grpc 1.28.0 → 1.30.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (497) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +7694 -11190
  3. data/include/grpc/grpc.h +2 -2
  4. data/include/grpc/grpc_security.h +22 -9
  5. data/include/grpc/grpc_security_constants.h +1 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +19 -21
  7. data/include/grpc/impl/codegen/port_platform.h +6 -2
  8. data/include/grpc/module.modulemap +24 -39
  9. data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +203 -236
  11. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  12. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
  13. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  14. data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
  15. data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
  16. data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
  17. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
  20. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
  21. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  22. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  25. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  26. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
  28. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  29. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
  30. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  34. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
  35. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  36. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  37. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  38. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
  40. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
  41. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
  43. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
  45. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  48. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
  49. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
  50. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  51. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
  52. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
  53. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  54. data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
  55. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  56. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
  57. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
  58. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
  59. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
  60. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  61. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  62. data/src/core/ext/filters/client_channel/service_config.cc +104 -144
  63. data/src/core/ext/filters/client_channel/service_config.h +28 -98
  64. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  65. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  66. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  67. data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
  68. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  69. data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
  70. data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
  71. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
  72. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
  73. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
  74. data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
  75. data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
  76. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
  77. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
  78. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
  79. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  80. data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
  81. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  82. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  83. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  84. data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
  85. data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
  86. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
  87. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  88. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
  89. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  90. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  91. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  92. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  93. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  94. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  95. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  96. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  97. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  98. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  99. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  100. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  101. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  102. data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
  103. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  104. data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
  105. data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
  106. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
  107. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
  108. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  109. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  110. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  111. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  112. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  113. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  114. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
  115. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
  116. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
  117. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
  118. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
  119. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
  120. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
  121. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  122. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  123. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
  124. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
  125. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
  126. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  127. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  128. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
  129. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
  130. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
  131. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
  133. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
  134. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
  137. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
  138. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
  139. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
  140. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
  141. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
  142. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
  144. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
  145. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
  146. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
  147. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
  148. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
  151. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
  152. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
  153. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
  154. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
  156. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
  157. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
  158. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
  159. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
  160. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  161. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  162. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  163. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  164. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
  165. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  166. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
  167. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
  168. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
  169. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
  170. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  171. data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
  172. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
  173. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
  174. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
  175. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
  176. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  177. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  178. data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
  179. data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
  180. data/src/core/lib/channel/channel_args.cc +15 -14
  181. data/src/core/lib/channel/channel_args.h +3 -1
  182. data/src/core/lib/channel/channel_stack.h +20 -13
