grpc 1.28.0 → 1.30.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +7694 -11190
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +19 -21
- data/include/grpc/impl/codegen/port_platform.h +6 -2
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +212 -241
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
- data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
- data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
- data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +5 -5
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +52 -39
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +329 -297
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- metadata +115 -39
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
@@ -167,6 +167,10 @@ void BN_BLINDING_free(BN_BLINDING *r) {
|
|
167
167
|
OPENSSL_free(r);
|
168
168
|
}
|
169
169
|
|
170
|
+
void BN_BLINDING_invalidate(BN_BLINDING *b) {
|
171
|
+
b->counter = BN_BLINDING_COUNTER - 1;
|
172
|
+
}
|
173
|
+
|
170
174
|
static int bn_blinding_update(BN_BLINDING *b, const BIGNUM *e,
|
171
175
|
const BN_MONT_CTX *mont, BN_CTX *ctx) {
|
172
176
|
if (++b->counter == BN_BLINDING_COUNTER) {
|
@@ -83,6 +83,7 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
|
83
83
|
|
84
84
|
BN_BLINDING *BN_BLINDING_new(void);
|
85
85
|
void BN_BLINDING_free(BN_BLINDING *b);
|
86
|
+
void BN_BLINDING_invalidate(BN_BLINDING *b);
|
86
87
|
int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, const BIGNUM *e,
|
87
88
|
const BN_MONT_CTX *mont_ctx, BN_CTX *ctx);
|
88
89
|
int BN_BLINDING_invert(BIGNUM *n, const BN_BLINDING *b, BN_MONT_CTX *mont_ctx,
|
@@ -167,6 +167,22 @@ int RSA_up_ref(RSA *rsa) {
|
|
167
167
|
|
168
168
|
unsigned RSA_bits(const RSA *rsa) { return BN_num_bits(rsa->n); }
|
169
169
|
|
170
|
+
const BIGNUM *RSA_get0_n(const RSA *rsa) { return rsa->n; }
|
171
|
+
|
172
|
+
const BIGNUM *RSA_get0_e(const RSA *rsa) { return rsa->e; }
|
173
|
+
|
174
|
+
const BIGNUM *RSA_get0_d(const RSA *rsa) { return rsa->d; }
|
175
|
+
|
176
|
+
const BIGNUM *RSA_get0_p(const RSA *rsa) { return rsa->p; }
|
177
|
+
|
178
|
+
const BIGNUM *RSA_get0_q(const RSA *rsa) { return rsa->q; }
|
179
|
+
|
180
|
+
const BIGNUM *RSA_get0_dmp1(const RSA *rsa) { return rsa->dmp1; }
|
181
|
+
|
182
|
+
const BIGNUM *RSA_get0_dmq1(const RSA *rsa) { return rsa->dmq1; }
|
183
|
+
|
184
|
+
const BIGNUM *RSA_get0_iqmp(const RSA *rsa) { return rsa->iqmp; }
|
185
|
+
|
170
186
|
void RSA_get0_key(const RSA *rsa, const BIGNUM **out_n, const BIGNUM **out_e,
|
171
187
|
const BIGNUM **out_d) {
|
172
188
|
if (out_n != NULL) {
|
@@ -639,7 +655,12 @@ err:
|
|
639
655
|
}
|
640
656
|
|
641
657
|
static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv,
|
642
|
-
const BIGNUM *m,
|
658
|
+
const BIGNUM *m, BN_CTX *ctx) {
|
659
|
+
if (BN_is_negative(ainv) || BN_cmp(ainv, m) >= 0) {
|
660
|
+
*out_ok = 0;
|
661
|
+
return 1;
|
662
|
+
}
|
663
|
+
|
643
664
|
BN_CTX_start(ctx);
|
644
665
|
BIGNUM *tmp = BN_CTX_get(ctx);
|
645
666
|
int ret = tmp != NULL &&
|
@@ -647,19 +668,12 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv,
|
|
647
668
|
bn_div_consttime(NULL, tmp, tmp, m, ctx);
|
648
669
|
if (ret) {
|
649
670
|
*out_ok = BN_is_one(tmp);
|
650
|
-
if (check_reduced && (BN_is_negative(ainv) || BN_cmp(ainv, m) >= 0)) {
|
651
|
-
*out_ok = 0;
|
652
|
-
}
|
653
671
|
}
|
654
672
|
BN_CTX_end(ctx);
|
655
673
|
return ret;
|
656
674
|
}
|
657
675
|
|
658
676
|
int RSA_check_key(const RSA *key) {
|
659
|
-
BIGNUM n, pm1, qm1, lcm, dmp1, dmq1, iqmp_times_q;
|
660
|
-
BN_CTX *ctx;
|
661
|
-
int ok = 0, has_crt_values;
|
662
|
-
|
663
677
|
if (RSA_is_opaque(key)) {
|
664
678
|
// Opaque keys can't be checked.
