grpc 1.28.0 → 1.30.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +7694 -11190
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +22 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +19 -21
- data/include/grpc/impl/codegen/port_platform.h +6 -2
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +203 -236
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
- data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
- data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
- data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +5 -5
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +52 -39
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +329 -297
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- metadata +111 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
@@ -0,0 +1,49 @@
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
|
17
|
+
|
18
|
+
#include <openssl/base.h>
|
19
|
+
|
20
|
+
#if defined(__cplusplus)
|
21
|
+
extern "C" {
|
22
|
+
#endif
|
23
|
+
|
24
|
+
|
25
|
+
// crypto_get_fork_generation returns the fork generation number for the current
|
26
|
+
// process, or zero if not supported on the platform. The fork generation number
|
27
|
+
// is a non-zero, strictly-monotonic counter with the property that, if queried
|
28
|
+
// in an address space and then again in a subsequently forked copy, the forked
|
29
|
+
// address space will observe a greater value.
|
30
|
+
//
|
31
|
+
// This function may be used to clear cached values across a fork. When
|
32
|
+
// initializing a cache, record the fork generation. Before using the cache,
|
33
|
+
// check if the fork generation has changed. If so, drop the cache and update
|
34
|
+
// the save fork generation. Note this logic transparently handles platforms
|
35
|
+
// which always return zero.
|
36
|
+
//
|
37
|
+
// This is not reliably supported on all platforms which implement |fork|, so it
|
38
|
+
// should only be used as a hardening measure.
|
39
|
+
OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
|
40
|
+
|
41
|
+
// CRYPTO_fork_detect_ignore_madv_wipeonfork_for_testing is an internal detail
|
42
|
+
// used for testing purposes.
|
43
|
+
OPENSSL_EXPORT void CRYPTO_fork_detect_ignore_madv_wipeonfork_for_testing(void);
|
44
|
+
|
45
|
+
#if defined(__cplusplus)
|
46
|
+
} // extern C
|
47
|
+
#endif
|
48
|
+
|
49
|
+
#endif // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
|
@@ -0,0 +1,64 @@
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H
|
17
|
+
|
18
|
+
#include <openssl/base.h>
|
19
|
+
|
20
|
+
|
21
|
+
#if defined(OPENSSL_LINUX)
|
22
|
+
|
23
|
+
#include <sys/syscall.h>
|
24
|
+
|
25
|
+
#if defined(OPENSSL_X86_64)
|
26
|
+
#define EXPECTED_NR_getrandom 318
|
27
|
+
#elif defined(OPENSSL_X86)
|
28
|
+
#define EXPECTED_NR_getrandom 355
|
29
|
+
#elif defined(OPENSSL_AARCH64)
|
30
|
+
#define EXPECTED_NR_getrandom 278
|
31
|
+
#elif defined(OPENSSL_ARM)
|
32
|
+
#define EXPECTED_NR_getrandom 384
|
33
|
+
#elif defined(OPENSSL_PPC64LE)
|
34
|
+
#define EXPECTED_NR_getrandom 359
|
35
|
+
#endif
|
36
|
+
|
37
|
+
#if defined(EXPECTED_NR_getrandom)
|
38
|
+
#define USE_NR_getrandom
|
39
|
+
|
40
|
+
#if defined(__NR_getrandom)
|
41
|
+
|
42
|
+
#if __NR_getrandom != EXPECTED_NR_getrandom
|
43
|
+
#error "system call number for getrandom is not the expected value"
|
44
|
+
#endif
|
45
|
+
|
46
|
+
#else // __NR_getrandom
|
47
|
+
|
48
|
+
#define __NR_getrandom EXPECTED_NR_getrandom
|
49
|
+
|
50
|
+
#endif // __NR_getrandom
|
51
|
+
|
52
|
+
#endif // EXPECTED_NR_getrandom
|
53
|
+
|
54
|
+
#if !defined(GRND_NONBLOCK)
|
55
|
+
#define GRND_NONBLOCK 1
|
56
|
+
#endif
|
57
|
+
#if !defined(GRND_RANDOM)
|
58
|
+
#define GRND_RANDOM 2
|
59
|
+
#endif
|
60
|
+
|
61
|
+
#endif // OPENSSL_LINUX
|
62
|
+
|
63
|
+
|
64
|
+
#endif // OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H
|
@@ -40,17 +40,33 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
40
40
|
// system.
