chore: checkpoint before Python removal

vendor/ring/include/ring-core/aes.h

@@ -0,0 +1,34 @@
+// Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef OPENSSL_HEADER_AES_H
+#define OPENSSL_HEADER_AES_H
+
+#include <ring-core/base.h>
+
+// Raw AES functions.
+
+
+// AES_MAXNR is the maximum number of AES rounds.
+#define AES_MAXNR 14
+
+// aes_key_st should be an opaque type, but EVP requires that the size be
+// known.
+struct aes_key_st {
+  uint32_t rd_key[4 * (AES_MAXNR + 1)];
+  unsigned rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+#endif  // OPENSSL_HEADER_AES_H

vendor/ring/include/ring-core/asm_base.h

@@ -0,0 +1,204 @@
+// Copyright 2023 The BoringSSL Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef OPENSSL_HEADER_ASM_BASE_H
+#define OPENSSL_HEADER_ASM_BASE_H
+
+#include <ring-core/target.h>
+
+
+// This header contains symbols and common sections used by assembly files. It
+// is included as a public header to simplify the build, but is not intended for
+// external use.
+//
+// Every assembly file must include this header. Some linker features require
+// all object files to be tagged with some section metadata. This header file,
+// when included in assembly, adds that metadata. It also makes defines like
+// |OPENSSL_X86_64| available and includes the prefixing macros.
+//
+// Including this header in an assembly file imples:
+//
+// - The file does not require an executable stack.
+//
+// - The file, on aarch64, uses the macros defined below to be compatible with
+//   BTI and PAC.
+//
+// - The file, on x86_64, requires the program to be compatible with Intel IBT
+//   and SHSTK
+
+#if defined(__ASSEMBLER__)
+
+#include <ring_core_generated/prefix_symbols_asm.h>
+
+#if defined(__ELF__)
+// Every ELF object file, even empty ones, should disable executable stacks. See
+// https://www.airs.com/blog/archives/518.
+.pushsection .note.GNU-stack, "", %progbits
+.popsection
+#endif
+
+#if defined(__CET__) && defined(OPENSSL_X86_64)
+// Clang and GCC define __CET__ and provide <cet.h> when they support Intel's
+// Indirect Branch Tracking.
+// https://lpc.events/event/7/contributions/729/attachments/496/903/CET-LPC-2020.pdf
+//
+// cet.h defines _CET_ENDBR which is used to mark function entry points for IBT.
+// and adds the assembly marker. The value of _CET_ENDBR is made dependant on if
+// '-fcf-protection' is passed to the compiler. _CET_ENDBR is only required when
+// the function is the target of an indirect jump, but BoringSSL chooses to mark
+// all assembly entry points because it is easier, and allows BoringSSL's ABI
+// tester to call the assembly entry points via an indirect jump.
+#include <cet.h>
+#else
+#define _CET_ENDBR
+#endif
+
+#if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
+
+// We require the ARM assembler provide |__ARM_ARCH| from Arm C Language
+// Extensions (ACLE). This is supported in GCC 4.8+ and Clang 3.2+. MSVC does
+// not implement ACLE, but we require Clang's assembler on Windows.
+#if !defined(__ARM_ARCH)
+#error "ARM assembler must define __ARM_ARCH"
+#endif
+
+// Even when building for 32-bit ARM, support for aarch64 crypto instructions
+// will be included.
+//
+// TODO(davidben): Remove this and the corresponding ifdefs? This is only
+// defined because some OpenSSL assembly files would allow disabling the NEON
+// code entirely. I think we'd prefer to do that by lifting the dispatch to C
+// anyway.
+#define __ARM_MAX_ARCH__ 8
+
+// Support macros for
+//   - Armv8.3-A Pointer Authentication and
+//   - Armv8.5-A Branch Target Identification
+// features which require emitting a .note.gnu.property section with the
+// appropriate architecture-dependent feature bits set.
+//
+// |AARCH64_SIGN_LINK_REGISTER| and |AARCH64_VALIDATE_LINK_REGISTER| expand to
+// PACIxSP and AUTIxSP, respectively. |AARCH64_SIGN_LINK_REGISTER| should be
+// used immediately before saving the LR register (x30) to the stack.
+// |AARCH64_VALIDATE_LINK_REGISTER| should be used immediately after restoring