  183. data/src/core/lib/channel/channelz.cc +5 -6
  184. data/src/core/lib/channel/channelz.h +3 -2
  185. data/src/core/lib/channel/channelz_registry.cc +5 -3
  186. data/src/core/lib/channel/connected_channel.cc +7 -5
  187. data/src/core/lib/channel/context.h +1 -1
  188. data/src/core/lib/channel/handshaker.cc +11 -13
  189. data/src/core/lib/channel/handshaker.h +4 -2
  190. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  191. data/src/core/lib/channel/status_util.cc +2 -3
  192. data/src/core/lib/compression/message_compress.cc +5 -1
  193. data/src/core/lib/debug/stats.cc +21 -27
  194. data/src/core/lib/debug/stats.h +3 -1
  195. data/src/core/lib/gpr/spinlock.h +2 -3
  196. data/src/core/lib/gpr/string.cc +2 -26
  197. data/src/core/lib/gpr/string.h +0 -16
  198. data/src/core/lib/gpr/sync_abseil.cc +2 -0
  199. data/src/core/lib/gpr/time.cc +4 -0
  200. data/src/core/lib/gpr/time_posix.cc +1 -1
  201. data/src/core/lib/gprpp/atomic.h +6 -6
  202. data/src/core/lib/gprpp/fork.cc +1 -1
  203. data/src/core/lib/gprpp/host_port.cc +29 -35
  204. data/src/core/lib/gprpp/host_port.h +14 -17
  205. data/src/core/lib/gprpp/map.h +5 -11
  206. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  207. data/src/core/lib/http/format_request.cc +46 -65
  208. data/src/core/lib/http/httpcli.cc +2 -3
  209. data/src/core/lib/http/httpcli.h +2 -3
  210. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  211. data/src/core/lib/http/parser.h +2 -3
  212. data/src/core/lib/iomgr/buffer_list.h +22 -21
  213. data/src/core/lib/iomgr/call_combiner.h +3 -2
  214. data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
  215. data/src/core/lib/iomgr/closure.h +2 -3
  216. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  217. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  218. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  219. data/src/core/lib/iomgr/error.cc +6 -9
  220. data/src/core/lib/iomgr/error.h +0 -1
  221. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  222. data/src/core/lib/iomgr/ev_apple.h +43 -0
  223. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
  224. data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
  225. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
  226. data/src/core/lib/iomgr/ev_posix.cc +2 -3
  227. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  228. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  229. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  230. data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
  231. data/src/core/lib/iomgr/port.h +1 -0
  232. data/src/core/lib/iomgr/python_util.h +46 -0
  233. data/src/core/lib/iomgr/resolve_address.h +4 -6
  234. data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
  235. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  236. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  237. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
  238. data/src/core/lib/iomgr/resource_quota.cc +4 -6
  239. data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
  240. data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
  241. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  242. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  243. data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
  244. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  245. data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
  246. data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
  247. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
  248. data/src/core/lib/iomgr/tcp_custom.cc +2 -3
  249. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
  250. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
  251. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
  252. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
  253. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  254. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  255. data/src/core/lib/iomgr/timer_generic.cc +2 -3
  256. data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
  257. data/src/core/lib/iomgr/timer_heap.h +2 -3
  258. data/src/core/lib/iomgr/udp_server.cc +9 -14
  259. data/src/core/lib/json/json.h +3 -2
  260. data/src/core/lib/json/json_reader.cc +5 -5
  261. data/src/core/lib/json/json_writer.cc +13 -12
  262. data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
  263. data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
  264. data/src/core/lib/security/credentials/credentials.cc +0 -84
  265. data/src/core/lib/security/credentials/credentials.h +8 -59
  266. data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
  267. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
  268. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  269. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  270. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  271. data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
  272. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  273. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
  274. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
  275. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
  276. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
  277. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
  278. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  279. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
  280. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
  281. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
  282. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
  283. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
  284. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  285. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  286. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
  287. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
  288. data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
  289. data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
  290. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
  291. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
  292. data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
  293. data/src/core/lib/slice/slice_intern.cc +2 -3
  294. data/src/core/lib/slice/slice_internal.h +14 -0
  295. data/src/core/lib/slice/slice_utils.h +9 -0
  296. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  297. data/src/core/lib/surface/call.cc +2 -3
  298. data/src/core/lib/surface/call_log_batch.cc +50 -58
  299. data/src/core/lib/surface/channel.cc +53 -31
  300. data/src/core/lib/surface/channel.h +35 -4
  301. data/src/core/lib/surface/channel_ping.cc +2 -3
  302. data/src/core/lib/surface/completion_queue.cc +33 -33
  303. data/src/core/lib/surface/event_string.cc +18 -25
  304. data/src/core/lib/surface/event_string.h +3 -1
  305. data/src/core/lib/surface/init_secure.cc +1 -4
  306. data/src/core/lib/surface/server.cc +570 -369
  307. data/src/core/lib/surface/server.h +32 -0
  308. data/src/core/lib/surface/version.cc +2 -2
  309. data/src/core/lib/transport/byte_stream.h +7 -2
  310. data/src/core/lib/transport/connectivity_state.cc +7 -6
  311. data/src/core/lib/transport/connectivity_state.h +5 -3
  312. data/src/core/lib/transport/metadata.cc +3 -3
  313. data/src/core/lib/transport/metadata_batch.h +2 -3
  314. data/src/core/lib/transport/static_metadata.h +1 -1
  315. data/src/core/lib/transport/status_conversion.cc +6 -14
  316. data/src/core/lib/transport/transport.cc +2 -3
  317. data/src/core/lib/transport/transport.h +3 -2
  318. data/src/core/lib/transport/transport_op_string.cc +61 -102
  319. data/src/core/lib/uri/uri_parser.h +2 -3
  320. data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
  321. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  322. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
  323. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  324. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
  325. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
  326. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  327. data/src/core/tsi/fake_transport_security.cc +10 -15
  328. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  329. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  330. data/src/core/tsi/ssl_transport_security.cc +52 -39
  331. data/src/core/tsi/ssl_transport_security.h +8 -8
  332. data/src/core/tsi/ssl_types.h +0 -2
  333. data/src/core/tsi/transport_security.h +6 -9
  334. data/src/core/tsi/transport_security_grpc.h +2 -3
  335. data/src/core/tsi/transport_security_interface.h +3 -3
  336. data/src/ruby/ext/grpc/rb_call.c +9 -1
  337. data/src/ruby/lib/grpc/errors.rb +103 -42
  338. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  339. data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
  340. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  341. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  342. data/src/ruby/lib/grpc/structs.rb +1 -1
  343. data/src/ruby/lib/grpc/version.rb +1 -1
  344. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  345. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
  346. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  347. data/src/ruby/spec/debug_message_spec.rb +134 -0
  348. data/src/ruby/spec/generic/service_spec.rb +2 -0
  349. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
  350. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
  351. data/src/ruby/spec/testdata/ca.pem +18 -13