|
41
41
|
void CRYPTO_sysrand(uint8_t *buf, size_t len);
|
42
42
|
|
43
|
-
#if defined(OPENSSL_URANDOM)
|
43
|
+
#if defined(OPENSSL_URANDOM)
|
44
|
+
// CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
|
45
|
+
// from the operating system.
|
46
|
+
void CRYPTO_init_sysrand(void);
|
47
|
+
|
44
48
|
// CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
|
45
49
|
// operating system. It may draw from the |GRND_RANDOM| pool on Android,
|
46
50
|
// depending on the vendor's configuration.
|
47
51
|
void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
|
48
52
|
|
49
53
|
// CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
|
50
|
-
// operating system,
|
51
|
-
//
|
52
|
-
//
|
53
|
-
|
54
|
+
// operating system, or early /dev/urandom data, and returns 1, _if_ the entropy
|
55
|
+
// pool is initialized or if getrandom() is not available and not in FIPS mode.
|
56
|
+
// Otherwise it will not block and will instead fill |buf| with all zeros and
|
57
|
+
// return 0.
|
58
|
+
int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len);
|
59
|
+
#else
|
60
|
+
OPENSSL_INLINE void CRYPTO_init_sysrand(void) {}
|
61
|
+
|
62
|
+
OPENSSL_INLINE void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len) {
|
63
|
+
CRYPTO_sysrand(buf, len);
|
64
|
+
}
|
65
|
+
|
66
|
+
OPENSSL_INLINE int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
|
67
|
+
CRYPTO_sysrand(buf, len);
|
68
|
+
return 1;
|
69
|
+
}
|
54
70
|
#endif
|
55
71
|
|
56
72
|
// rand_fork_unsafe_buffering_enabled returns whether fork-unsafe buffering has
|
@@ -105,10 +121,19 @@ OPENSSL_EXPORT void CTR_DRBG_clear(CTR_DRBG_STATE *drbg);
|
|
105
121
|
|
106
122
|
|
107
123
|
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
|
124
|
+
|
108
125
|
OPENSSL_INLINE int have_rdrand(void) {
|
109
126
|
return (OPENSSL_ia32cap_get()[1] & (1u << 30)) != 0;
|
110
127
|
}
|
111
128
|
|
129
|
+
// have_fast_rdrand returns true if RDRAND is supported and it's reasonably
|
130
|
+
// fast. Concretely the latter is defined by whether the chip is Intel (fast) or
|
131
|
+
// not (assumed slow).
|
132
|
+
OPENSSL_INLINE int have_fast_rdrand(void) {
|
133
|
+
const uint32_t *const ia32cap = OPENSSL_ia32cap_get();
|
134
|
+
return (ia32cap[1] & (1u << 30)) && (ia32cap[0] & (1u << 30));
|
135
|
+
}
|
136
|
+
|
112
137
|
// CRYPTO_rdrand writes eight bytes of random data from the hardware RNG to
|
113
138
|
// |out|. It returns one on success or zero on hardware failure.
|
114
139
|
int CRYPTO_rdrand(uint8_t out[8]);
|
@@ -117,6 +142,17 @@ int CRYPTO_rdrand(uint8_t out[8]);
|
|
117
142
|
// the hardware RNG. The |len| argument must be a multiple of eight. It returns
|
118
143
|
// one on success and zero on hardware failure.
|
119
144
|
int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len);
|
145
|
+
|
146
|
+
#else // OPENSSL_X86_64 && !OPENSSL_NO_ASM
|
147
|
+
|
148
|
+
OPENSSL_INLINE int have_rdrand(void) {
|
149
|
+
return 0;
|
150
|
+
}
|
151
|
+
|
152
|
+
OPENSSL_INLINE int have_fast_rdrand(void) {
|
153
|
+
return 0;
|
154
|
+
}
|
155
|
+
|
120
156
|
#endif // OPENSSL_X86_64 && !OPENSSL_NO_ASM
|
121
157
|
|
122
158
|
|
@@ -27,6 +27,7 @@
|
|
27
27
|
#include <openssl/mem.h>
|
28
28
|
|
29
29
|
#include "internal.h"
|
30
|
+
#include "fork_detect.h"
|
30
31
|
#include "../../internal.h"
|
31
32
|
#include "../delocate.h"
|
32
33
|
|
@@ -57,6 +58,7 @@ static const unsigned kReseedInterval = 4096;
|
|
57
58
|
// rand_thread_state contains the per-thread state for the RNG.
