grpc 1.33.0.pre1 → 1.34.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +342 -134
- data/include/grpc/grpc.h +1 -2
- data/include/grpc/grpc_security.h +149 -172
- data/include/grpc/impl/codegen/grpc_types.h +9 -2
- data/include/grpc/impl/codegen/port_platform.h +22 -55
- data/src/core/ext/filters/client_channel/client_channel.cc +11 -34
- data/src/core/ext/filters/client_channel/config_selector.h +2 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +4 -1
- data/src/core/ext/filters/client_channel/health/health_check_client.h +2 -2
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +5 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +80 -71
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +47 -17
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +16 -243
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +53 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +809 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +20 -25
- data/src/core/ext/filters/client_channel/resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver.h +4 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +20 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +66 -7
- data/src/core/ext/filters/client_channel/resolver_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +13 -25
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +2 -2
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -1
- data/src/core/ext/filters/client_channel/server_address.h +0 -4
- data/src/core/ext/filters/client_channel/service_config.cc +3 -1
- data/src/core/ext/filters/client_channel/service_config.h +1 -1
- data/src/core/ext/filters/client_channel/subchannel.cc +18 -15
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_interface.h +7 -15
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
- data/src/core/ext/filters/deadline/deadline_filter.cc +83 -77
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +17 -3
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +4 -24
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +0 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -2
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/xds/certificate_provider_factory.h +7 -5
- data/src/core/ext/xds/certificate_provider_store.cc +84 -0
- data/src/core/ext/xds/certificate_provider_store.h +65 -8
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +119 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +72 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +28 -140
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +6 -4
- data/src/core/ext/xds/xds_api.cc +241 -718
- data/src/core/ext/xds/xds_api.h +50 -9
- data/src/core/ext/xds/xds_bootstrap.cc +172 -25
- data/src/core/ext/xds/xds_bootstrap.h +23 -7
- data/src/core/ext/xds/xds_certificate_provider.cc +240 -0
- data/src/core/ext/xds/xds_certificate_provider.h +74 -0
- data/src/core/ext/xds/xds_client.cc +161 -128
- data/src/core/ext/xds/xds_client.h +12 -11
- data/src/core/ext/xds/xds_client_stats.cc +41 -4
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/lib/channel/channel_args.cc +2 -1
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channelz.h +2 -2
- data/src/core/lib/channel/handshaker.h +2 -2
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log_linux.cc +17 -3
- data/src/core/lib/gpr/log_posix.cc +13 -1
- data/src/core/lib/gpr/log_windows.cc +16 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/string.cc +1 -1
- data/src/core/lib/gpr/time_precise.cc +3 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/dual_ref_counted.h +44 -49
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +40 -46
- data/src/core/lib/gprpp/ref_counted_ptr.h +9 -11
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/thd.h +2 -2
- data/src/core/lib/gprpp/thd_posix.cc +36 -36
- data/src/core/lib/http/parser.cc +46 -25
- data/src/core/lib/iomgr/error.cc +2 -1
- data/src/core/lib/iomgr/ev_epollex_linux.cc +8 -4
- data/src/core/lib/iomgr/exec_ctx.cc +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +3 -3
- data/src/core/lib/iomgr/parse_address.cc +84 -6
- data/src/core/lib/iomgr/parse_address.h +20 -0
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/python_util.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/tcp_posix.cc +3 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +27 -15
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +2 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.h +167 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +4 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/credentials.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +3 -3
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +208 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +73 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +311 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +118 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +136 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +49 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +211 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +59 -0
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +51 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +5 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +35 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +12 -8