  352. data/src/ruby/spec/testdata/client.key +26 -14
  353. data/src/ruby/spec/testdata/client.pem +18 -12
  354. data/src/ruby/spec/testdata/server1.key +26 -14
  355. data/src/ruby/spec/testdata/server1.pem +20 -14
  356. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  357. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  358. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  359. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  360. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  361. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  362. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  363. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  364. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  365. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  366. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  367. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  368. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  369. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  370. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  371. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  372. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  373. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  374. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  375. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  376. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  377. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  378. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  379. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  380. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  381. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  382. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  383. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  384. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  385. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  386. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  387. data/third_party/boringssl-with-bazel/err_data.c +329 -297
  388. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
  389. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
  390. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
  391. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  392. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
  393. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
  394. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
  395. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
  396. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
  397. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  399. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  400. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
  401. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
  403. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
  437. data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
  438. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
  439. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
  440. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
  442. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  445. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  446. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
  447. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
  448. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
  449. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
  450. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
  451. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
  452. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  453. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
  454. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
  455. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
  456. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
  457. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
  458. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
  459. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
  460. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
  461. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
  462. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  463. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
  464. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
  465. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
  466. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
  467. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
  468. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
  469. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
  470. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
  471. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
  472. data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
  473. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
  474. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  475. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
  476. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
  477. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
  478. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
  479. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
  480. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
  481. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
  482. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
  483. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
  484. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
  485. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
  486. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
  487. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
  488. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
  489. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
  490. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
  491. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
  492. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
  493. metadata +111 -37
  494. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
  495. data/src/core/lib/gprpp/string_view.h +0 -60
  496. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
  497. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
@@ -0,0 +1,49 @@
1
+ /* Copyright (c) 2020, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #ifndef OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
16
+ #define OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
17
+
18
+ #include <openssl/base.h>
19
+
20
+ #if defined(__cplusplus)
21
+ extern "C" {
22
+ #endif
23
+
24
+
25
+ // crypto_get_fork_generation returns the fork generation number for the current
26
+ // process, or zero if not supported on the platform. The fork generation number
27
+ // is a non-zero, strictly-monotonic counter with the property that, if queried
28
+ // in an address space and then again in a subsequently forked copy, the forked
29
+ // address space will observe a greater value.
30
+ //
31
+ // This function may be used to clear cached values across a fork. When
32
+ // initializing a cache, record the fork generation. Before using the cache,
33
+ // check if the fork generation has changed. If so, drop the cache and update
34
+ // the save fork generation. Note this logic transparently handles platforms
35
+ // which always return zero.
36
+ //
37
+ // This is not reliably supported on all platforms which implement |fork|, so it
38
+ // should only be used as a hardening measure.
39
+ OPENSSL_EXPORT uint64_t CRYPTO_get_fork_generation(void);
40
+
41
+ // CRYPTO_fork_detect_ignore_madv_wipeonfork_for_testing is an internal detail
42
+ // used for testing purposes.
43
+ OPENSSL_EXPORT void CRYPTO_fork_detect_ignore_madv_wipeonfork_for_testing(void);
44
+
45
+ #if defined(__cplusplus)
46
+ } // extern C
47
+ #endif
48
+
49
+ #endif // OPENSSL_HEADER_CRYPTO_FORK_DETECT_H
@@ -0,0 +1,64 @@
1
+ /* Copyright (c) 2020, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #ifndef OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H
16
+ #define OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H
17
+
18
+ #include <openssl/base.h>
19
+
20
+
21
+ #if defined(OPENSSL_LINUX)
22
+
23
+ #include <sys/syscall.h>
24
+
25
+ #if defined(OPENSSL_X86_64)
26
+ #define EXPECTED_NR_getrandom 318
27
+ #elif defined(OPENSSL_X86)
28
+ #define EXPECTED_NR_getrandom 355
29
+ #elif defined(OPENSSL_AARCH64)
30
+ #define EXPECTED_NR_getrandom 278
31
+ #elif defined(OPENSSL_ARM)
32
+ #define EXPECTED_NR_getrandom 384
33
+ #elif defined(OPENSSL_PPC64LE)
34
+ #define EXPECTED_NR_getrandom 359
35
+ #endif
36
+
37
+ #if defined(EXPECTED_NR_getrandom)
38
+ #define USE_NR_getrandom
39
+
40
+ #if defined(__NR_getrandom)
41
+
42
+ #if __NR_getrandom != EXPECTED_NR_getrandom
43
+ #error "system call number for getrandom is not the expected value"
44
+ #endif
45
+
46
+ #else // __NR_getrandom
47
+
48
+ #define __NR_getrandom EXPECTED_NR_getrandom
49
+
50
+ #endif // __NR_getrandom
51
+
52
+ #endif // EXPECTED_NR_getrandom
53
+
54
+ #if !defined(GRND_NONBLOCK)
55
+ #define GRND_NONBLOCK 1
56
+ #endif
57
+ #if !defined(GRND_RANDOM)
58
+ #define GRND_RANDOM 2
59
+ #endif
60
+
61
+ #endif // OPENSSL_LINUX
62
+
63
+
64
+ #endif // OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H
@@ -40,17 +40,33 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
40
40
  // system.
41
41
  void CRYPTO_sysrand(uint8_t *buf, size_t len);
42
42
 
