf, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0x01, 0x30, 0x82, 0x01, 0xbe, 0x06, + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x82, 0x01, 0xbe, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04, 0x82, 0x01, 0xae, 0x30, 0x82, 0x01, 0xaa, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, @@ -747,13 +747,13 @@ constexpr uint8_t kExpectedX509Ed25519Cert_DescriptorInput[855] = { 0xe7, 0x1c, 0x16, 0x62, 0xd5, 0x59, 0xd7, 0x49, 0x2b, 0x6a, 0xa2, 0x36, 0x67, 0x57, 0xd1, 0xf2, 0xf9, 0xaf, 0x13, 0xd7, 0xa3, 0xe4, 0xd3, 0x39, 0x5b, 0x02, 0x78, 0xb1, 0xe0, 0x09, 0x70, 0xa2, 0xa6, 0x03, 0x0a, 0x01, - 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xce, - 0xe6, 0xa6, 0xf7, 0x5a, 0x09, 0x2e, 0xa9, 0xf1, 0x27, 0x73, 0x46, 0x61, - 0x21, 0x5a, 0xf7, 0x15, 0xc4, 0xa5, 0x31, 0x43, 0x37, 0xb5, 0x2f, 0x3d, - 0xc8, 0x61, 0xf1, 0xd2, 0x65, 0x56, 0x84, 0x81, 0xe2, 0xc5, 0xc4, 0xa0, - 0x87, 0x55, 0xd0, 0x55, 0x15, 0xce, 0x14, 0xd5, 0x8e, 0x94, 0x5a, 0xf9, - 0xb7, 0x0e, 0x09, 0x91, 0x3b, 0x25, 0x75, 0xe2, 0xea, 0xcb, 0x7d, 0x37, - 0x72, 0x54, 0x0f}; + 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x70, + 0x3c, 0xba, 0x64, 0x6b, 0x18, 0x2b, 0x3f, 0x26, 0xb3, 0x67, 0x52, 0x3b, + 0x3d, 0x08, 0xf5, 0x88, 0x3d, 0xfe, 0x79, 0xd4, 0xb4, 0xe5, 0x70, 0x71, + 0x1d, 0x95, 0xf6, 0x9a, 0xac, 0xca, 0xf7, 0x23, 0x8b, 0xfd, 0xe2, 0x22, + 0x5b, 0x3b, 0x39, 0x82, 0x99, 0x02, 0xe8, 0xdb, 0x67, 0x70, 0xf2, 0x99, + 0x9d, 0xf7, 0x3b, 0x73, 0x12, 0x6a, 0xb0, 0xa0, 0xac, 0x49, 0x4b, 0x37, + 0x06, 0x21, 0x06}; // $ openssl x509 -inform DER -noout -text -certopt ext_parse // Certificate: @@ -20,7 +20,8 @@ MODULE := $(LOCAL_DIR) MODULE_SRCS := \ $(LOCAL_DIR)/src/android/bcc.c \ - $(LOCAL_DIR)/src/boringssl_hash_kdf_sign_ops.c \ + $(LOCAL_DIR)/src/boringssl_hash_kdf_ops.c \ + $(LOCAL_DIR)/src/boringssl_ed25519_ops.c \ $(LOCAL_DIR)/src/cbor_cert_op.c \ $(LOCAL_DIR)/src/cbor_writer.c \ $(LOCAL_DIR)/src/clear_memory.c \ diff --git a/src/android/BUILD.gn b/src/android/BUILD.gn index 4cef1b0..dd8bdbc 100644 --- a/src/android/BUILD.gn +++ b/src/android/BUILD.gn @@ -21,6 +21,7 @@ pw_source_set("bcc") { deps = [ "//:cbor_reader", "//:cbor_writer", + "//:dice_with_cbor_cert", ] } @@ -30,7 +31,6 @@ pw_test("bcc_test") { ] deps = [ ":bcc", - "//:dice_with_cbor_cert", ] } @@ -40,6 +40,5 @@ pw_executable("bcc_fuzzer") { ] deps = [ ":bcc", - "//:dice_with_boringssl_ops", ] } diff --git a/src/android/bcc.c b/src/android/bcc.c index 60a98a0..8855f71 100644 --- a/src/android/bcc.c +++ b/src/android/bcc.c @@ -18,7 +18,9 @@ #include "dice/cbor_reader.h" #include "dice/cbor_writer.h" +#include "dice/ops/trait/cose.h" #include "dice/dice.h" +#include "dice/ops.h" // Completely gratuitous bit twiddling. static size_t PopulationCount(uint32_t n) { @@ -127,6 +129,69 @@ DiceResult BccMainFlow(void* context, return kDiceResultOk; } +static DiceResult BccMainFlowWithNewBcc( + void* context, const uint8_t current_cdi_attest[DICE_CDI_SIZE], + const uint8_t current_cdi_seal[DICE_CDI_SIZE], + const DiceInputValues* input_values, size_t buffer_size, uint8_t* buffer, + size_t* bcc_size, uint8_t next_cdi_attest[DICE_CDI_SIZE], + uint8_t next_cdi_seal[DICE_CDI_SIZE]) { + uint8_t current_cdi_private_key_seed[DICE_PRIVATE_KEY_SEED_SIZE]; + uint8_t attestation_public_key[DICE_PUBLIC_KEY_SIZE]; + uint8_t attestation_private_key[DICE_PRIVATE_KEY_SIZE]; + // Derive an asymmetric private key seed from the current attestation CDI + // value. + DiceResult result = DiceDeriveCdiPrivateKeySeed(context, current_cdi_attest, + current_cdi_private_key_seed); + if (result != kDiceResultOk) { + goto out; + } + // Derive attestation key pair. + result = DiceKeypairFromSeed(context, current_cdi_private_key_seed, + attestation_public_key, attestation_private_key); + if (result != kDiceResultOk) { + goto out; + } + + // Consruct the BCC from the attestation public key and the next CDI + // certificate. + struct CborOut out; + CborOutInit(buffer, buffer_size, &out); + CborWriteArray(2, &out); + if (CborOutOverflowed(&out)) { + result = kDiceResultBufferTooSmall; + goto out; + } + size_t encoded_size_used = CborOutSize(&out); + buffer += encoded_size_used; + buffer_size -= encoded_size_used; + + size_t encoded_pub_key_size = 0; + result = DiceCoseEncodePublicKey(context, attestation_public_key, buffer_size, + buffer, &encoded_pub_key_size); + if (result != kDiceResultOk) { + goto out; + } + + buffer += encoded_pub_key_size; + buffer_size -= encoded_pub_key_size; + + result = DiceMainFlow(context, current_cdi_attest, current_cdi_seal, + input_values, buffer_size, buffer, bcc_size, + next_cdi_attest, next_cdi_seal); + if (result != kDiceResultOk) { + return result; + } + *bcc_size += encoded_size_used + encoded_pub_key_size; + +out: + DiceClearMemory(context, sizeof(current_cdi_private_key_seed), + current_cdi_private_key_seed); + DiceClearMemory(context, sizeof(attestation_private_key), + attestation_private_key); + + return result; +} + DiceResult BccHandoverMainFlow(void* context, const uint8_t* bcc_handover, size_t bcc_handover_size, const DiceInputValues* input_values, @@ -146,13 +211,13 @@ DiceResult BccHandoverMainFlow(void* context, const uint8_t* bcc_handover, // BccHandover = { // 1 : bstr .size 32, ; CDI_Attest // 2 : bstr .size 32, ; CDI_Seal - // 3 : Bcc, ; Certificate chain + // ? 