+// it. Note |AARCH64_SIGN_LINK_REGISTER|'s modifications to LR must be undone
+// with |AARCH64_VALIDATE_LINK_REGISTER| before RET. The SP register must also
+// have the same value at the two points. For example:
+//
+//   .global f
+//   f:
+//     AARCH64_SIGN_LINK_REGISTER
+//     stp x29, x30, [sp, #-96]!
+//     mov x29, sp
+//     ...
+//     ldp x29, x30, [sp], #96
+//     AARCH64_VALIDATE_LINK_REGISTER
+//     ret
+//
+// |AARCH64_VALID_CALL_TARGET| expands to BTI 'c'. Either it, or
+// |AARCH64_SIGN_LINK_REGISTER|, must be used at every point that may be an
+// indirect call target. In particular, all symbols exported from a file must
+// begin with one of these macros. For example, a leaf function that does not
+// save LR can instead use |AARCH64_VALID_CALL_TARGET|:
+//
+//   .globl return_zero
+//   return_zero:
+//     AARCH64_VALID_CALL_TARGET
+//     mov x0, #0
+//     ret
+//
+// A non-leaf function which does not immediately save LR may need both macros
+// because |AARCH64_SIGN_LINK_REGISTER| appears late. For example, the function
+// may jump to an alternate implementation before setting up the stack:
+//
+//   .globl with_early_jump
+//   with_early_jump:
+//     AARCH64_VALID_CALL_TARGET
+//     cmp x0, #128
+//     b.lt .Lwith_early_jump_128
+//     AARCH64_SIGN_LINK_REGISTER
+//     stp x29, x30, [sp, #-96]!
+//     mov x29, sp
+//     ...
+//     ldp x29, x30, [sp], #96
+//     AARCH64_VALIDATE_LINK_REGISTER
+//     ret
+//
+//  .Lwith_early_jump_128:
+//     ...
+//     ret
+//
+// These annotations are only required with indirect calls. Private symbols that
+// are only the target of direct calls do not require annotations. Also note
+// that |AARCH64_VALID_CALL_TARGET| is only valid for indirect calls (BLR), not
+// indirect jumps (BR). Indirect jumps in assembly are currently not supported
+// and would require a macro for BTI 'j'.
+//
+// Although not necessary, it is safe to use these macros in 32-bit ARM
+// assembly. This may be used to simplify dual 32-bit and 64-bit files.
+//
+// References:
+// - "ELF for the Arm® 64-bit Architecture"
+//   https://github.com/ARM-software/abi-aa/blob/master/aaelf64/aaelf64.rst
+// - "Providing protection for complex software"
+//   https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
+
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+#define GNU_PROPERTY_AARCH64_BTI (1 << 0)   // Has Branch Target Identification
+#define AARCH64_VALID_CALL_TARGET hint #34  // BTI 'c'
+#else
+#define GNU_PROPERTY_AARCH64_BTI 0  // No Branch Target Identification
+#define AARCH64_VALID_CALL_TARGET
+#endif
+
+#if defined(__ARM_FEATURE_PAC_DEFAULT) && \
+    (__ARM_FEATURE_PAC_DEFAULT & 1) == 1  // Signed with A-key
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+  (1 << 1)                                       // Has Pointer Authentication
+#define AARCH64_SIGN_LINK_REGISTER hint #25      // PACIASP
+#define AARCH64_VALIDATE_LINK_REGISTER hint #29  // AUTIASP
+#elif defined(__ARM_FEATURE_PAC_DEFAULT) && \
+    (__ARM_FEATURE_PAC_DEFAULT & 2) == 2  // Signed with B-key
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
+  (1 << 1)                                       // Has Pointer Authentication
+#define AARCH64_SIGN_LINK_REGISTER hint #27      // PACIBSP
+#define AARCH64_VALIDATE_LINK_REGISTER hint #31  // AUTIBSP
+#else
+#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0  // No Pointer Authentication
+#if GNU_PROPERTY_AARCH64_BTI != 0
+#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
+#else
+#define AARCH64_SIGN_LINK_REGISTER
+#endif
+#define AARCH64_VALIDATE_LINK_REGISTER
+#endif
+
+#if GNU_PROPERTY_AARCH64_POINTER_AUTH != 0 || GNU_PROPERTY_AARCH64_BTI != 0
+.pushsection .note.gnu.property, "a";
+.balign 8;
+.long 4;
+.long 0x10;
+.long 0x5;
+.asciz "GNU";
+.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+.long 4;
+.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
+.long 0;
+.popsection;
+#endif
+#endif  // ARM || AARCH64
+
+#endif  // __ASSEMBLER__
+
+#endif  // OPENSSL_HEADER_ASM_BASE_H