43
- #if defined(OPENSSL_URANDOM) || defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
43
+ #if defined(OPENSSL_URANDOM)
44
+ // CRYPTO_init_sysrand initializes long-lived resources needed to draw entropy
45
+ // from the operating system.
46
+ void CRYPTO_init_sysrand(void);
47
+
44
48
  // CRYPTO_sysrand_for_seed fills |len| bytes at |buf| with entropy from the
45
49
  // operating system. It may draw from the |GRND_RANDOM| pool on Android,
46
50
  // depending on the vendor's configuration.
47
51
  void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len);
48
52
 
49
53
  // CRYPTO_sysrand_if_available fills |len| bytes at |buf| with entropy from the
50
- // operating system, if the entropy pool is initialized. If it is uninitialized,
51
- // it will not block and will instead fill |buf| with all zeros or early
52
- // /dev/urandom output.
53
- void CRYPTO_sysrand_if_available(uint8_t *buf, size_t len);
54
+ // operating system, or early /dev/urandom data, and returns 1, _if_ the entropy
55
+ // pool is initialized or if getrandom() is not available and not in FIPS mode.
56
+ // Otherwise it will not block and will instead fill |buf| with all zeros and
57
+ // return 0.
58
+ int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len);
59
+ #else
60
+ OPENSSL_INLINE void CRYPTO_init_sysrand(void) {}
61
+
62
+ OPENSSL_INLINE void CRYPTO_sysrand_for_seed(uint8_t *buf, size_t len) {
63
+ CRYPTO_sysrand(buf, len);
64
+ }
65
+
66
+ OPENSSL_INLINE int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
67
+ CRYPTO_sysrand(buf, len);
68
+ return 1;
69
+ }
54
70
  #endif
55
71
 