3 : Bcc, ; Certificate chain // } struct CborIn in; int64_t label; size_t item_size; CborInInit(bcc_handover, bcc_handover_size, &in); - if (CborReadMap(&in, &item_size) != CBOR_READ_RESULT_OK || item_size < 3 || + if (CborReadMap(&in, &item_size) != CBOR_READ_RESULT_OK || item_size < 2 || // Read the attestation CDI. CborReadInt(&in, &label) != CBOR_READ_RESULT_OK || label != kCdiAttestLabel || @@ -163,17 +228,23 @@ DiceResult BccHandoverMainFlow(void* context, const uint8_t* bcc_handover, CborReadInt(&in, &label) != CBOR_READ_RESULT_OK || label != kCdiSealLabel || CborReadBstr(&in, &item_size, ¤t_cdi_seal) != CBOR_READ_RESULT_OK || - item_size != DICE_CDI_SIZE || - // Read the BCC. - CborReadInt(&in, &label) != CBOR_READ_RESULT_OK || label != kBccLabel) { + item_size != DICE_CDI_SIZE) { return kDiceResultInvalidInput; } - size_t bcc_start = CborInOffset(&in); - bcc = bcc_handover + bcc_start; - if (CborReadSkip(&in) != CBOR_READ_RESULT_OK) { - return kDiceResultInvalidInput; + + size_t bcc_size = 0; + // Calculate the BCC size, if the BCC is present in the BccHandover. + if (CborReadInt(&in, &label) == CBOR_READ_RESULT_OK) { + if (label != kBccLabel) { + return kDiceResultInvalidInput; + } + size_t bcc_start = CborInOffset(&in); + bcc = bcc_handover + bcc_start; + if (CborReadSkip(&in) != CBOR_READ_RESULT_OK) { + return kDiceResultInvalidInput; + } + bcc_size = CborInOffset(&in) - bcc_start; } - size_t bcc_size = CborInOffset(&in) - bcc_start; // Write the new handover data. struct CborOut out; @@ -189,14 +260,24 @@ DiceResult BccHandoverMainFlow(void* context, const uint8_t* bcc_handover, return kDiceResultBufferTooSmall; } - result = BccMainFlow(context, current_cdi_attest, current_cdi_seal, bcc, - bcc_size, input_values, buffer_size - CborOutSize(&out), - buffer + CborOutSize(&out), &bcc_size, next_cdi_attest, - next_cdi_seal); + if (bcc_size != 0) { + // If BCC is present in the bcc_handover, append the next certificate to the + // existing BCC. + result = BccMainFlow(context, current_cdi_attest, current_cdi_seal, bcc, + bcc_size, input_values, buffer_size - CborOutSize(&out), + buffer + CborOutSize(&out), &bcc_size, next_cdi_attest, + next_cdi_seal); + } else { + // If BCC is not present in the bcc_handover, construct BCC from the public key + // derived from the current CDI attest and the next CDI certificate. + result = BccMainFlowWithNewBcc( + context, current_cdi_attest, current_cdi_seal, input_values, + buffer_size - CborOutSize(&out), buffer + CborOutSize(&out), &bcc_size, + next_cdi_attest, next_cdi_seal); + } if (result != kDiceResultOk) { - return result; + return result; } - *actual_size = CborOutSize(&out) + bcc_size; return kDiceResultOk; } diff --git a/src/android/bcc_test.cc b/src/android/bcc_test.cc index 20bea0d..44dce5b 100644 --- a/src/android/bcc_test.cc +++ b/src/android/bcc_test.cc @@ -114,6 +114,29 @@ TEST(BccHandoverTest, PreservesPreviousEntries) { EXPECT_EQ(0, memcmp(next_bcc_handover + 73, bcc_handover + 73, sizeof(bcc_handover) - 8 - 73)); } + +TEST(BccHandoverNoCertTest, InHandoverWithoutBccOutHandoverWithBcc) { + const uint8_t bcc_handover[] = { + 0xa2, + // CDI attest + 0x01, 0x58, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + // CDI seal + 0x02, 0x58, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + DiceInputValues input_values = {}; + uint8_t next_bcc_handover[1024] = {}; + size_t next_bcc_handover_size; + DiceResult result = BccHandoverMainFlow( + /*context=*/NULL, bcc_handover, sizeof(bcc_handover), &input_values, + sizeof(next_bcc_handover), next_bcc_handover, &next_bcc_handover_size); + EXPECT_EQ(kDiceResultOk, result); + EXPECT_GT(next_bcc_handover_size, sizeof(bcc_handover)); + EXPECT_EQ(0xa3, next_bcc_handover[0]); +} } } // namespace diff --git a/src/boringssl_hash_kdf_sign_ops.c b/src/boringssl_ed25519_ops.c index 9198b4a..a1b9797 100644 --- a/src/boringssl_hash_kdf_sign_ops.c +++ b/src/boringssl_ed25519_ops.c @@ -1,4 +1,4 @@ -// Copyright 2020 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); you may not // use this file except in compliance with the License. You may obtain a copy of @@ -12,8 +12,7 @@ // License for the specific language governing permissions and limitations under // the License. -// This is an implementation of the crypto operations that uses boringssl. The -// algorithms used are SHA512, HKDF-SHA512, and Ed25519-SHA512. +// An implementation of the ed25519 signature operations using boringssl. #include <stdint.h> @@ -21,9 +20,6 @@ #include "dice/ops.h" #include "openssl/curve25519.h" #include "openssl/evp.h" -#include "openssl/hkdf.h" -#include "openssl/is_boringssl.h" -#include "openssl/sha.h" #if DICE_PRIVATE_KEY_SEED_SIZE != 32 #error "Private key seed is expected to be 32 bytes." @@ -38,24 +34,6 @@ #error "Ed25519 needs 64 bytes to store the signature." #endif -DiceResult DiceHash(void* context_not_used, const uint8_t* input, - size_t input_size, uint8_t output[DICE_HASH_SIZE]) { - (void)context_not_used; - SHA512(input, input_size, output); - return kDiceResultOk; -} - -DiceResult DiceKdf(void* context_not_used, size_t length, const uint8_t* ikm, - size_t