|
58
59
|
struct rand_thread_state {
|
59
60
|
CTR_DRBG_STATE drbg;
|
61
|
+
uint64_t fork_generation;
|
60
62
|
// calls is the number of generate calls made on |drbg| since it was last
|
61
63
|
// (re)seeded. This is bound by |kReseedInterval|.
|
62
64
|
unsigned calls;
|
@@ -125,11 +127,9 @@ static void rand_thread_state_free(void *state_in) {
|
|
125
127
|
|
126
128
|
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \
|
127
129
|
!defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
}
|
132
|
-
|
130
|
+
// rdrand should only be called if either |have_rdrand| or |have_fast_rdrand|
|
131
|
+
// returned true.
|
132
|
+
static int rdrand(uint8_t *buf, const size_t len) {
|
133
133
|
const size_t len_multiple8 = len & ~7;
|
134
134
|
if (!CRYPTO_rdrand_multiple8_buf(buf, len_multiple8)) {
|
135
135
|
return 0;
|
@@ -157,7 +157,7 @@ static int hwrand(uint8_t *buf, const size_t len) {
|
|
157
157
|
|
158
158
|
#else
|
159
159
|
|
160
|
-
static int
|
160
|
+
static int rdrand(uint8_t *buf, size_t len) {
|
161
161
|
return 0;
|
162
162
|
}
|
163
163
|
|
@@ -168,7 +168,8 @@ static int hwrand(uint8_t *buf, size_t len) {
|
|
168
168
|
static void rand_get_seed(struct rand_thread_state *state,
|
169
169
|
uint8_t seed[CTR_DRBG_ENTROPY_LEN]) {
|
170
170
|
if (!state->last_block_valid) {
|
171
|
-
if (!
|
171
|
+
if (!have_rdrand() ||
|
172
|
+
!rdrand(state->last_block, sizeof(state->last_block))) {
|
172
173
|
CRYPTO_sysrand_for_seed(state->last_block, sizeof(state->last_block));
|
173
174
|
}
|
174
175
|
state->last_block_valid = 1;
|
@@ -179,8 +180,8 @@ static void rand_get_seed(struct rand_thread_state *state,
|
|
179
180
|
#define FIPS_OVERREAD 10
|
180
181
|
uint8_t entropy[CTR_DRBG_ENTROPY_LEN * FIPS_OVERREAD];
|
181
182
|
|
182
|
-
int
|
183
|
-
if (!
|
183
|
+
int used_rdrand = have_rdrand() && rdrand(entropy, sizeof(entropy));
|
184
|
+
if (!used_rdrand) {
|
184
185
|
CRYPTO_sysrand_for_seed(entropy, sizeof(entropy));
|
185
186
|
}
|
186
187
|
|
@@ -215,7 +216,7 @@ static void rand_get_seed(struct rand_thread_state *state,
|
|
215
216
|
#if defined(OPENSSL_URANDOM)
|
216
217
|
// If we used RDRAND, also opportunistically read from the system. This avoids
|
217
218
|
// solely relying on the hardware once the entropy pool has been initialized.
|
218
|
-
if (
|
219
|
+
if (used_rdrand) {
|
219
220
|
CRYPTO_sysrand_if_available(entropy, CTR_DRBG_ENTROPY_LEN);
|
220
221
|
for (size_t i = 0; i < CTR_DRBG_ENTROPY_LEN; i++) {
|
221
222
|
seed[i] ^= entropy[i];
|
@@ -241,20 +242,31 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
241
242
|
return;
|
242
243
|
}
|
243
244
|
|
245
|
+
const uint64_t fork_generation = CRYPTO_get_fork_generation();
|
246
|
+
|
244
247
|
// Additional data is mixed into every CTR-DRBG call to protect, as best we
|
245
248
|
// can, against forks & VM clones. We do not over-read this information and
|
246
249
|
// don't reseed with it so, from the point of view of FIPS, this doesn't
|
247
250
|
// provide “prediction resistance”. But, in practice, it does.