|
665
679
|
return 1;
|
@@ -681,50 +695,53 @@ int RSA_check_key(const RSA *key) {
|
|
681
695
|
return 1;
|
682
696
|
}
|
683
697
|
|
684
|
-
ctx = BN_CTX_new();
|
698
|
+
BN_CTX *ctx = BN_CTX_new();
|
685
699
|
if (ctx == NULL) {
|
686
700
|
OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
|
687
701
|
return 0;
|
688
702
|
}
|
689
703
|
|
690
|
-
|
704
|
+
BIGNUM tmp, de, pm1, qm1, dmp1, dmq1;
|
705
|
+
int ok = 0;
|
706
|
+
BN_init(&tmp);
|
707
|
+
BN_init(&de);
|
691
708
|
BN_init(&pm1);
|
692
709
|
BN_init(&qm1);
|
693
|
-
BN_init(&lcm);
|
694
710
|
BN_init(&dmp1);
|
695
711
|
BN_init(&dmq1);
|
696
|
-
|
697
|
-
|
698
|
-
int d_ok;
|
699
|
-
if (!bn_mul_consttime(&n, key->p, key->q, ctx) ||
|
700
|
-
// lcm = lcm(p, q)
|
701
|
-
!bn_usub_consttime(&pm1, key->p, BN_value_one()) ||
|
702
|
-
!bn_usub_consttime(&qm1, key->q, BN_value_one()) ||
|
703
|
-
!bn_lcm_consttime(&lcm, &pm1, &qm1, ctx) ||
|
704
|
-
// Other implementations use the Euler totient rather than the Carmichael
|
705
|
-
// totient, so allow unreduced |key->d|.
|
706
|
-
!check_mod_inverse(&d_ok, key->e, key->d, &lcm,
|
707
|
-
0 /* don't require reduced */, ctx)) {
|
712
|
+
if (!bn_mul_consttime(&tmp, key->p, key->q, ctx)) {
|
708
713
|
OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
|
709
714
|
goto out;
|
710
715
|
}
|
711
716
|
|
712
|
-
if (BN_cmp(&
|
717
|
+
if (BN_cmp(&tmp, key->n) != 0) {
|
713
718
|
OPENSSL_PUT_ERROR(RSA, RSA_R_N_NOT_EQUAL_P_Q);
|
714
719
|
goto out;
|
715
720
|
}
|
716
721
|
|
717
|
-
if (
|
718
|
-
OPENSSL_PUT_ERROR(RSA,
|
722
|
+
if (BN_is_negative(key->d) || BN_cmp(key->d, key->n) >= 0) {
|
723
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_D_OUT_OF_RANGE);
|
719
724
|
goto out;
|
720
725
|
}
|
721
726
|
|
722
|
-
|
723
|
-
|
727
|
+
// d must be an inverse of e mod the Carmichael totient, lcm(p-1, q-1), but it
|
728
|
+
// may be unreduced because other implementations use the Euler totient. We
|
729
|
+
// simply check that d * e is one mod p-1 and mod q-1.