ikm_size, const uint8_t* salt, size_t salt_size, - const uint8_t* info, size_t info_size, uint8_t* output) { - (void)context_not_used; - if (!HKDF(output, length, EVP_sha512(), ikm, ikm_size, salt, salt_size, info, - info_size)) { - return kDiceResultPlatformError; - } - return kDiceResultOk; -} - DiceResult DiceKeypairFromSeed(void* context_not_used, const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE], uint8_t public_key[DICE_PUBLIC_KEY_SIZE], diff --git a/src/boringssl_hash_kdf_ops.c b/src/boringssl_hash_kdf_ops.c new file mode 100644 index 0000000..657276a --- /dev/null +++ b/src/boringssl_hash_kdf_ops.c @@ -0,0 +1,43 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// An implementation of the hash and kdf crypto operations using boringssl. The +// algorithms used are SHA512 and HKDF-SHA512. + +#include <stdint.h> + +#include "dice/dice.h" +#include "dice/ops.h" +#include "openssl/evp.h" +#include "openssl/hkdf.h" +#include "openssl/is_boringssl.h" +#include "openssl/sha.h" + +DiceResult DiceHash(void* context_not_used, const uint8_t* input, + size_t input_size, uint8_t output[DICE_HASH_SIZE]) { + (void)context_not_used; + SHA512(input, input_size, output); + return kDiceResultOk; +} + +DiceResult DiceKdf(void* context_not_used, size_t length, const uint8_t* ikm, + size_t ikm_size, const uint8_t* salt, size_t salt_size, + const uint8_t* info, size_t info_size, uint8_t* output) { + (void)context_not_used; + if (!HKDF(output, length, EVP_sha512(), ikm, ikm_size, salt, salt_size, info, + info_size)) { + return kDiceResultPlatformError; + } + return kDiceResultOk; +} @@ -152,6 +152,14 @@ DiceResult DiceMainFlow(void* context, goto out; } + // Create the CDI certificate only if it is required (i.e. non-null/non-zero + // values are provided for the next CDI certificate parameters). + if (next_cdi_certificate == NULL && + next_cdi_certificate_actual_size == NULL && + next_cdi_certificate_buffer_size == 0) { + goto out; + } + // Derive asymmetric private key seeds from the attestation CDI values. result = DiceDeriveCdiPrivateKeySeed(context, current_cdi_attest, current_cdi_private_key_seed); @@ -170,9 +178,7 @@ DiceResult DiceMainFlow(void* context, context, next_cdi_private_key_seed, current_cdi_private_key_seed, input_values, next_cdi_certificate_buffer_size, next_cdi_certificate, next_cdi_certificate_actual_size); - if (result != kDiceResultOk) { - goto out; - } + out: // Clear sensitive memory. DiceClearMemory(context, sizeof(input_buffer), input_buffer); diff --git a/src/dice_test.cc b/src/dice_test.cc index 65330f7..a5d3b9e 100644 --- a/src/dice_test.cc +++ b/src/dice_test.cc @@ -198,4 +198,24 @@ TEST(DiceTest, NoExtraneousOps) { EXPECT_LE(ops.generate_certificate_count_, 1); } +TEST(DiceTest, NoCertParamsPreservesCDIs) { + FakeDiceOps ops; + DiceStateForTest current_state = {}; + DiceStateForTest next_state = {}; + DiceStateForTest next_state_no_cert = {}; + DiceInputValues input_values = {}; + DiceResult result = DiceMainFlow( + &ops, current_state.cdi_attest, current_state.cdi_seal, &input_values, + sizeof(next_state.certificate), next_state.certificate, + &next_state.certificate_size, next_state.cdi_attest, next_state.cdi_seal); + result = DiceMainFlow( + &ops, current_state.cdi_attest, current_state.cdi_seal, &input_values, 0, + NULL, NULL, next_state_no_cert.cdi_attest, next_state_no_cert.cdi_seal); + EXPECT_EQ(kDiceResultOk, result); + EXPECT_EQ(0, memcmp(next_state.cdi_attest, next_state_no_cert.cdi_attest, + DICE_CDI_SIZE)); + EXPECT_EQ(0, memcmp(next_state.cdi_seal, next_state_no_cert.cdi_seal, + DICE_CDI_SIZE)); +} + } // namespace diff --git a/src/template_cert_op.c b/src/template_cert_op.c index 0df423a..e577cd2 100644 --- a/src/template_cert_op.c +++ b/src/template_cert_op.c @@ -87,7 +87,7 @@ static const uint8_t kTemplate[635] = { // Constant encoding. 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, - 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0x01, 0x30, 0x81, 0xe3, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe3, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40, // Offset 356: Code hash, 64 bytes. diff --git a/third_party/boringssl/BUILD.generated.gni b/third_party/boringssl/BUILD.generated.gni index aee38c2..fed3f02 100644 --- a/third_party/boringssl/BUILD.generated.gni +++ b/third_party/boringssl/BUILD.generated.gni @@ -18,18 +18,19 @@ crypto_sources = [ "src/crypto/asn1/a_object.c", "src/crypto/asn1/a_octet.c", "src/crypto/asn1/a_print.c", + "src/crypto/asn1/a_strex.c", "src/crypto/asn1/a_strnid.c", "src/crypto/asn1/a_time.c", "src/crypto/asn1/a_type.c", "src/crypto/asn1/a_utctm.c", "src/crypto/asn1/a_utf8.c", "src/crypto/asn1/asn1_lib.c", - "src/crypto/asn1/asn1_locl.h", "src/crypto/asn1/asn1_par.c", "src/crypto/asn1/asn_pack.c", - "src/crypto/asn1/f_enum.c", + "src/crypto/asn1/charmap.h", "src/crypto/asn1/f_int.c", "src/crypto/asn1/f_string.c", + "src/crypto/asn1/internal.h", "src/crypto/asn1/tasn_dec.c", "src/crypto/asn1/tasn_enc.c", "src/crypto/asn1/tasn_fre.c", @@ -137,8 +138,8 @@ crypto_sources = [ "src/crypto/fipsmodule/ec/p256-x86_64-table.h", "src/crypto/fipsmodule/ec/p256-x86_64.h", "src/crypto/fipsmodule/ec/p256_table.h", + "src/crypto/fipsmodule/ecdsa/internal.h", "src/crypto/fipsmodule/fips_shared_support.c", - "src/crypto/fipsmodule/is_fips.c", "src/crypto/fipsmodule/md5/internal.h", "src/crypto/fipsmodule/modes/internal.h", "src/crypto/fipsmodule/rand/fork_detect.h", @@ -149,10 +150,10 @@ crypto_sources = [ "src/crypto/fipsmodule/tls/internal.h", "src/crypto/hkdf/hkdf.c", "src/crypto/hpke/hpke.c", - "src/crypto/hpke/internal.h", "src/crypto/hrss/hrss.c", "src/crypto/hrss/internal.h", "src/crypto/internal.h", + "src/crypto/lhash/internal.h", "src/crypto/lhash/lhash.c", "src/crypto/mem.c", "src/crypto/obj/obj.c", @@ -202,21 +203,19 @@ crypto_sources = [ "src/crypto/trust_token/voprf.c", "src/crypto/x509/a_digest.c", "src/crypto/x509/a_sign.c", - "src/crypto/x509/a_strex.c", "src/crypto/x509/a_verify.c", "src/crypto/x509/algorithm.c", "src/crypto/x509/asn1_gen.c", "src/crypto/x509/by_dir.c", "src/crypto/x509/by_file.c", - "src/crypto/x509/charmap.h", "src/crypto/x509/i2d_pr.c", "src/crypto/x509/internal.h", + "src/crypto/x509/name_print.c", "src/crypto/x509/rsa_pss.c", "src/crypto/x509/t_crl.c", "src/crypto/x509/t_req.c", "src/crypto/x509/t_x509.c", "src/crypto/x509/t_x509a.c", - "src/crypto/x509/vpm_int.h", "src/crypto/x509/x509.c", "src/crypto/x509/x509_att.c", "src/crypto/x509/x509_cmp.c", @@ -225,7 +224,6 @@ crypto_sources = [ "src/crypto/x509/x509_ext.c", "src/crypto/x509/x509_lu.c", "src/crypto/x509/x509_obj.c", - "src/crypto/x509/x509_r2x.c", "src/crypto/x509/x509_req.c", "src/crypto/x509/x509_set.c", "src/crypto/x509/x509_trs.c", @@ -256,7 +254,6 @@ crypto_sources = [ "src/crypto/x509v3/internal.h", "src/crypto/x509v3/pcy_cache.c", "src/crypto/x509v3/pcy_data.c", - "src/crypto/x509v3/pcy_int.h", "src/crypto/x509v3/pcy_lib.c", "src/crypto/x509v3/pcy_map.c", "src/crypto/x509v3/pcy_node.c", @@ -328,9 +325,11 @@ crypto_headers = [ "src/include/openssl/engine.h", "src/include/openssl/err.h", "src/include/openssl/evp.h", + "src/include/openssl/evp_errors.h", "src/include/openssl/ex_data.h", "src/include/openssl/hkdf.h", "src/include/openssl/hmac.h", + "src/include/openssl/hpke.h", "src/include/openssl/hrss.h", "src/include/openssl/is_boringssl.h", "src/include/openssl/lhash.h", @@ -375,6 +374,8 @@ ssl_sources = [ "src/ssl/d1_srtp.cc", "src/ssl/dtls_method.cc", "src/ssl/dtls_record.cc", + "src/ssl/encrypted_client_hello.cc", + "src/ssl/extensions.cc", "src/ssl/handoff.cc", "src/ssl/handshake.cc", "src/ssl/handshake_client.cc", @@ -398,7 +399,6 @@ ssl_sources = [ "src/ssl/ssl_versions.cc", "src/ssl/ssl_x509.cc", "src/ssl/t1_enc.cc", - "src/ssl/t1_lib.cc", "src/ssl/tls13_both.cc", "src/ssl/tls13_client.cc", "src/ssl/tls13_enc.cc", @@ -423,6 +423,7 @@ tool_sources = [ "src/tool/digest.cc", "src/tool/fd.cc", "src/tool/file.cc", + "src/tool/generate_ech.cc", "src/tool/generate_ed25519.cc", "src/tool/genrsa.cc", "src/tool/internal.h", @@ -632,6 +633,7 @@ fuzzers = [ "bn_mod_exp", "cert", "client", + "decode_client_hello_inner", "dtls_client", "dtls_server", "pkcs12", diff --git a/third_party/boringssl/err_data.c b/third_party/boringssl/err_data.c index 75168e6..98bc22a 100644 --- a/third_party/boringssl/err_data.c +++ b/third_party/boringssl/err_data.c @@ -55,184 +55,185 @@ OPENSSL_STATIC_ASSERT(ERR_LIB_USER == 33, "library value changed"); OPENSSL_STATIC_ASSERT(ERR_NUM_LIBS == 34, "number of libraries changed"); const uint32_t kOpenSSLReasonValues[] = { - 0xc320847, - 0xc328861, - 0xc330870, - 0xc338880, - 0xc34088f, - 0xc3488a8, - 0xc3508b4, - 0xc3588d1, - 0xc3608f1, - 0xc3688ff, - 0xc37090f, - 0xc37891c, - 0xc38092c, - 0xc388937, - 0xc39094d, - 0xc39895c, - 0xc3a0970, - 0xc3a8854, + 0xc320862, + 0xc32887c, + 0xc33088b, + 0xc33889b, + 0xc3408aa, + 0xc3488c3, + 0xc3508cf, + 0xc3588ec, + 0xc36090c, + 0xc36891a, + 0xc37092a, + 0xc378937, + 0xc380947, + 0xc388952, + 0xc390968, + 0xc398977, + 0xc3a098b, + 0xc3a886f, 0xc3b00f7, - 0xc3b88e3, - 0x10320854, - 0x103295b6, - 0x103315c2, - 0x103395db, - 0x103415ee, - 0x10348f34, - 0x10350c6d, - 0x10359601, - 0x1036162b, - 0x1036963e, - 0x1037165d, - 0x10379676, - 0x1038168b, - 0x103896a9, - 0x103916b8, - 0x103996d4, - 0x103a16ef, - 0x103a96fe, - 0x103b171a, - 0x103b9735, - 0x103c175b, + 0xc3b88fe, + 0x1032086f, + 0x103295e5, + 0x103315f1, + 0x1033960a, + 0x1034161d, + 0x10348f4f, + 0x10350c88, + 0x10359630, + 0x1036165a, + 0x1036966d, + 0x1037168c, + 0x103796a5, + 0x103816ba, + 0x103896d8, + 0x103916e7, + 0x10399703, + 0x103a171e, + 0x103a972d, + 0x103b1749, + 0x103b9764, + 0x103c178a, 0x103c80f7, - 0x103d176c, - 0x103d9780, - 0x103e179f, - 0x103e97ae, - 0x103f17c5, - 0x103f97d8, - 0x10400c31, - 0x104097eb, - 0x10411809, - 0x1041981c, - 0x10421836, - 0x10429846, - 0x1043185a, - 0x10439870, - 0x10441888, - 0x1044989d, - 0x104518b1, - 0x104598c3, - 0x1046060a, - 0x1046895c, - 0x104718d8, - 0x104798ef, - 0x10481904, - 0x10489912, - 0x10490e80, - 0x1049974c, - 0x104a1616, - 0x14320c14, - 0x14328c22, - 0x14330c31, - 0x14338c43, + 0x103d179b, + 0x103d97af, + 0x103e17ce, + 0x103e97dd, + 0x103f17f4, + 0x103f9807, + 0x10400c4c, + 0x1040981a, + 0x10411838, + 0x1041984b, + 0x10421865, + 0x10429875, + 0x10431889, + 0x1043989f, + 0x104418b7, + 0x104498cc, + 0x104518e0, + 0x104598f2, + 0x10460625, + 0x10468977, + 0x10471907, + 0x1047991e, + 0x10481933, + 