|
248
251
|
uint8_t additional_data[32];
|
249
|
-
|
252
|
+
// Intel chips have fast RDRAND instructions while, in other cases, RDRAND can
|
253
|
+
// be _slower_ than a system call.
|
254
|
+
if (!have_fast_rdrand() ||
|
255
|
+
!rdrand(additional_data, sizeof(additional_data))) {
|
250
256
|
// Without a hardware RNG to save us from address-space duplication, the OS
|
251
257
|
// entropy is used. This can be expensive (one read per |RAND_bytes| call)
|
252
|
-
// and so
|
253
|
-
//
|
254
|
-
if (
|
255
|
-
CRYPTO_sysrand(additional_data, sizeof(additional_data));
|
256
|
-
} else {
|
258
|
+
// and so is disabled when we have fork detection, or if the application has
|
259
|
+
// promised not to fork.
|
260
|
+
if (fork_generation != 0 || rand_fork_unsafe_buffering_enabled()) {
|
257
261
|
OPENSSL_memset(additional_data, 0, sizeof(additional_data));
|
262
|
+
} else if (!have_rdrand()) {
|
263
|
+
// No alternative so block for OS entropy.
|
264
|
+
CRYPTO_sysrand(additional_data, sizeof(additional_data));
|
265
|
+
} else if (!CRYPTO_sysrand_if_available(additional_data,
|
266
|
+
sizeof(additional_data)) &&
|
267
|
+
!rdrand(additional_data, sizeof(additional_data))) {
|
268
|
+
// RDRAND failed: block for OS entropy.
|
269
|
+
CRYPTO_sysrand(additional_data, sizeof(additional_data));
|
258
270
|
}
|
259
271
|
}
|
260
272
|
|
@@ -283,6 +295,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
283
295
|
abort();
|
284
296
|
}
|
285
297
|
state->calls = 0;
|
298
|
+
state->fork_generation = fork_generation;
|
286
299
|
|
287
300
|
#if defined(BORINGSSL_FIPS)
|
288
301
|
if (state != &stack_state) {
|
@@ -299,7 +312,8 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
299
312
|
#endif
|
300
313
|
}
|
301
314
|
|
302
|
-
if (state->calls >= kReseedInterval
|
315
|
+
if (state->calls >= kReseedInterval ||
|
316
|
+
state->fork_generation != fork_generation) {
|
303
317
|
uint8_t seed[CTR_DRBG_ENTROPY_LEN];
|
304
318
|
rand_get_seed(state, seed);
|
305
319
|
#if defined(BORINGSSL_FIPS)
|
@@ -317,6 +331,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
317
331
|
abort();
|
318
332
|
}
|
319
333
|
state->calls = 0;
|
334
|
+
state->fork_generation = fork_generation;
|
320
335
|
} else {
|
321
336
|
#if defined(BORINGSSL_FIPS)
|
322
337
|
CRYPTO_STATIC_MUTEX_lock_read(thread_states_list_lock_bss_get());
|
@@ -65,38 +65,12 @@
|
|
65
65
|
#include <openssl/thread.h>
|
66
66
|
#include <openssl/mem.h>
|
67
67
|
|
68
|
+
#include "getrandom_fillin.h"
|
68
69
|
#include "../delocate.h"
|
69
70
|
#include "../../internal.h"
|
70
71
|
|
71
72
|
|
72
|
-
#if defined(
|
73
|
-
|
74
|
-
#if defined(OPENSSL_X86_64)
|
75
|
-
#define EXPECTED_NR_getrandom 318
|
76
|
-
#elif defined(OPENSSL_X86)
|
77
|
-
#define EXPECTED_NR_getrandom 355
|
78
|
-
#elif defined(OPENSSL_AARCH64)
|
79
|
-
#define EXPECTED_NR_getrandom 278
|
80
|
-
#elif defined(OPENSSL_ARM)
|
81
|
-
#define EXPECTED_NR_getrandom 384
|
82
|
-
#elif defined(OPENSSL_PPC64LE)
|
83
|
-
#define EXPECTED_NR_getrandom 359
|
84
|
-
#endif
|
85
|
-
|
86
|
-
#if defined(EXPECTED_NR_getrandom)
|
87
|
-
#define USE_NR_getrandom
|
88
|
-
|
89
|
-
#if defined(__NR_getrandom)
|
90
|
-
|
91
|
-
#if __NR_getrandom != EXPECTED_NR_getrandom
|
92
|
-
#error "system call number for getrandom is not the expected value"
|
93
|
-
#endif
|
94
|
-
|
95
|
-
#else // __NR_getrandom
|
96
|
-
|
97
|
-
#define __NR_getrandom EXPECTED_NR_getrandom
|
98
|
-
|
99
|
-
#endif // __NR_getrandom
|
73
|
+
#if defined(USE_NR_getrandom)
|
100
74
|
|
101
75
|
#if defined(OPENSSL_MSAN)
|
102
76
|
void __msan_unpoison(void *, size_t);
|
@@ -119,28 +93,12 @@ static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) {
|
|
119
93
|
return ret;
|
120
94
|
}
|
121
95
|
|
122
|
-
#endif //
|
123
|
-
|
124
|
-
#if !defined(GRND_NONBLOCK)
|
125
|
-
#define GRND_NONBLOCK 1
|
126
|
-
#endif
|
127
|
-
#if !defined(GRND_RANDOM)
|
128
|
-
#define GRND_RANDOM 2
|
129
|
-
#endif
|
130
|
-
|
131
|
-
#endif // OPENSSL_LINUX
|
132
|
-
|
133
|
-
// rand_lock is used to protect the |*_requested| variables.