56
72
  // rand_fork_unsafe_buffering_enabled returns whether fork-unsafe buffering has
@@ -105,10 +121,19 @@ OPENSSL_EXPORT void CTR_DRBG_clear(CTR_DRBG_STATE *drbg);
105
121
 
106
122
 
107
123
  #if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
124
+
108
125
  OPENSSL_INLINE int have_rdrand(void) {
109
126
  return (OPENSSL_ia32cap_get()[1] & (1u << 30)) != 0;
110
127
  }
111
128
 
129
+ // have_fast_rdrand returns true if RDRAND is supported and it's reasonably
130
+ // fast. Concretely the latter is defined by whether the chip is Intel (fast) or
131
+ // not (assumed slow).
132
+ OPENSSL_INLINE int have_fast_rdrand(void) {
133
+ const uint32_t *const ia32cap = OPENSSL_ia32cap_get();
134
+ return (ia32cap[1] & (1u << 30)) && (ia32cap[0] & (1u << 30));
135
+ }
136
+
112
137
  // CRYPTO_rdrand writes eight bytes of random data from the hardware RNG to
113
138
  // |out|. It returns one on success or zero on hardware failure.
114
139
  int CRYPTO_rdrand(uint8_t out[8]);
@@ -117,6 +142,17 @@ int CRYPTO_rdrand(uint8_t out[8]);
117
142
  // the hardware RNG. The |len| argument must be a multiple of eight. It returns
118
143
  // one on success and zero on hardware failure.
119
144
  int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len);
145
+
146
+ #else // OPENSSL_X86_64 && !OPENSSL_NO_ASM
147
+
148
+ OPENSSL_INLINE int have_rdrand(void) {
149
+ return 0;
150
+ }
151
+
152
+ OPENSSL_INLINE int have_fast_rdrand(void) {
153
+ return 0;
154
+ }
155
+
120
156
  #endif // OPENSSL_X86_64 && !OPENSSL_NO_ASM
121
157
 
122
158
 
@@ -27,6 +27,7 @@
27
27
  #include <openssl/mem.h>
28
28
 
29
29
  #include "internal.h"
30
+ #include "fork_detect.h"
30
31
  #include "../../internal.h"
31
32
  #include "../delocate.h"
32
33
 
@@ -57,6 +58,7 @@ static const unsigned kReseedInterval = 4096;
57
58
  // rand_thread_state contains the per-thread state for the RNG.
58
59
  struct rand_thread_state {
59
60
  CTR_DRBG_STATE drbg;
61
+ uint64_t fork_generation;
60
62
  // calls is the number of generate calls made on |drbg| since it was last
61
63
  // (re)seeded. This is bound by |kReseedInterval|.
62
64
  unsigned calls;
@@ -125,11 +127,9 @@ static void rand_thread_state_free(void *state_in) {
125
127
 
126
128
  #if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \
127
129
  !defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
128
- static int hwrand(uint8_t *buf, const size_t len) {
129
- if (!have_rdrand()) {
130
- return 0;
131
- }
132
-
130
+ // rdrand should only be called if either |have_rdrand| or |have_fast_rdrand|
131
+ // returned true.
132
+ static int rdrand(uint8_t *buf, const size_t len) {
133
133
  const size_t len_multiple8 = len & ~7;
134
134
  if (!CRYPTO_rdrand_multiple8_buf(buf, len_multiple8)) {
135
135
  return 0;
@@ -157,7 +157,7 @@ static int hwrand(uint8_t *buf, const size_t len) {
157
157
 
158
158
  #else
159
159
 
160
- static int hwrand(uint8_t *buf, size_t len) {
160
+ static int rdrand(uint8_t *buf, size_t len) {
161
161
  return 0;
162
162
  }
163
163
 
@@ -168,7 +168,8 @@ static int hwrand(uint8_t *buf, size_t len) {
168
168
  static void rand_get_seed(struct rand_thread_state *state,
169
169
  uint8_t seed[CTR_DRBG_ENTROPY_LEN]) {
170
170
  if (!state->last_block_valid) {
171
- if (!hwrand(state->last_block, sizeof(state->last_block))) {
171
+ if (!have_rdrand() ||
172
+ !rdrand(state->last_block, sizeof(state->last_block))) {
172
173
  CRYPTO_sysrand_for_seed(state->last_block, sizeof(state->last_block));
173
174
  }
174
175
  state->last_block_valid = 1;
@@ -179,8 +180,8 @@ static void rand_get_seed(struct rand_thread_state *state,
179
180
  #define FIPS_OVERREAD 10
180
181
  uint8_t entropy[CTR_DRBG_ENTROPY_LEN * FIPS_OVERREAD];
181
182
 