0x10489941, + 0x10490e9b, + 0x1049977b, + 0x104a1645, + 0x14320c2f, + 0x14328c3d, + 0x14330c4c, + 0x14338c5e, 0x143400b9, 0x143480f7, 0x18320090, - 0x18328f8a, + 0x18328fa5, 0x183300b9, - 0x18338fa0, - 0x18340fb4, + 0x18338fbb, + 0x18340fcf, 0x183480f7, - 0x18350fd3, - 0x18358feb, - 0x18361000, - 0x18369014, - 0x18371038, - 0x1837904e, - 0x18381062, - 0x18389072, - 0x18390a82, - 0x18399082, - 0x183a10a8, - 0x183a90ce, - 0x183b0c8c, - 0x183b911d, - 0x183c112f, - 0x183c913a, - 0x183d114a, - 0x183d915b, - 0x183e116c, - 0x183e917e, - 0x183f11a7, - 0x183f91c0, - 0x184011d8, - 0x184086e2, - 0x184110f1, - 0x184190bc, - 0x184210db, - 0x18428c79, - 0x18431097, - 0x18439103, - 0x18440fc9, - 0x20321212, - 0x203291ff, - 0x2432121e, - 0x243289a2, - 0x24331230, - 0x2433923d, - 0x2434124a, - 0x2434925c, - 0x2435126b, - 0x24359288, - 0x24361295, - 0x243692a3, - 0x243712b1, - 0x243792bf, - 0x243812c8, - 0x243892d5, - 0x243912e8, - 0x28320c61, - 0x28328c8c, - 0x28330c31, - 0x28338c9f, - 0x28340c6d, + 0x18350fee, + 0x18359006, + 0x1836101b, + 0x1836902f, + 0x18371067, + 0x1837907d, + 0x18381091, + 0x183890a1, + 0x18390a9d, + 0x183990b1, + 0x183a10d7, + 0x183a90fd, + 0x183b0ca7, + 0x183b914c, + 0x183c115e, + 0x183c9169, + 0x183d1179, + 0x183d918a, + 0x183e119b, + 0x183e91ad, + 0x183f11d6, + 0x183f91ef, + 0x18401207, + 0x184086fd, + 0x18411120, + 0x184190eb, + 0x1842110a, + 0x18428c94, + 0x184310c6, + 0x18439132, + 0x18440fe4, + 0x18449053, + 0x20321241, + 0x2032922e, + 0x2432124d, + 0x243289bd, + 0x2433125f, + 0x2433926c, + 0x24341279, + 0x2434928b, + 0x2435129a, + 0x243592b7, + 0x243612c4, + 0x243692d2, + 0x243712e0, + 0x243792ee, + 0x243812f7, + 0x24389304, + 0x24391317, + 0x28320c7c, + 0x28328ca7, + 0x28330c4c, + 0x28338cba, + 0x28340c88, 0x283480b9, 0x283500f7, - 0x28358c79, - 0x2c3230e6, - 0x2c3292ff, - 0x2c3330f4, - 0x2c33b106, - 0x2c34311a, - 0x2c34b12c, - 0x2c353147, - 0x2c35b159, - 0x2c363189, + 0x28358c94, + 0x2c323286, + 0x2c32932e, + 0x2c333294, + 0x2c33b2a6, + 0x2c3432ba, + 0x2c34b2cc, + 0x2c3532e7, + 0x2c35b2f9, + 0x2c363329, 0x2c36833a, - 0x2c373196, - 0x2c37b1c2, - 0x2c3831e7, - 0x2c38b1fe, - 0x2c39321c, - 0x2c39b22c, - 0x2c3a323e, - 0x2c3ab252, - 0x2c3b3263, - 0x2c3bb282, - 0x2c3c1311, - 0x2c3c9327, - 0x2c3d3296, - 0x2c3d9340, - 0x2c3e32b3, - 0x2c3eb2c1, - 0x2c3f32d9, - 0x2c3fb2f1, - 0x2c40331b, - 0x2c409212, - 0x2c41332c, - 0x2c41b33f, - 0x2c4211d8, - 0x2c42b350, - 0x2c43072f, - 0x2c43b274, - 0x2c4431d5, - 0x2c44b2fe, - 0x2c45316c, - 0x2c45b1a8, - 0x2c46320c, + 0x2c373336, + 0x2c37b362, + 0x2c383387, + 0x2c38b39e, + 0x2c3933bc, + 0x2c39b3cc, + 0x2c3a33de, + 0x2c3ab3f2, + 0x2c3b3403, + 0x2c3bb422, + 0x2c3c1340, + 0x2c3c9356, + 0x2c3d3436, + 0x2c3d936f, + 0x2c3e3453, + 0x2c3eb461, + 0x2c3f3479, + 0x2c3fb491, + 0x2c4034bb, + 0x2c409241, + 0x2c4134cc, + 0x2c41b4df, + 0x2c421207, + 0x2c42b4f0, + 0x2c43074a, + 0x2c43b414, + 0x2c443375, + 0x2c44b49e, + 0x2c45330c, + 0x2c45b348, + 0x2c4633ac, 0x30320000, 0x30328015, 0x3033001f, @@ -275,514 +276,530 @@ const uint32_t kOpenSSLReasonValues[] = { 0x30458306, 0x3046031f, 0x3046833a, - 0x30470357, - 0x30478369, - 0x30480377, - 0x30488388, - 0x30490397, - 0x304983af, - 0x304a03c1, - 0x304a83d5, - 0x304b03ed, - 0x304b8400, - 0x304c040b, - 0x304c841c, - 0x304d0428, - 0x304d843e, - 0x304e044c, - 0x304e8462, - 0x304f0474, - 0x304f8486, - 0x305004a9, - 0x305084bc, - 0x305104cd, - 0x305184dd, - 0x305204f5, - 0x3052850a, - 0x30530522, - 0x30538536, - 0x3054054e, - 0x30548567, - 0x30550580, - 0x3055859d, - 0x305605a8, - 0x305685c0, - 0x305705d0, - 0x305785e1, - 0x305805f4, - 0x3058860a, - 0x30590613, - 0x30598628, - 0x305a063b, - 0x305a864a, - 0x305b066a, - 0x305b8679, - 0x305c069a, - 0x305c86b6, - 0x305d06c2, - 0x305d86e2, - 0x305e06fe, - 0x305e870f, - 0x305f0725, - 0x305f872f, - 0x30600499, + 0x30470372, + 0x30478384, + 0x30480392, + 0x304883a3, + 0x304903b2, + 0x304983ca, + 0x304a03dc, + 0x304a83f0, + 0x304b0408, + 0x304b841b, + 0x304c0426, + 0x304c8437, + 0x304d0443, + 0x304d8459, + 0x304e0467, + 0x304e847d, + 0x304f048f, + 0x304f84a1, + 0x305004c4, + 0x305084d7, + 0x305104e8, + 0x305184f8, + 0x30520510, + 0x30528525, + 0x3053053d, + 0x30538551, + 0x30540569, + 0x30548582, + 0x3055059b, + 0x305585b8, + 0x305605c3, + 0x305685db, + 0x305705eb, + 0x305785fc, + 0x3058060f, + 0x30588625, + 0x3059062e, + 0x30598643, + 0x305a0656, + 0x305a8665, + 0x305b0685, + 0x305b8694, + 0x305c06b5, + 0x305c86d1, + 0x305d06dd, + 0x305d86fd, + 0x305e0719, + 0x305e872a, + 0x305f0740, + 0x305f874a, + 0x306004b4, 0x3060804a, - 0x34320b72, - 0x34328b86, - 0x34330ba3, - 0x34338bb6, - 0x34340bc5, - 0x34348bfe, - 0x34350be2, + 0x30610357, + 0x34320b8d, + 0x34328ba1, + 0x34330bbe, + 0x34338bd1, + 0x34340be0, + 0x34348c19, + 0x34350bfd, 0x3c320090, - 0x3c328cc9, - 0x3c330ce2, - 0x3c338cfd, - 0x3c340d1a, - 0x3c348d44, - 0x3c350d5f, - 0x3c358d85, - 0x3c360d9e, - 0x3c368db6, - 0x3c370dc7, - 0x3c378dd5, - 0x3c380de2, - 0x3c388df6, - 0x3c390c8c, - 0x3c398e19, - 0x3c3a0e2d, - 0x3c3a891c, - 0x3c3b0e3d, - 0x3c3b8e58, - 0x3c3c0e6a, - 0x3c3c8e9d, - 0x3c3d0ea7, - 0x3c3d8ebb, - 0x3c3e0ec9, - 0x3c3e8eee, - 0x3c3f0cb5, - 0x3c3f8ed7, + 0x3c328ce4, + 0x3c330cfd, + 0x3c338d18, + 0x3c340d35, + 0x3c348d5f, + 0x3c350d7a, + 0x3c358da0, + 0x3c360db9, + 0x3c368dd1, + 