|
730
|
+
if (!bn_usub_consttime(&pm1, key->p, BN_value_one()) ||
|
731
|
+
!bn_usub_consttime(&qm1, key->q, BN_value_one()) ||
|
732
|
+
!bn_mul_consttime(&de, key->d, key->e, ctx) ||
|
733
|
+
!bn_div_consttime(NULL, &tmp, &de, &pm1, ctx) ||
|
734
|
+
!bn_div_consttime(NULL, &de, &de, &qm1, ctx)) {
|
735
|
+
OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
|
736
|
+
goto out;
|
737
|
+
}
|
738
|
+
|
739
|
+
if (!BN_is_one(&tmp) || !BN_is_one(&de)) {
|
740
|
+
OPENSSL_PUT_ERROR(RSA, RSA_R_D_E_NOT_CONGRUENT_TO_1);
|
724
741
|
goto out;
|
725
742
|
}
|
726
743
|
|
727
|
-
has_crt_values = key->dmp1 != NULL;
|
744
|
+
int has_crt_values = key->dmp1 != NULL;
|
728
745
|
if (has_crt_values != (key->dmq1 != NULL) ||
|
729
746
|
has_crt_values != (key->iqmp != NULL)) {
|
730
747
|
OPENSSL_PUT_ERROR(RSA, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES);
|
@@ -733,12 +750,9 @@ int RSA_check_key(const RSA *key) {
|
|
733
750
|
|
734
751
|
if (has_crt_values) {
|
735
752
|
int dmp1_ok, dmq1_ok, iqmp_ok;
|
736
|
-
if (!check_mod_inverse(&dmp1_ok, key->e, key->dmp1, &pm1,
|
737
|
-
|
738
|
-
!check_mod_inverse(&
|
739
|
-
1 /* check reduced */, ctx) ||
|
740
|
-
!check_mod_inverse(&iqmp_ok, key->q, key->iqmp, key->p,
|
741
|
-
1 /* check reduced */, ctx)) {
|
753
|
+
if (!check_mod_inverse(&dmp1_ok, key->e, key->dmp1, &pm1, ctx) ||
|
754
|
+
!check_mod_inverse(&dmq1_ok, key->e, key->dmq1, &qm1, ctx) ||
|
755
|
+
!check_mod_inverse(&iqmp_ok, key->q, key->iqmp, key->p, ctx)) {
|
742
756
|
OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
|
743
757
|
goto out;
|
744
758
|
}
|
@@ -752,13 +766,12 @@ int RSA_check_key(const RSA *key) {
|
|
752
766
|
ok = 1;
|
753
767
|
|
754
768
|
out:
|
755
|
-
BN_free(&
|
769
|
+
BN_free(&tmp);
|
770
|
+
BN_free(&de);
|
756
771
|
BN_free(&pm1);
|
757
772
|
BN_free(&qm1);
|
758
|
-
BN_free(&lcm);
|
759
773
|
BN_free(&dmp1);
|
760
774
|
BN_free(&dmq1);
|
761
|
-
BN_free(&iqmp_times_q);
|
762
775
|
BN_CTX_free(ctx);
|
763
776
|
|
764
777
|
return ok;
|
@@ -70,6 +70,7 @@
|
|
70
70
|
#include "../bn/internal.h"
|
71
71
|
#include "../../internal.h"
|
72
72
|
#include "../delocate.h"
|
73
|
+
#include "../rand/fork_detect.h"
|
73
74
|
|
74
75
|
|
75
76
|
static int check_modulus_and_exponent_sizes(const RSA *rsa) {
|
@@ -345,7 +346,7 @@ err:
|
|
345
346
|
// MAX_BLINDINGS_PER_RSA defines the maximum number of cached BN_BLINDINGs per
|
346
347
|
// RSA*. Then this limit is exceeded, BN_BLINDING objects will be created and
|
347
348
|
// destroyed as needed.
|
348
|
-
#if defined(
|
349
|
+
#if defined(OPENSSL_TSAN)
|
349
350
|
// Smaller under TSAN so that the edge case can be hit with fewer threads.
|
350
351
|
#define MAX_BLINDINGS_PER_RSA 2
|
351
352
|
#else
|
@@ -365,8 +366,21 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used,
|
|
365
366
|
assert(rsa->mont_n != NULL);
|
366
367
|
|
367
368
|
BN_BLINDING *ret = NULL;
|
369
|
+
const uint64_t fork_generation = CRYPTO_get_fork_generation();
|
368
370
|
CRYPTO_MUTEX_lock_write(&rsa->lock);
|
369
371
|
|
372
|
+
// Wipe the blinding cache on |fork|.
|
373
|
+
if (rsa->blinding_fork_generation != fork_generation) {
|
374
|
+
for (unsigned i = 0; i < rsa->num_blindings; i++) {
|
375
|
+
// The inuse flag must be zero unless we were forked from a
|
376
|
+
// multi-threaded process, in which case calling back into BoringSSL is
|
377
|
+
// forbidden.