182
- int used_hwrand = hwrand(entropy, sizeof(entropy));
183
- if (!used_hwrand) {
183
+ int used_rdrand = have_rdrand() && rdrand(entropy, sizeof(entropy));
184
+ if (!used_rdrand) {
184
185
  CRYPTO_sysrand_for_seed(entropy, sizeof(entropy));
185
186
  }
186
187
 
@@ -215,7 +216,7 @@ static void rand_get_seed(struct rand_thread_state *state,
215
216
  #if defined(OPENSSL_URANDOM)
216
217
  // If we used RDRAND, also opportunistically read from the system. This avoids
217
218
  // solely relying on the hardware once the entropy pool has been initialized.
218
- if (used_hwrand) {
219
+ if (used_rdrand) {
219
220
  CRYPTO_sysrand_if_available(entropy, CTR_DRBG_ENTROPY_LEN);
220
221
  for (size_t i = 0; i < CTR_DRBG_ENTROPY_LEN; i++) {
221
222
  seed[i] ^= entropy[i];
@@ -241,20 +242,31 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
241
242
  return;
242
243
  }
243
244
 
245
+ const uint64_t fork_generation = CRYPTO_get_fork_generation();
246
+
244
247
  // Additional data is mixed into every CTR-DRBG call to protect, as best we
245
248
  // can, against forks & VM clones. We do not over-read this information and
246
249
  // don't reseed with it so, from the point of view of FIPS, this doesn't
247
250
  // provide “prediction resistance”. But, in practice, it does.
248
251
  uint8_t additional_data[32];
249
- if (!hwrand(additional_data, sizeof(additional_data))) {
252
+ // Intel chips have fast RDRAND instructions while, in other cases, RDRAND can
253
+ // be _slower_ than a system call.
254
+ if (!have_fast_rdrand() ||
255
+ !rdrand(additional_data, sizeof(additional_data))) {
250
256
  // Without a hardware RNG to save us from address-space duplication, the OS
251
257
  // entropy is used. This can be expensive (one read per |RAND_bytes| call)
252
- // and so can be disabled by applications that we have ensured don't fork
253
- // and aren't at risk of VM cloning.
254
- if (!rand_fork_unsafe_buffering_enabled()) {
255
- CRYPTO_sysrand(additional_data, sizeof(additional_data));
256
- } else {
258
+ // and so is disabled when we have fork detection, or if the application has
259
+ // promised not to fork.
260
+ if (fork_generation != 0 || rand_fork_unsafe_buffering_enabled()) {
257
261
  OPENSSL_memset(additional_data, 0, sizeof(additional_data));
262
+ } else if (!have_rdrand()) {
263
+ // No alternative so block for OS entropy.
264
+ CRYPTO_sysrand(additional_data, sizeof(additional_data));
265
+ } else if (!CRYPTO_sysrand_if_available(additional_data,
266
+ sizeof(additional_data)) &&
267
+ !rdrand(additional_data, sizeof(additional_data))) {
268
+ // RDRAND failed: block for OS entropy.
269
+ CRYPTO_sysrand(additional_data, sizeof(additional_data));
258
270
  }
259
271
  }
260
272
 
@@ -283,6 +295,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
283
295
  abort();
284
296
  }
285
297
  state->calls = 0;
298
+ state->fork_generation = fork_generation;
286
299
 
287
300
  #if defined(BORINGSSL_FIPS)
288
301
  if (state != &stack_state) {
@@ -299,7 +312,8 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
299
312
  #endif
300
313
  }
301
314
 
302
- if (state->calls >= kReseedInterval) {
315
+ if (state->calls >= kReseedInterval ||
316
+ state->fork_generation != fork_generation) {
303
317
  uint8_t seed[CTR_DRBG_ENTROPY_LEN];
304
318
  rand_get_seed(state, seed);
305
319
  #if defined(BORINGSSL_FIPS)
@@ -317,6 +331,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
317
331
  abort();
318
332
  }
319
333
  state->calls = 0;
334
+ state->fork_generation = fork_generation;
320
335
  } else {
321
336
  #if defined(BORINGSSL_FIPS)
322
337
  CRYPTO_STATIC_MUTEX_lock_read(thread_states_list_lock_bss_get());
@@ -65,38 +65,12 @@
65
65
  #include <openssl/thread.h>
66
66
  #include <openssl/mem.h>
67
67
 