0x3c370de2, + 0x3c378df0, + 0x3c380dfd, + 0x3c388e11, + 0x3c390ca7, + 0x3c398e34, + 0x3c3a0e48, + 0x3c3a8937, + 0x3c3b0e58, + 0x3c3b8e73, + 0x3c3c0e85, + 0x3c3c8eb8, + 0x3c3d0ec2, + 0x3c3d8ed6, + 0x3c3e0ee4, + 0x3c3e8f09, + 0x3c3f0cd0, + 0x3c3f8ef2, 0x3c4000b9, 0x3c4080f7, - 0x3c410d35, - 0x3c418d74, - 0x3c420e80, - 0x3c428e0a, - 0x403219a4, - 0x403299ba, - 0x403319e8, - 0x403399f2, - 0x40341a09, - 0x40349a27, - 0x40351a37, - 0x40359a49, - 0x40361a56, - 0x40369a62, - 0x40371a77, - 0x40379a89, - 0x40381a94, - 0x40389aa6, - 0x40390f34, - 0x40399ab6, - 0x403a1ac9, - 0x403a9aea, - 0x403b1afb, - 0x403b9b0b, + 0x3c410d50, + 0x3c418d8f, + 0x3c420e9b, + 0x3c428e25, + 0x403219d3, + 0x403299e9, + 0x40331a17, + 0x40339a21, + 0x40341a38, + 0x40349a56, + 0x40351a66, + 0x40359a78, + 0x40361a85, + 0x40369a91, + 0x40371aa6, + 0x40379ab8, + 0x40381ac3, + 0x40389ad5, + 0x40390f4f, + 0x40399ae5, + 0x403a1af8, + 0x403a9b19, + 0x403b1b2a, + 0x403b9b3a, 0x403c0071, 0x403c8090, - 0x403d1b6c, - 0x403d9b82, - 0x403e1b91, - 0x403e9bc9, - 0x403f1be3, - 0x403f9c0b, - 0x40401c20, - 0x40409c34, - 0x40411c6f, - 0x40419c8a, - 0x40421ca3, - 0x40429cb6, - 0x40431cca, - 0x40439ce2, - 0x40441cf9, + 0x403d1b9b, + 0x403d9bb1, + 0x403e1bc0, + 0x403e9bf8, + 0x403f1c12, + 0x403f9c3a, + 0x40401c4f, + 0x40409c63, + 0x40411c9e, + 0x40419cb9, + 0x40421cd2, + 0x40429ce5, + 0x40431cf9, + 0x40439d27, + 0x40441d3e, 0x404480b9, - 0x40451d0e, - 0x40459d20, - 0x40461d44, - 0x40469d64, - 0x40471d72, - 0x40479d99, - 0x40481e0a, - 0x40489e3d, - 0x40491e54, - 0x40499e6e, - 0x404a1e85, - 0x404a9ea3, - 0x404b1ebb, - 0x404b9ee8, - 0x404c1efe, - 0x404c9f10, - 0x404d1f31, - 0x404d9f6a, - 0x404e1f7e, - 0x404e9f8b, - 0x404f1fd2, - 0x404fa018, - 0x4050206f, - 0x4050a083, - 0x405120b6, - 0x405220c6, - 0x4052a0ea, - 0x40532102, - 0x4053a115, - 0x4054212a, - 0x4054a14d, - 0x40552178, - 0x4055a1b5, - 0x405621da, - 0x4056a1f3, - 0x4057220b, - 0x4057a21e, - 0x40582233, - 0x4058a25a, - 0x40592289, - 0x4059a2b6, - 0x405a22ca, - 0x405aa2da, - 0x405b22f2, - 0x405ba303, - 0x405c2316, - 0x405ca355, - 0x405d2362, - 0x405da387, - 0x405e23c5, - 0x405e8ac0, - 0x405f23e6, - 0x405fa3f3, - 0x40602401, - 0x4060a423, - 0x40612484, - 0x4061a4bc, - 0x406224d3, - 0x4062a4e4, - 0x40632531, - 0x4063a546, - 0x4064255d, - 0x4064a589, - 0x406525a4, - 0x4065a5bb, - 0x406625d3, - 0x4066a5fd, - 0x40672628, - 0x4067a66d, - 0x406826b5, - 0x4068a6d6, - 0x40692708, - 0x4069a736, - 0x406a2757, - 0x406aa777, - 0x406b28ff, - 0x406ba922, - 0x406c2938, - 0x406cac29, - 0x406d2c58, - 0x406dac80, - 0x406e2cae, - 0x406eacfb, - 0x406f2d54, - 0x406fad8c, - 0x40702d9f, - 0x4070adbc, - 0x4071080f, - 0x4071adce, - 0x40722de1, - 0x4072ae17, - 0x40732e2f, - 0x40739511, - 0x40742e43, - 0x4074ae5d, - 0x40752e6e, - 0x4075ae82, - 0x40762e90, - 0x407692d5, - 0x40772eb5, - 0x4077aed7, - 0x40782ef2, - 0x4078af2b, - 0x40792f42, - 0x4079af58, - 0x407a2f84, - 0x407aaf97, - 0x407b2fac, - 0x407bafbe, - 0x407c2fef, - 0x407caff8, - 0x407d26f1, - 0x407da028, - 0x407e2f07, - 0x407ea26a, - 0x407f1d86, - 0x407f9ed2, - 0x40801fe2, - 0x40809dae, - 0x408120d8, - 0x40819fbc, - 0x40822c99, - 0x40829b17, - 0x40832245, - 0x4083a56e, - 0x40841dc2, - 0x4084a2a2, - 0x40852327, - 0x4085a44b, - 0x408623a7, - 0x4086a042, - 0x40872cdf, - 0x4087a499, - 0x40881b55, - 0x4088a680, - 0x40891ba4, - 0x40899b31, - 0x408a2970, - 0x408a9929, - 0x408b2fd3, - 0x408bad69, - 0x408c2337, - 0x408c9961, - 0x408d1e23, - 0x408d9df4, - 0x408e1f53, - 0x408ea195, - 0x408f2694, - 0x408fa467, - 0x40902649, - 0x4090a379, - 0x40912958, - 0x40919987, - 0x40921bf1, - 0x4092ad1a, - 0x40932dfa, - 0x4093a053, - 0x40941dd6, - 0x4094a989, - 0x409524f5, - 0x4095af64, - 0x40962cc6, - 0x40969ffb, - 0x4097209e, - 0x40979fa2, - 0x40981c51, - 0x4098a509, - 0x40992d36, - 0x4099a1c2, - 0x409a215b, - 0x409a9945, - 0x41f4282a, - 0x41f928bc, - 0x41fe27af, - 0x41feaa65, - 0x41ff2b7a, - 0x42032843, - 0x42082865, - 0x4208a8a1, - 0x42092793, - 0x4209a8db, - 0x420a27ea, - 0x420aa7ca, - 0x420b280a, - 0x420ba883, - 0x420c2b96, - 0x420ca999, - 0x420d2a4c, - 0x420daa83, - 0x42122a9d, - 0x42172b5d, - 0x4217aadf, - 0x421c2b01, - 0x421f2abc, - 0x42212c0e, - 0x42262b40, - 0x422b2bec, - 0x422baa27, - 0x422c2bce, - 0x422ca9da, - 0x422d29b3, - 0x422dabad, - 0x422e2a06, - 0x42302b1c, - 0x4432073a, - 0x44328749, - 0x44330755, - 0x44338763, - 0x44340776, - 0x44348787, - 0x4435078e, - 0x44358798, - 0x443607ab, - 0x443687c1, - 0x443707d3, - 0x443787e0, - 0x443807ef, - 0x443887f7, - 0x4439080f, - 0x4439881d, - 0x443a0830, - 0x483212ff, - 0x48329311, - 0x48331327, - 0x48339340, - 0x4c321365, - 0x4c329375, - 0x4c331388, - 0x4c3393a8, + 0x40451d53, + 0x40459d65, + 0x40461d89, + 0x40469da9, + 0x40471db7, + 0x40479dde, + 0x40481e4f, + 0x40489f09, + 0x40491f20, + 0x40499f3a, + 0x404a1f51, + 0x404a9f6f, + 0x404b1f87, + 0x404b9fb4, + 0x404c1fca, + 0x404c9fdc, + 0x404d1ffd, + 0x404da036, + 0x404e204a, + 0x404ea057, + 0x404f20f1, + 0x404fa167, + 0x405021be, + 0x4050a1d2, + 0x40512205, + 0x40522215, + 0x4052a239, + 0x40532251, + 0x4053a264, + 0x40542279, + 0x4054a29c, + 0x405522c7, + 0x4055a304, + 0x40562329, + 0x4056a342, + 0x4057235a, + 0x4057a36d, + 0x40582382, + 0x4058a3a9, + 0x405923d8, + 0x4059a405, + 0x405a2419, + 0x405aa429, + 0x405b2441, + 