|
378
|
+
assert(rsa->blindings_inuse[i] == 0);
|
379
|
+
BN_BLINDING_invalidate(rsa->blindings[i]);
|
380
|
+
}
|
381
|
+
rsa->blinding_fork_generation = fork_generation;
|
382
|
+
}
|
383
|
+
|
370
384
|
uint8_t *const free_inuse_flag =
|
371
385
|
OPENSSL_memchr(rsa->blindings_inuse, 0, rsa->num_blindings);
|
372
386
|
if (free_inuse_flag != NULL) {
|
@@ -105,6 +105,23 @@ int SHA512_Init(SHA512_CTX *sha) {
|
|
105
105
|
return 1;
|
106
106
|
}
|
107
107
|
|
108
|
+
int SHA512_256_Init(SHA512_CTX *sha) {
|
109
|
+
sha->h[0] = UINT64_C(0x22312194fc2bf72c);
|
110
|
+
sha->h[1] = UINT64_C(0x9f555fa3c84c64c2);
|
111
|
+
sha->h[2] = UINT64_C(0x2393b86b6f53b151);
|
112
|
+
sha->h[3] = UINT64_C(0x963877195940eabd);
|
113
|
+
sha->h[4] = UINT64_C(0x96283ee2a88effe3);
|
114
|
+
sha->h[5] = UINT64_C(0xbe5e1e2553863992);
|
115
|
+
sha->h[6] = UINT64_C(0x2b0199fc2c85b8aa);
|
116
|
+
sha->h[7] = UINT64_C(0x0eb72ddc81c52ca2);
|
117
|
+
|
118
|
+
sha->Nl = 0;
|
119
|
+
sha->Nh = 0;
|
120
|
+
sha->num = 0;
|
121
|
+
sha->md_len = SHA512_256_DIGEST_LENGTH;
|
122
|
+
return 1;
|
123
|
+
}
|
124
|
+
|
108
125
|
uint8_t *SHA384(const uint8_t *data, size_t len,
|
109
126
|
uint8_t out[SHA384_DIGEST_LENGTH]) {
|
110
127
|
SHA512_CTX ctx;
|
@@ -125,6 +142,16 @@ uint8_t *SHA512(const uint8_t *data, size_t len,
|
|
125
142
|
return out;
|
126
143
|
}
|
127
144
|
|
145
|
+
uint8_t *SHA512_256(const uint8_t *data, size_t len,
|
146
|
+
uint8_t out[SHA512_256_DIGEST_LENGTH]) {
|
147
|
+
SHA512_CTX ctx;
|
148
|
+
SHA512_256_Init(&ctx);
|
149
|
+
SHA512_Update(&ctx, data, len);
|
150
|
+
SHA512_Final(out, &ctx);
|
151
|
+
OPENSSL_cleanse(&ctx, sizeof(ctx));
|
152
|
+
return out;
|
153
|
+
}
|
154
|
+
|
128
155
|
#if !defined(SHA512_ASM)
|
129
156
|
static void sha512_block_data_order(uint64_t *state, const uint8_t *in,
|
130
157
|
size_t num_blocks);
|
@@ -141,6 +168,17 @@ int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len) {
|
|
141
168
|
return SHA512_Update(sha, data, len);
|
142
169
|
}
|
143
170
|
|
171
|
+
int SHA512_256_Update(SHA512_CTX *sha, const void *data, size_t len) {
|
172
|
+
return SHA512_Update(sha, data, len);
|
173
|
+
}
|
174
|
+
|
175
|
+
int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
|
176
|
+
SHA512_CTX *sha) {
|
177
|
+
// |SHA512_256_Init| sets |sha->md_len| to |SHA512_256_DIGEST_LENGTH|, so this
|
178
|
+
// has a |smaller output.
|
179
|
+
return SHA512_Final(out, sha);
|
180
|
+
}
|
181
|
+
|
144
182
|
void SHA512_Transform(SHA512_CTX *c, const uint8_t block[SHA512_CBLOCK]) {
|
145
183
|
sha512_block_data_order(c->h, block, 1);
|
146
184
|
}
|
@@ -231,41 +269,12 @@ int SHA512_Final(uint8_t out[SHA512_DIGEST_LENGTH], SHA512_CTX *sha) {
|
|
231
269
|
return 0;
|
232
270
|
}
|
233
271
|
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
*(out++) = (uint8_t)(t >> 56);
|
241
|
-
*(out++) = (uint8_t)(t >> 48);
|
242
|
-
*(out++) = (uint8_t)(t >> 40);
|
243
|
-
*(out++) = (uint8_t)(t >> 32);
|
244
|
-
*(out++) = (uint8_t)(t >> 24);
|
245
|
-
*(out++) = (uint8_t)(t >> 16);
|
246
|
-
*(out++) = (uint8_t)(t >> 8);
|
247
|
-
*(out++) = (uint8_t)(t);
|
248
|
-
}
|
249
|
-
break;
|
250
|
-
case SHA512_DIGEST_LENGTH:
|
251
|
-
for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) {
|
252
|
-
uint64_t t = sha->h[n];
|
253
|
-
|
254
|
-
*(out++) = (uint8_t)(t >> 56);
|
255
|
-
*(out++) = (uint8_t)(t >> 48);
|
256
|
-
*(out++) = (uint8_t)(t >> 40);
|
257
|
-
*(out++) = (uint8_t)(t >> 32);
|
258
|
-
*(out++) = (uint8_t)(t >> 24);
|
259
|
-
*(out++) = (uint8_t)(t >> 16);
|
260
|
-
*(out++) = (uint8_t)(t >> 8);
|
261
|
-
*(out++) = (uint8_t)(t);
|
262
|
-
}
|
263
|
-
break;
|
264
|
-
// ... as well as make sure md_len is not abused.