vendor/ring/include/ring-core/base.h

@@ -0,0 +1,66 @@
+// Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef OPENSSL_HEADER_BASE_H
+#define OPENSSL_HEADER_BASE_H
+
+
+// This file should be the first included by all BoringSSL headers.
+
+#if defined(_MSC_VER) && !defined(__clang__)
+#pragma warning(push, 3)
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+#if defined(_MSC_VER) && !defined(__clang__)
+#pragma warning(pop)
+#endif
+
+#if defined(__APPLE__)
+#include <TargetConditionals.h>
+#endif
+
+#include <ring-core/target.h>  // IWYU pragma: export
+
+#include <ring_core_generated/prefix_symbols.h>
+
+#include <ring-core/type_check.h>
+
+#if defined(__APPLE__)
+// Note |TARGET_OS_MAC| is set for all Apple OS variants. |TARGET_OS_OSX|
+// targets macOS specifically.
+#if defined(TARGET_OS_OSX) && TARGET_OS_OSX
+#define OPENSSL_MACOS
+#endif
+#if defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE
+#define OPENSSL_IOS
+#endif
+#endif
+
+// *ring* doesn't support the `BORINGSSL_SHARED_LIBRARY` configuration, so
+// the default (usually "hidden") visibility is always used, even for exported
+// items.
+#define OPENSSL_EXPORT
+
+// `ring::c` would need to be customized on any platform where these assertions
+// fail. Keep in sync with `ring::c`.
+OPENSSL_STATIC_ASSERT(sizeof(int32_t) == sizeof(int), "int isn't 32 bits.");
+OPENSSL_STATIC_ASSERT(sizeof(uint32_t) == sizeof(unsigned int), "unsigned int isn't 32 bits.");
+OPENSSL_STATIC_ASSERT(sizeof(size_t) == sizeof(uintptr_t), "uintptr_t and size_t differ.");
+OPENSSL_STATIC_ASSERT(sizeof(size_t) <= sizeof(uint64_t), "size_t is larger than uint64_t.");
+OPENSSL_STATIC_ASSERT(sizeof(size_t) >= sizeof(uint32_t), "size_t is smaller than uint32_t.");
+
+#endif  // OPENSSL_HEADER_BASE_H

vendor/ring/include/ring-core/check.h

@@ -0,0 +1,52 @@
+// Copyright 2020 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+#ifndef RING_CHECK_H
+#define RING_CHECK_H
+
+// |debug_assert_nonsecret| is like |assert| and should be used (only) when the
+// assertion does not have any potential to leak a secret. |NDEBUG| controls this
+// exactly like |assert|. It is emulated when there is no assert.h to make
+// cross-building easier.
+//
+// When reviewing uses of |debug_assert_nonsecret|, verify that the check
+// really does not have potential to leak a secret.
+
+#if !defined(RING_CORE_NOSTDLIBINC)
+# include <assert.h>
+# define debug_assert_nonsecret(x) assert(x)
+#else
+# if !defined(NDEBUG)
+#  define debug_assert_nonsecret(x) ((x) ? ((void)0) : __builtin_trap())
+# else
+#  define debug_assert_nonsecret(x) ((void)0)
+# endif
+#endif
+
+// |dev_assert_secret| is like |assert| and should be used (only) when the
+// assertion operates on secret data in a way that has the potential to leak
+// the secret. |dev_assert_secret| can only be enabled by changing the |#if 0|
+// here to |#if 1| (or equivalent) when |NDEBUG| is not defined. This is not
+// controlled only through |NDEBUG| so that such checks do not leak into debug
+// builds that may make it into production use.
+//
+// When reviewing uses of |dev_assert_secret|, verify that the check really
+// does have the potential to leak a secret.
+#if 0 // DO NOT COMMIT CHANGES TO THIS LINE.
+# define dev_assert_secret debug_assert_nonsecret
+#else
+# define dev_assert_secret(x) ((void)0)
+#endif
+
+#endif // RING_CHECK_H

vendor/ring/include/ring-core/mem.h

@@ -0,0 +1,27 @@
+// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef OPENSSL_HEADER_MEM_H
+#define OPENSSL_HEADER_MEM_H
+
+#include <ring-core/base.h>
+
+// CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
+// takes an amount of time dependent on |len|, but independent of the contents
+// of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
+// defined order as the return value when a != b is undefined, other than to be
+// non-zero.
+OPENSSL_EXPORT int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+
+#endif  // OPENSSL_HEADER_MEM_H