68
+ #include "getrandom_fillin.h"
68
69
  #include "../delocate.h"
69
70
  #include "../../internal.h"
70
71
 
71
72
 
72
- #if defined(OPENSSL_LINUX)
73
-
74
- #if defined(OPENSSL_X86_64)
75
- #define EXPECTED_NR_getrandom 318
76
- #elif defined(OPENSSL_X86)
77
- #define EXPECTED_NR_getrandom 355
78
- #elif defined(OPENSSL_AARCH64)
79
- #define EXPECTED_NR_getrandom 278
80
- #elif defined(OPENSSL_ARM)
81
- #define EXPECTED_NR_getrandom 384
82
- #elif defined(OPENSSL_PPC64LE)
83
- #define EXPECTED_NR_getrandom 359
84
- #endif
85
-
86
- #if defined(EXPECTED_NR_getrandom)
87
- #define USE_NR_getrandom
88
-
89
- #if defined(__NR_getrandom)
90
-
91
- #if __NR_getrandom != EXPECTED_NR_getrandom
92
- #error "system call number for getrandom is not the expected value"
93
- #endif
94
-
95
- #else // __NR_getrandom
96
-
97
- #define __NR_getrandom EXPECTED_NR_getrandom
98
-
99
- #endif // __NR_getrandom
73
+ #if defined(USE_NR_getrandom)
100
74
 
101
75
  #if defined(OPENSSL_MSAN)
102
76
  void __msan_unpoison(void *, size_t);
@@ -119,28 +93,12 @@ static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) {
119
93
  return ret;
120
94
  }
121
95
 
122
- #endif // EXPECTED_NR_getrandom
123
-
124
- #if !defined(GRND_NONBLOCK)
125
- #define GRND_NONBLOCK 1
126
- #endif
127
- #if !defined(GRND_RANDOM)
128
- #define GRND_RANDOM 2
129
- #endif
130
-
131
- #endif // OPENSSL_LINUX
132
-
133
- // rand_lock is used to protect the |*_requested| variables.
134
- DEFINE_STATIC_MUTEX(rand_lock)
96
+ #endif // USE_NR_getrandom
135
97
 
136
- // The following constants are magic values of |urandom_fd|.
137
- static const int kUnset = 0;
98
+ // kHaveGetrandom in |urandom_fd| signals that |getrandom| or |getentropy| is
99
+ // available and should be used instead.
138
100
  static const int kHaveGetrandom = -3;
139
101
 
140
- // urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by
141
- // |rand_lock|.
142
- DEFINE_BSS_GET(int, urandom_fd_requested)
143
-
144
102
  // urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
145
103
  DEFINE_BSS_GET(int, urandom_fd)
146
104
 
@@ -179,14 +137,9 @@ static void maybe_set_extra_getrandom_flags(void) {
179
137
  DEFINE_STATIC_ONCE(rand_once)
180
138
 
181
139
  // init_once initializes the state of this module to values previously
182
- // requested. This is the only function that modifies |urandom_fd| and
183
- // |urandom_buffering|, whose values may be read safely after calling the
184
- // once.
140
+ // requested. This is the only function that modifies |urandom_fd|, which may be
141
+ // read safely after calling the once.
185
142
  static void init_once(void) {
186
- CRYPTO_STATIC_MUTEX_lock_read(rand_lock_bss_get());
187
- int fd = *urandom_fd_requested_bss_get();
188
- CRYPTO_STATIC_MUTEX_unlock_read(rand_lock_bss_get());
189
-
190
143
  #if defined(USE_NR_getrandom)
191
144
  int have_getrandom;
192
145
  uint8_t dummy;
@@ -229,31 +182,16 @@ static void init_once(void) {
229
182
  abort();
230
183
  #endif
231
184
 
232
- if (fd == kUnset) {
233
- do {
234
- fd = open("/dev/urandom", O_RDONLY);
235
- } while (fd == -1 && errno == EINTR);
236
- }
185
+ int fd;
186
+ do {
187
+ fd = open("/dev/urandom", O_RDONLY);
188
+ } while (fd == -1 && errno == EINTR);
237
189
 
238
190
  if (fd < 0) {
239
191
  perror("failed to open /dev/urandom");
240
192
  abort();
241
193
  }
242
194
 