|
265
|
-
default:
|
266
|
-
// TODO(davidben): This bad |md_len| case is one of the few places a
|
267
|
-
// low-level hash 'final' function can fail. This should never happen.
|
268
|
-
return 0;
|
272
|
+
assert(sha->md_len % 8 == 0);
|
273
|
+
const size_t out_words = sha->md_len / 8;
|
274
|
+
for (size_t i = 0; i < out_words; i++) {
|
275
|
+
const uint64_t t = CRYPTO_bswap8(sha->h[i]);
|
276
|
+
memcpy(out, &t, sizeof(t));
|
277
|
+
out += sizeof(t);
|
269
278
|
}
|
270
279
|
|
271
280
|
return 1;
|
@@ -84,27 +84,34 @@ static void __asan_unpoison_memory_region(const void *addr, size_t size) {}
|
|
84
84
|
// Windows doesn't really support weak symbols as of May 2019, and Clang on
|
85
85
|
// Windows will emit strong symbols instead. See
|
86
86
|
// https://bugs.llvm.org/show_bug.cgi?id=37598
|
87
|
-
#if defined(
|
87
|
+
#if defined(__ELF__) && defined(__GNUC__)
|
88
|
+
#define WEAK_SYMBOL_FUNC(rettype, name, args) \
|
89
|
+
rettype name args __attribute__((weak));
|
90
|
+
#else
|
91
|
+
#define WEAK_SYMBOL_FUNC(rettype, name, args) static rettype(*name) args = NULL;
|
92
|
+
#endif
|
93
|
+
|
88
94
|
// sdallocx is a sized |free| function. By passing the size (which we happen to
|
89
95
|
// always know in BoringSSL), the malloc implementation can save work. We cannot
|
90
|
-
// depend on |sdallocx| being available so
|
91
|
-
// to |free| as a weak symbol.
|
96
|
+
// depend on |sdallocx| being available, however, so it's a weak symbol.
|
92
97
|
//
|
93
98
|
// This will always be safe, but will only be overridden if the malloc
|
94
99
|
// implementation is statically linked with BoringSSL. So, if |sdallocx| is
|
95
100
|
// provided in, say, libc.so, we still won't use it because that's dynamically
|
96
101
|
// linked. This isn't an ideal result, but its helps in some cases.
|
97
|
-
void sdallocx(void *ptr, size_t size, int flags);
|
102
|
+
WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags));
|
98
103
|
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
void
|
104
|
-
free(ptr);
|
105
|
-
}
|
104
|
+
// The following two functions are for memory tracking. They are no-ops by
|
105
|
+
// default but can be overridden at link time if the application needs to
|
106
|
+
// observe heap operations.