|
134
|
-
DEFINE_STATIC_MUTEX(rand_lock)
|
96
|
+
#endif // USE_NR_getrandom
|
135
97
|
|
136
|
-
//
|
137
|
-
|
98
|
+
// kHaveGetrandom in |urandom_fd| signals that |getrandom| or |getentropy| is
|
99
|
+
// available and should be used instead.
|
138
100
|
static const int kHaveGetrandom = -3;
|
139
101
|
|
140
|
-
// urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by
|
141
|
-
// |rand_lock|.
|
142
|
-
DEFINE_BSS_GET(int, urandom_fd_requested)
|
143
|
-
|
144
102
|
// urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
|
145
103
|
DEFINE_BSS_GET(int, urandom_fd)
|
146
104
|
|
@@ -179,14 +137,9 @@ static void maybe_set_extra_getrandom_flags(void) {
|
|
179
137
|
DEFINE_STATIC_ONCE(rand_once)
|
180
138
|
|
181
139
|
// init_once initializes the state of this module to values previously
|
182
|
-
// requested. This is the only function that modifies |urandom_fd
|
183
|
-
//
|
184
|
-
// once.
|
140
|
+
// requested. This is the only function that modifies |urandom_fd|, which may be
|
141
|
+
// read safely after calling the once.
|
185
142
|
static void init_once(void) {
|
186
|
-
CRYPTO_STATIC_MUTEX_lock_read(rand_lock_bss_get());
|
187
|
-
int fd = *urandom_fd_requested_bss_get();
|
188
|
-
CRYPTO_STATIC_MUTEX_unlock_read(rand_lock_bss_get());
|
189
|
-
|
190
143
|
#if defined(USE_NR_getrandom)
|
191
144
|
int have_getrandom;
|
192
145
|
uint8_t dummy;
|
@@ -229,31 +182,16 @@ static void init_once(void) {
|
|
229
182
|
abort();
|
230
183
|
#endif
|
231
184
|
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
}
|
185
|
+
int fd;
|
186
|
+
do {
|
187
|
+
fd = open("/dev/urandom", O_RDONLY);
|
188
|
+
} while (fd == -1 && errno == EINTR);
|
237
189
|
|
238
190
|
if (fd < 0) {
|
239
191
|
perror("failed to open /dev/urandom");
|
240
192
|
abort();
|
241
193
|
}
|
242
194
|
|
243
|
-
assert(kUnset == 0);
|
244
|
-
if (fd == kUnset) {
|
245
|
-
// Because we want to keep |urandom_fd| in the BSS, we have to initialise
|
246
|
-
// it to zero. But zero is a valid file descriptor too. Thus if open
|
247
|
-
// returns zero for /dev/urandom, we dup it to get a non-zero number.
|
248
|
-
fd = dup(fd);
|
249
|
-
close(kUnset);
|
250
|
-
|
251
|
-
if (fd <= 0) {
|
252
|
-
perror("failed to dup /dev/urandom fd");
|
253
|
-
abort();
|
254
|
-
}
|
255
|
-
}
|
256
|
-
|
257
195
|
int flags = fcntl(fd, F_GETFD);
|
258
196
|
if (flags == -1) {
|
259
197
|
// Native Client doesn't implement |fcntl|.