vendor/ring/include/ring-core/target.h

@@ -0,0 +1,97 @@
+// Copyright 2023 The BoringSSL Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef OPENSSL_HEADER_TARGET_H
+#define OPENSSL_HEADER_TARGET_H
+
+// Preprocessor symbols that define the target platform.
+//
+// This file may be included in C, C++, and assembler and must be compatible
+// with each environment. It is separated out only to share code between
+// <ring-core/base.h> and <ring-core/asm_base.h>. Prefer to include those headers
+// instead.
+
+#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64)
+#define OPENSSL_64_BIT
+#define OPENSSL_X86_64
+#elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#define OPENSSL_32_BIT
+#define OPENSSL_X86
+#elif defined(__AARCH64EL__) || defined(_M_ARM64)
+#define OPENSSL_64_BIT
+#define OPENSSL_AARCH64
+#elif defined(__ARMEL__) || defined(_M_ARM)
+#define OPENSSL_32_BIT
+#define OPENSSL_ARM
+// All of following architectures are only supported when `__BYTE_ORDER__` can be used to detect
+// endianness (in crypto/internal.h).
+#elif !defined(__BYTE_ORDER__)
+#error "Cannot determine endianness because __BYTE_ORDER__ is not defined"
+// Targets are assumed to be little-endian unless __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__.
+#elif !(defined(__ORDER_LITTLE_ENDIAN__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) && \
+      !(defined(__ORDER_BIG_ENDIAN__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__))
+#error "Unsupported endianness"
+#elif defined(__LP64__)
+#define OPENSSL_64_BIT
+#elif defined(__ILP32__)
+#define OPENSSL_32_BIT
+// Versions of GCC before 10.0 didn't define `__ILP32__` for all 32-bit targets.
+#elif defined(__MIPSEL__) || defined(__MIPSEB__) || defined(__PPC__) || defined(__powerpc__) || defined(__csky__) || defined(__XTENSA__)
+#define OPENSSL_32_BIT
+#else
+#error "Unknown target CPU"
+#endif
+
+#if defined(__APPLE__)
+#define OPENSSL_APPLE
+#endif
+
+#if defined(_WIN32)
+#define OPENSSL_WINDOWS
+#endif
+
+#if defined(__has_feature)
+#if __has_feature(address_sanitizer)
+#define OPENSSL_ASAN
+#endif
+#if __has_feature(thread_sanitizer)
+#define OPENSSL_TSAN
+#endif
+#if __has_feature(memory_sanitizer)
+#define OPENSSL_MSAN
+#define OPENSSL_ASM_INCOMPATIBLE
+#endif
+#if __has_feature(hwaddress_sanitizer)
+#define OPENSSL_HWASAN
+#endif
+#endif
+
+// Disable 32-bit Arm assembly on Apple platforms. The last iOS version that
+// supported 32-bit Arm was iOS 10.
+#if defined(OPENSSL_APPLE) && defined(OPENSSL_ARM)
+#define OPENSSL_ASM_INCOMPATIBLE
+#endif
+
+#if defined(OPENSSL_ASM_INCOMPATIBLE)
+#undef OPENSSL_ASM_INCOMPATIBLE
+#if !defined(OPENSSL_NO_ASM)
+#define OPENSSL_NO_ASM
+#endif
+#endif  // OPENSSL_ASM_INCOMPATIBLE
+
+#if !defined(OPENSSL_X86_64) && !defined(OPENSSL_AARCH64)
+#define OPENSSL_SMALL
+#endif
+
+#endif  // OPENSSL_HEADER_TARGET_H

vendor/ring/include/ring-core/type_check.h

@@ -0,0 +1,32 @@
+// Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef OPENSSL_HEADER_TYPE_CHECK_H
+#define OPENSSL_HEADER_TYPE_CHECK_H
+
+#include <ring-core/base.h>
+
+
+#if defined(__cplusplus) || (defined(_MSC_VER) && !defined(__clang__))
+// In C++ and non-clang MSVC, |static_assert| is a keyword.
+#define OPENSSL_STATIC_ASSERT(cond, msg) static_assert(cond, msg)
+#else
+// C11 defines the |_Static_assert| keyword and the |static_assert| macro in
+// assert.h. While the former is available at all versions in Clang and GCC, the
+// later depends on libc and, in glibc, depends on being built in C11 mode. We
+// do not require this, for now, so use |_Static_assert| directly.
+#define OPENSSL_STATIC_ASSERT(cond, msg) _Static_assert(cond, msg)
+#endif
+
+#endif  // OPENSSL_HEADER_TYPE_CHECK_H