|
107
|
+
WEAK_SYMBOL_FUNC(void, OPENSSL_track_memory_alloc, (void *ptr, size_t size));
|
108
|
+
WEAK_SYMBOL_FUNC(void, OPENSSL_track_memory_free, (void *ptr, size_t size));
|
106
109
|
|
107
110
|
void *OPENSSL_malloc(size_t size) {
|
111
|
+
if (size + OPENSSL_MALLOC_PREFIX < size) {
|
112
|
+
return NULL;
|
113
|
+
}
|
114
|
+
|
108
115
|
void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX);
|
109
116
|
if (ptr == NULL) {
|
110
117
|
return NULL;
|
@@ -113,6 +120,9 @@ void *OPENSSL_malloc(size_t size) {
|
|
113
120
|
*(size_t *)ptr = size;
|
114
121
|
|
115
122
|
__asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
123
|
+
if (OPENSSL_track_memory_alloc) {
|
124
|
+
OPENSSL_track_memory_alloc(ptr, size + OPENSSL_MALLOC_PREFIX);
|
125
|
+
}
|
116
126
|
return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX;
|
117
127
|
}
|
118
128
|
|
@@ -125,8 +135,15 @@ void OPENSSL_free(void *orig_ptr) {
|
|
125
135
|
__asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
|
126
136
|
|
127
137
|
size_t size = *(size_t *)ptr;
|
138
|
+
if (OPENSSL_track_memory_free) {
|
139
|
+
OPENSSL_track_memory_free(ptr, size + OPENSSL_MALLOC_PREFIX);
|
140
|
+
}
|
128
141
|
OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX);
|
129
|
-
sdallocx
|
142
|
+
if (sdallocx) {
|
143
|
+
sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */);
|
144
|
+
} else {
|
145
|
+
free(ptr);
|
146
|
+
}
|
130
147
|
}
|
131
148
|
|
132
149
|
void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {
|
@@ -57,7 +57,7 @@
|
|
57
57
|
/* This file is generated by crypto/obj/objects.go. */
|
58
58
|
|
59
59
|
|
60
|
-
#define NUM_NID
|
60
|
+
#define NUM_NID 963
|
61
61
|
|
62
62
|
static const uint8_t kObjectData[] = {
|
63
63
|
/* NID_rsadsi */
|
@@ -7127,6 +7127,16 @@ static const uint8_t kObjectData[] = {
|
|
7127
7127
|
0x2b,
|
7128
7128
|
0x65,
|
7129
7129
|
0x6f,
|
7130
|
+
/* NID_sha512_256 */
|
7131
|
+
0x60,
|
7132
|
+
0x86,
|
7133
|
+
0x48,
|
7134
|
+
0x01,
|
7135
|
+
0x65,
|
7136
|
+
0x03,
|
7137
|
+
0x04,
|
7138
|
+
0x02,
|
7139
|
+
0x06,
|
7130
7140
|
};
|
7131
7141
|
|
7132
7142
|
static const ASN1_OBJECT kObjects[NUM_NID] = {
|
@@ -8770,6 +8780,7 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
|
|
8770
8780
|
{"CECPQ2", "CECPQ2", NID_CECPQ2, 0, NULL, 0},
|
8771
8781
|
{"ED448", "ED448", NID_ED448, 3, &kObjectData[6181], 0},
|
8772
8782
|
{"X448", "X448", NID_X448, 3, &kObjectData[6184], 0},
|
8783
|
+
{"SHA512-256", "sha512-256", NID_sha512_256, 9, &kObjectData[6187], 0},
|
8773
8784
|
};
|
8774
8785
|
|
8775
8786
|
static const uint16_t kNIDsInShortNameOrder[] = {
|
@@ -8959,6 +8970,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
|
|
8959
8970
|
672 /* SHA256 */,
|
8960
8971
|
673 /* SHA384 */,
|
8961
8972
|
674 /* SHA512 */,
|
8973
|
+
962 /* SHA512-256 */,
|
8962
8974
|
188 /* SMIME */,
|
8963
8975
|
167 /* SMIME-CAPS */,
|
8964
8976
|
100 /* SN */,
|
@@ -10632,6 +10644,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
|
|
10632
10644
|
673 /* sha384 */,
|
10633
10645
|
669 /* sha384WithRSAEncryption */,
|
10634
10646
|
674 /* sha512 */,
|
10647
|
+
962 /* sha512-256 */,
|
10635
10648
|
670 /* sha512WithRSAEncryption */,
|
10636
10649
|
42 /* shaWithRSAEncryption */,
|
10637
10650
|
52 /* signingTime */,
|
@@ -11391,6 +11404,7 @@ static const uint16_t kNIDsInOIDOrder[] = {
|
|
11391
11404
|
673 /* 2.16.840.1.101.3.4.2.2 (OBJ_sha384) */,
|
11392
11405
|
674 /* 2.16.840.1.101.3.4.2.3 (OBJ_sha512) */,
|
11393
11406
|
675 /* 2.16.840.1.101.3.4.2.4 (OBJ_sha224) */,
|
11407
|
+
962 /* 2.16.840.1.101.3.4.2.6 (OBJ_sha512_256) */,
|
11394
11408
|
802 /* 2.16.840.1.101.3.4.3.1 (OBJ_dsa_with_SHA224) */,
|
11395
11409
|
803 /* 2.16.840.1.101.3.4.3.2 (OBJ_dsa_with_SHA256) */,
|
11396
11410
|
71 /* 2.16.840.1.113730.1.1 (OBJ_netscape_cert_type) */,
|