0x405ba452, + 0x405c2465, + 0x405ca4a4, + 0x405d24b1, + 0x405da4d6, + 0x405e2514, + 0x405e8adb, + 0x405f254f, + 0x405fa55c, + 0x4060256a, + 0x4060a58c, + 0x406125ed, + 0x4061a625, + 0x4062263c, + 0x4062a64d, + 0x4063269a, + 0x4063a6af, + 0x406426c6, + 0x4064a6f2, + 0x4065270d, + 0x4065a724, + 0x4066273c, + 0x4066a766, + 0x40672791, + 0x4067a7d6, + 0x4068281e, + 0x4068a83f, + 0x40692871, + 0x4069a89f, + 0x406a28c0, + 0x406aa8e0, + 0x406b2a68, + 0x406baa8b, + 0x406c2aa1, + 0x406cadab, + 0x406d2dda, + 0x406dae02, + 0x406e2e30, + 0x406eae7d, + 0x406f2ed6, + 0x406faf0e, + 0x40702f21, + 0x4070af3e, + 0x4071082a, + 0x4071af50, + 0x40722f63, + 0x4072af99, + 0x40732fb1, + 0x40739540, + 0x40742fc5, + 0x4074afdf, + 0x40752ff0, + 0x4075b004, + 0x40763012, + 0x40769304, + 0x40773037, + 0x4077b077, + 0x40783092, + 0x4078b0cb, + 0x407930e2, + 0x4079b0f8, + 0x407a3124, + 0x407ab137, + 0x407b314c, + 0x407bb15e, + 0x407c318f, + 0x407cb198, + 0x407d285a, + 0x407da177, + 0x407e30a7, + 0x407ea3b9, + 0x407f1dcb, + 0x407f9f9e, + 0x40802101, + 0x40809df3, + 0x40812227, + 0x4081a0a5, + 0x40822e1b, + 0x40829b46, + 0x40832394, + 0x4083a6d7, + 0x40841e07, + 0x4084a3f1, + 0x40852476, + 0x4085a5b4, + 0x408624f6, + 0x4086a191, + 0x40872e61, + 0x4087a602, + 0x40881b84, + 0x4088a7e9, + 0x40891bd3, + 0x40899b60, + 0x408a2ad9, + 0x408a9958, + 0x408b3173, + 0x408baeeb, + 0x408c2486, + 0x408c9990, + 0x408d1eef, + 0x408d9e39, + 0x408e201f, + 0x408ea2e4, + 0x408f27fd, + 0x408fa5d0, + 0x409027b2, + 0x4090a4c8, + 0x40912ac1, + 0x409199b6, + 0x40921c20, + 0x4092ae9c, + 0x40932f7c, + 0x4093a1a2, + 0x40941e1b, + 0x4094aaf2, + 0x4095265e, + 0x4095b104, + 0x40962e48, + 0x4096a11a, + 0x409721ed, + 0x4097a06e, + 0x40981c80, + 0x4098a672, + 0x40992eb8, + 0x4099a311, + 0x409a22aa, + 0x409a9974, + 0x409b1e75, + 0x409b9ea0, + 0x409c3059, + 0x409c9ec8, + 0x409d20d6, + 0x409da0bb, + 0x409e1d11, + 0x409ea14f, + 0x409f2137, + 0x409f9e68, + 0x40a02535, + 0x40a0a088, + 0x41f42993, + 0x41f92a25, + 0x41fe2918, + 0x41feabce, + 0x41ff2cfc, + 0x420329ac, + 0x420829ce, + 0x4208aa0a, + 0x420928fc, + 0x4209aa44, + 0x420a2953, + 0x420aa933, + 0x420b2973, + 0x420ba9ec, + 0x420c2d18, + 0x420cab02, + 0x420d2bb5, + 0x420dabec, + 0x42122c1f, + 0x42172cdf, + 0x4217ac61, + 0x421c2c83, + 0x421f2c3e, + 0x42212d90, + 0x42262cc2, + 0x422b2d6e, + 0x422bab90, + 0x422c2d50, + 0x422cab43, + 0x422d2b1c, + 0x422dad2f, + 0x422e2b6f, + 0x42302c9e, + 0x4230ac06, + 0x44320755, + 0x44328764, + 0x44330770, + 0x4433877e, + 0x44340791, + 0x443487a2, + 0x443507a9, + 0x443587b3, + 0x443607c6, + 0x443687dc, + 0x443707ee, + 0x443787fb, + 0x4438080a, + 0x44388812, + 0x4439082a, + 0x44398838, + 0x443a084b, + 0x4832132e, + 0x48329340, + 0x48331356, + 0x4833936f, + 0x4c321394, + 0x4c3293a4, + 0x4c3313b7, + 0x4c3393d7, 0x4c3400b9, 0x4c3480f7, - 0x4c3513b4, - 0x4c3593c2, - 0x4c3613de, - 0x4c369404, - 0x4c371413, - 0x4c379421, - 0x4c381436, - 0x4c389442, - 0x4c391462, - 0x4c39948c, - 0x4c3a14a5, - 0x4c3a94be, - 0x4c3b060a, - 0x4c3b94d7, - 0x4c3c14e9, - 0x4c3c94f8, - 0x4c3d1511, - 0x4c3d8c54, - 0x4c3e157e, - 0x4c3e9520, - 0x4c3f15a0, - 0x4c3f92d5, - 0x4c401536, - 0x4c409351, - 0x4c41156e, - 0x4c4193f1, - 0x4c42155a, - 0x50323362, - 0x5032b371, - 0x5033337c, - 0x5033b38c, - 0x503433a5, - 0x5034b3bf, - 0x503533cd, - 0x5035b3e3, - 0x503633f5, - 0x5036b40b, - 0x50373424, - 0x5037b437, - 0x5038344f, - 0x5038b460, - 0x50393475, - 0x5039b489, - 0x503a34a9, - 0x503ab4bf, - 0x503b34d7, - 0x503bb4e9, - 0x503c3505, - 0x503cb51c, - 0x503d3535, - 0x503db54b, - 0x503e3558, - 0x503eb56e, - 0x503f3580, - 0x503f8388, - 0x50403593, - 0x5040b5a3, - 0x504135bd, - 0x5041b5cc, - 0x504235e6, - 0x5042b603, - 0x50433613, - 0x5043b623, - 0x50443632, - 0x5044843e, - 0x50453646, - 0x5045b664, - 0x50463677, - 0x5046b68d, - 0x5047369f, - 0x5047b6b4, - 0x504836da, - 0x5048b6e8, - 0x504936fb, - 0x5049b710, - 0x504a3726, - 0x504ab736, - 0x504b3756, - 0x504bb769, - 0x504c378c, - 0x504cb7ba, - 0x504d37cc, - 0x504db7e9, - 0x504e3804, - 0x504eb820, - 0x504f3832, - 0x504fb849, - 0x50503858, - 0x505086fe, - 0x5051386b, - 0x58320f72, - 0x68320f34, - 0x68328c8c, - 0x68330c9f, - 0x68338f42, - 0x68340f52, + 0x4c3513e3, + 0x4c3593f1, + 0x4c36140d, + 0x4c369433, + 0x4c371442, + 0x4c379450, + 0x4c381465, + 0x4c389471, + 0x4c391491, + 0x4c3994bb, + 0x4c3a14d4, + 0x4c3a94ed, + 0x4c3b0625, + 0x4c3b9506, + 0x4c3c1518, + 0x4c3c9527, + 0x4c3d1540, + 0x4c3d8c6f, + 0x4c3e15ad, + 0x4c3e954f, + 0x4c3f15cf, + 0x4c3f9304, + 0x4c401565, + 0x4c409380, + 0x4c41159d, + 0x4c419420, + 0x4c421589, + 0x50323502, + 0x5032b511, + 0x5033351c, + 0x5033b52c, + 0x50343545, + 0x5034b55f, + 0x5035356d, + 0x5035b583, + 0x50363595, + 0x5036b5ab, + 0x503735c4, + 0x5037b5d7, + 0x503835ef, + 0x5038b600, + 0x50393615, + 0x5039b629, + 0x503a3649, + 0x503ab65f, + 0x503b3677, + 0x503bb689, + 0x503c36a5, + 0x503cb6bc, + 0x503d36d5, + 0x503db6eb, + 0x503e36f8, + 0x503eb70e, + 0x503f3720, + 0x503f83a3, + 0x50403733, + 0x5040b743, + 0x5041375d, + 0x5041b76c, + 0x50423786, + 0x5042b7a3, + 0x504337b3, + 0x5043b7c3, + 0x504437e0, + 0x50448459, + 0x504537f4, + 0x5045b812, + 0x50463825, + 0x5046b83b, + 0x5047384d, + 0x5047b862, + 0x50483888, + 0x5048b896, + 0x504938a9, + 0x5049b8be, + 0x504a38d4, + 0x504ab8e4, + 0x504b3904, + 