|
@@ -342,40 +280,6 @@ static void wait_for_entropy(void) {
|
|
342
280
|
#endif // BORINGSSL_FIPS
|
343
281
|
}
|
344
282
|
|
345
|
-
void RAND_set_urandom_fd(int fd) {
|
346
|
-
fd = dup(fd);
|
347
|
-
if (fd < 0) {
|
348
|
-
perror("failed to dup supplied urandom fd");
|
349
|
-
abort();
|
350
|
-
}
|
351
|
-
|
352
|
-
assert(kUnset == 0);
|
353
|
-
if (fd == kUnset) {
|
354
|
-
// Because we want to keep |urandom_fd| in the BSS, we have to initialise
|
355
|
-
// it to zero. But zero is a valid file descriptor too. Thus if dup
|
356
|
-
// returned zero we dup it again to get a non-zero number.
|
357
|
-
fd = dup(fd);
|
358
|
-
close(kUnset);
|
359
|
-
|
360
|
-
if (fd <= 0) {
|
361
|
-
perror("failed to dup supplied urandom fd");
|
362
|
-
abort();
|
363
|
-
}
|
364
|
-
}
|
365
|
-
|
366
|
-
CRYPTO_STATIC_MUTEX_lock_write(rand_lock_bss_get());
|
367
|
-
*urandom_fd_requested_bss_get() = fd;
|
368
|
-
CRYPTO_STATIC_MUTEX_unlock_write(rand_lock_bss_get());
|
369
|
-
|
370
|
-
CRYPTO_once(rand_once_bss_get(), init_once);
|
371
|
-
if (*urandom_fd_bss_get() == kHaveGetrandom) {
|
372
|
-
close(fd);
|
373
|
-
} else if (*urandom_fd_bss_get() != fd) {
|
374
|
-
fprintf(stderr, "RAND_set_urandom_fd called after initialisation.\n");
|
375
|
-
abort();
|
376
|
-
}
|
377
|
-
}
|
378
|
-
|
379
283
|
// fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
|
380
284
|
// on success and zero on error. If |block| is one, this function will block
|
381
285
|
// until the entropy pool is initialized. Otherwise, this function may fail,
|
@@ -397,7 +301,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
|
|
397
301
|
}
|
398
302
|
#endif
|
399
303
|
|
400
|
-
|
304
|
+
CRYPTO_init_sysrand();
|
401
305
|
if (block) {
|
402
306
|
CRYPTO_once(wait_for_entropy_once_bss_get(), wait_for_entropy);
|
403
307
|
}
|
@@ -452,6 +356,10 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
|
452
356
|
}
|
453
357
|
}
|
454
358
|
|
359
|
+
void CRYPTO_init_sysrand(void) {
|
360
|
+
CRYPTO_once(rand_once_bss_get(), init_once);
|
361
|
+
}
|
362
|
+
|
455
363
|
#if defined(BORINGSSL_FIPS)
|
456
364
|
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
457
365
|
if (!fill_with_entropy(out, requested, /*block=*/1, /*seed=*/1)) {
|
@@ -466,16 +374,18 @@ void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
|
466
374
|
#endif
|
467
375
|
}
|
468
376
|
|
469
|
-
|
470
|
-
// Return all zeros if |fill_with_entropy| fails.
|
471
|
-
OPENSSL_memset(out, 0, requested);
|
377
|
+
#endif // BORINGSSL_FIPS
|
472
378
|
|
473
|
-
|
474
|
-
|
379
|
+
int CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) {
|
380
|
+
if (fill_with_entropy(out, requested, /*block=*/0, /*seed=*/0)) {
|
381
|
+
return 1;
|
382
|
+
} else if (errno == EAGAIN) {
|
383
|
+
OPENSSL_memset(out, 0, requested);
|
384
|
+
return 0;
|
385
|
+
} else {
|
475
386
|
perror("opportunistic entropy fill failed");
|
476
387
|
abort();
|
477
388
|
}
|
478
389
|
}
|
479
|
-
#endif // BORINGSSL_FIPS
|
480
390
|
|
481
391
|
#endif // OPENSSL_URANDOM
|