243
- assert(kUnset == 0);
244
- if (fd == kUnset) {
245
- // Because we want to keep |urandom_fd| in the BSS, we have to initialise
246
- // it to zero. But zero is a valid file descriptor too. Thus if open
247
- // returns zero for /dev/urandom, we dup it to get a non-zero number.
248
- fd = dup(fd);
249
- close(kUnset);
250
-
251
- if (fd <= 0) {
252
- perror("failed to dup /dev/urandom fd");
253
- abort();
254
- }
255
- }
256
-
257
195
  int flags = fcntl(fd, F_GETFD);
258
196
  if (flags == -1) {
259
197
  // Native Client doesn't implement |fcntl|.
@@ -342,40 +280,6 @@ static void wait_for_entropy(void) {
342
280
  #endif // BORINGSSL_FIPS
343
281
  }
344
282
 
345
- void RAND_set_urandom_fd(int fd) {
346
- fd = dup(fd);
347
- if (fd < 0) {
348
- perror("failed to dup supplied urandom fd");
349
- abort();
350
- }
351
-
352
- assert(kUnset == 0);
353
- if (fd == kUnset) {
354
- // Because we want to keep |urandom_fd| in the BSS, we have to initialise
355
- // it to zero. But zero is a valid file descriptor too. Thus if dup
356
- // returned zero we dup it again to get a non-zero number.
357
- fd = dup(fd);
358
- close(kUnset);
359
-
360
- if (fd <= 0) {
361
- perror("failed to dup supplied urandom fd");
362
- abort();
363
- }
364
- }
365
-
366
- CRYPTO_STATIC_MUTEX_lock_write(rand_lock_bss_get());
367
- *urandom_fd_requested_bss_get() = fd;
368
- CRYPTO_STATIC_MUTEX_unlock_write(rand_lock_bss_get());
369
-
370
- CRYPTO_once(rand_once_bss_get(), init_once);
371
- if (*urandom_fd_bss_get() == kHaveGetrandom) {
372
- close(fd);
373
- } else if (*urandom_fd_bss_get() != fd) {
374
- fprintf(stderr, "RAND_set_urandom_fd called after initialisation.\n");
375
- abort();
376
- }
377
- }
378
-
379
283
  // fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
380
284
  // on success and zero on error. If |block| is one, this function will block
381
285
  // until the entropy pool is initialized. Otherwise, this function may fail,
@@ -397,7 +301,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
397
301
  }
398
302
  #endif
399
303
 
400
- CRYPTO_once(rand_once_bss_get(), init_once);
304
+ CRYPTO_init_sysrand();
401
305
  if (block) {
402
306
  CRYPTO_once(wait_for_entropy_once_bss_get(), wait_for_entropy);
403
307
  }
@@ -452,6 +356,10 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
452
356
  }
453
357
  }
454
358
 
359
+ void CRYPTO_init_sysrand(void) {
360
+ CRYPTO_once(rand_once_bss_get(), init_once);
361
+ }
362
+
455
363
  #if defined(BORINGSSL_FIPS)
456
364
  void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
457
365
  if (!fill_with_entropy(out, requested, /*block=*/1, /*seed=*/1)) {
@@ -466,16 +374,18 @@ void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
466
374
  #endif
467
375
  }
468
376
 
469
- void CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) {
470
- // Return all zeros if |fill_with_entropy| fails.
471
- OPENSSL_memset(out, 0, requested);
377
+ #endif // BORINGSSL_FIPS
472
378
 
473
- if (!fill_with_entropy(out, requested, /*block=*/0, /*seed=*/0) &&
474
- errno != EAGAIN) {
379
+ int CRYPTO_sysrand_if_available(uint8_t *out, size_t requested) {
380
+ if (fill_with_entropy(out, requested, /*block=*/0, /*seed=*/0)) {
381
+ return 1;
382
+ } else if (errno == EAGAIN) {
383
+ OPENSSL_memset(out, 0, requested);
384
+ return 0;
385
+ } else {
475
386
  perror("opportunistic entropy fill failed");
476
387
  abort();
477
388
  }
478
389
  }
479
- #endif // BORINGSSL_FIPS
480
390
 
481
391
  #endif // OPENSSL_URANDOM