0x504bb917, + 0x504c393a, + 0x504cb968, + 0x504d3995, + 0x504db9b2, + 0x504e39cd, + 0x504eb9e9, + 0x504f39fb, + 0x504fba12, + 0x50503a21, + 0x50508719, + 0x50513a34, + 0x5051b7d2, + 0x5052397a, + 0x58320f8d, + 0x68320f4f, + 0x68328ca7, + 0x68330cba, + 0x68338f5d, + 0x68340f6d, 0x683480f7, - 0x6c320efa, - 0x6c328c43, - 0x6c330f05, - 0x6c338f1e, - 0x74320a28, + 0x6c320f15, + 0x6c328c5e, + 0x6c330f20, + 0x6c338f39, + 0x74320a43, 0x743280b9, - 0x74330c54, - 0x7832098d, - 0x783289a2, - 0x783309ae, + 0x74330c6f, + 0x783209a8, + 0x783289bd, + 0x783309c9, 0x78338090, - 0x783409bd, - 0x783489d2, - 0x783509f1, - 0x78358a13, - 0x78360a28, - 0x78368a3e, - 0x78370a4e, - 0x78378a6f, - 0x78380a82, - 0x78388a94, - 0x78390aa1, - 0x78398ac0, - 0x783a0ad5, - 0x783a8ae3, - 0x783b0aed, - 0x783b8b01, - 0x783c0b18, - 0x783c8b2d, - 0x783d0b44, - 0x783d8b59, - 0x783e0aaf, - 0x783e8a61, - 0x7c3211ee, - 0x80321404, + 0x783409d8, + 0x783489ed, + 0x78350a0c, + 0x78358a2e, + 0x78360a43, + 0x78368a59, + 0x78370a69, + 0x78378a8a, + 0x78380a9d, + 0x78388aaf, + 0x78390abc, + 0x78398adb, + 0x783a0af0, + 0x783a8afe, + 0x783b0b08, + 0x783b8b1c, + 0x783c0b33, + 0x783c8b48, + 0x783d0b5f, + 0x783d8b74, + 0x783e0aca, + 0x783e8a7c, + 0x7c32121d, + 0x80321433, 0x80328090, - 0x803330b5, + 0x80333255, 0x803380b9, - 0x803430c4, - 0x8034b02c, - 0x8035304a, - 0x8035b0d8, - 0x8036308c, - 0x8036b03b, - 0x8037307e, - 0x8037b019, - 0x8038309f, - 0x8038b05b, - 0x80393070, + 0x80343264, + 0x8034b1cc, + 0x803531ea, + 0x8035b278, + 0x8036322c, + 0x8036b1db, + 0x8037321e, + 0x8037b1b9, + 0x8038323f, + 0x8038b1fb, + 0x80393210, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -831,6 +848,7 @@ const char kOpenSSLReasonStringData[] = "INTEGER_NOT_ASCII_FORMAT\0" "INTEGER_TOO_LARGE_FOR_LONG\0" "INVALID_BIT_STRING_BITS_LEFT\0" + "INVALID_BIT_STRING_PADDING\0" "INVALID_BMPSTRING\0" "INVALID_DIGIT\0" "INVALID_MODIFIER\0" @@ -1004,6 +1022,7 @@ const char kOpenSSLReasonStringData[] = "EXPECTING_AN_RSA_KEY\0" "EXPECTING_A_DSA_KEY\0" "ILLEGAL_OR_UNSUPPORTED_PADDING_MODE\0" + "INVALID_BUFFER_SIZE\0" "INVALID_DIGEST_LENGTH\0" "INVALID_DIGEST_TYPE\0" "INVALID_KEYBITS\0" @@ -1158,6 +1177,7 @@ const char kOpenSSLReasonStringData[] = "CLIENTHELLO_TLSEXT\0" "CONNECTION_REJECTED\0" "CONNECTION_TYPE_NOT_SET\0" + "COULD_NOT_PARSE_HINTS\0" "CUSTOM_EXTENSION_ERROR\0" "DATA_LENGTH_TOO_LONG\0" "DECRYPTION_FAILED\0" @@ -1172,6 +1192,10 @@ const char kOpenSSLReasonStringData[] = "DUPLICATE_SIGNATURE_ALGORITHM\0" "EARLY_DATA_NOT_IN_USE\0" "ECC_CERT_NOT_FOR_SIGNING\0" + "ECH_REJECTED\0" + "ECH_SERVER_CONFIG_AND_PRIVATE_KEY_MISMATCH\0" + "ECH_SERVER_CONFIG_UNSUPPORTED_EXTENSION\0" + "ECH_SERVER_WOULD_HAVE_NO_RETRY_CONFIGS\0" "EMPTY_HELLO_RETRY_REQUEST\0" "EMS_STATE_INCONSISTENT\0" "ENCRYPTED_LENGTH_TOO_LONG\0" @@ -1189,10 +1213,15 @@ const char kOpenSSLReasonStringData[] = "HTTP_REQUEST\0" "INAPPROPRIATE_FALLBACK\0" "INCONSISTENT_CLIENT_HELLO\0" + "INCONSISTENT_ECH_NEGOTIATION\0" "INVALID_ALPN_PROTOCOL\0" + "INVALID_ALPN_PROTOCOL_LIST\0" + "INVALID_CLIENT_HELLO_INNER\0" "INVALID_COMMAND\0" "INVALID_COMPRESSION_LIST\0" "INVALID_DELEGATED_CREDENTIAL\0" + "INVALID_ECH_CONFIG_LIST\0" + "INVALID_ECH_PUBLIC_NAME\0" "INVALID_MESSAGE\0" "INVALID_OUTER_RECORD_TYPE\0" "INVALID_SCT_LIST\0" @@ -1237,6 +1266,7 @@ const char kOpenSSLReasonStringData[] = "OLD_SESSION_CIPHER_NOT_RETURNED\0" "OLD_SESSION_PRF_HASH_MISMATCH\0" "OLD_SESSION_VERSION_NOT_RETURNED\0" + "OUTER_EXTENSION_NOT_FOUND\0" "PARSE_TLSEXT\0" "PATH_TOO_LONG\0" "PEER_DID_NOT_RETURN_A_CERTIFICATE\0" @@ -1297,6 +1327,7 @@ const char kOpenSSLReasonStringData[] = "TLSV1_ALERT_DECODE_ERROR\0" "TLSV1_ALERT_DECRYPTION_FAILED\0" "TLSV1_ALERT_DECRYPT_ERROR\0" + "TLSV1_ALERT_ECH_REQUIRED\0" "TLSV1_ALERT_EXPORT_RESTRICTION\0" "TLSV1_ALERT_INAPPROPRIATE_FALLBACK\0" "TLSV1_ALERT_INSUFFICIENT_SECURITY\0" @@ -1336,6 +1367,7 @@ const char kOpenSSLReasonStringData[] = "UNKNOWN_STATE\0" "UNSAFE_LEGACY_RENEGOTIATION_DISABLED\0" "UNSUPPORTED_COMPRESSION_ALGORITHM\0" + "UNSUPPORTED_ECH_SERVER_CONFIG\0" "UNSUPPORTED_ELLIPTIC_CURVE\0" "UNSUPPORTED_PROTOCOL\0" "UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY\0" @@ -1430,6 +1462,7 @@ const char kOpenSSLReasonStringData[] = "INVALID_PURPOSE\0" "INVALID_SECTION\0" "INVALID_SYNTAX\0" + "INVALID_VALUE\0" "ISSUER_DECODE_ERROR\0" "NEED_ORGANIZATION_AND_NUMBERS\0" "NO_CONFIG_DATABASE\0" @@ -1447,6 +1480,7 @@ const char kOpenSSLReasonStringData[] = "POLICY_PATH_LENGTH_ALREADY_DEFINED\0" "POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY\0" "SECTION_NOT_FOUND\0" + "TRAILING_DATA_IN_EXTENSION\0" "UNABLE_TO_GET_ISSUER_DETAILS\0" "UNABLE_TO_GET_ISSUER_KEYID\0" "UNKNOWN_BIT_STRING_ARGUMENT\0" diff --git a/toolchains/BUILD.gn b/toolchains/BUILD.gn index 76de412..16abe57 100644 --- a/toolchains/BUILD.gn +++ b/toolchains/BUILD.gn @@ -16,13 +16,6 @@ import("//build_overrides/pigweed.gni") import("$dir_pigweed/targets/host/target_toolchains.gni") import("$dir_pw_toolchain/generate_toolchain.gni") -declare_args() { - # These aren't used but they are set by the Pigweed toolchain. Declaring them - # here silences gn warnings. - pw_trace_BACKEND = "" - pw_trace_tokenizer_time = "" -} - config("common_config") { include_dirs = [ "//include" ] |