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +78 -0
- data/src/core/lib/security/{certificate_provider.h → credentials/tls/grpc_tls_certificate_provider.h} +32 -18
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +77 -149
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +58 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
- data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +88 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +70 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +293 -275
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +106 -61
- data/src/core/lib/security/transport/security_handshaker.cc +1 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +2 -2
- data/src/core/lib/surface/call.cc +9 -8
- data/src/core/lib/surface/completion_queue.cc +7 -6
- data/src/core/lib/surface/server.cc +4 -2
- data/src/core/lib/surface/server.h +2 -2
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.h +2 -0
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +3 -3
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +1 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +4 -3
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
- data/src/core/tsi/ssl_transport_security.cc +14 -7
- data/src/core/tsi/ssl_transport_security.h +3 -0
- data/src/core/tsi/transport_security.cc +4 -2
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +22 -14
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +36 -24
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +340 -336
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +46 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +90 -63
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +60 -60
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +179 -47
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +7 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +55 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +31 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +435 -394
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +36 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +67 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +216 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +53 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +133 -39
- data/third_party/upb/upb/def.c +2169 -0
- data/third_party/upb/upb/def.h +330 -0
- data/third_party/upb/upb/def.hpp +525 -0
- data/third_party/upb/upb/reflection.c +391 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/text_encode.c +398 -0
- data/third_party/upb/upb/text_encode.h +35 -0
- metadata +227 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +0 -571
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
|
@@ -262,6 +262,8 @@ int BIO_should_io_special(const BIO *bio) {
|
|
|
262
262
|
|
|
263
263
|
int BIO_get_retry_reason(const BIO *bio) { return bio->retry_reason; }
|
|
264
264
|
|
|
265
|
+
void BIO_set_retry_reason(BIO *bio, int reason) { bio->retry_reason = reason; }
|
|
266
|
+
|
|
265
267
|
void BIO_clear_flags(BIO *bio, int flags) {
|
|
266
268
|
bio->flags &= ~flags;
|
|
267
269
|
}
|
|
@@ -68,6 +68,8 @@
|
|
|
68
68
|
OPENSSL_MSVC_PRAGMA(warning(push))
|
|
69
69
|
OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) // Unreachable code.
|
|
70
70
|
|
|
71
|
+
#define AES_GCM_NONCE_LENGTH 12
|
|
72
|
+
|
|
71
73
|
#if defined(BSAES)
|
|
72
74
|
static void vpaes_ctr32_encrypt_blocks_with_bsaes(const uint8_t *in,
|
|
73
75
|
uint8_t *out, size_t blocks,
|
|
@@ -630,7 +632,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_gcm_generic) {
|
|
|
630
632
|
out->nid = NID_aes_128_gcm;
|
|
631
633
|
out->block_size = 1;
|
|
632
634
|
out->key_len = 16;
|
|
633
|
-
out->iv_len =
|
|
635
|
+
out->iv_len = AES_GCM_NONCE_LENGTH;
|
|
634
636
|
out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING;
|
|
635
637
|
out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY |
|
|
636
638
|
EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
|
|
@@ -698,7 +700,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_gcm_generic) {
|
|
|
698
700
|
out->nid = NID_aes_192_gcm;
|
|
699
701
|
out->block_size = 1;
|
|
700
702
|
out->key_len = 24;
|
|
701
|
-
out->iv_len =
|
|
703
|
+
out->iv_len = AES_GCM_NONCE_LENGTH;
|
|
702
704
|
out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING;
|
|
703
705
|
out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY |
|
|
704
706
|
EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
|
|
@@ -766,7 +768,7 @@ DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_gcm_generic) {
|
|
|
766
768
|
out->nid = NID_aes_256_gcm;
|
|
767
769
|
out->block_size = 1;
|
|
768
770
|
out->key_len = 32;
|
|
769
|
-
out->iv_len =
|
|
771
|
+
out->iv_len = AES_GCM_NONCE_LENGTH;
|
|
770
772
|
out->ctx_size = sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING;
|
|
771
773
|
out->flags = EVP_CIPH_GCM_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_CUSTOM_COPY |
|
|
772
774
|
EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT |
|
|
@@ -931,21 +933,19 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
|
|
931
933
|
|
|
932
934
|
static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) {}
|
|
933
935
|
|
|
934
|
-
static int
|
|
935
|
-
|
|
936
|
-
|
|
937
|
-
|
|
938
|
-
|
|
939
|
-
|
|
940
|
-
|
|
941
|
-
|
|
942
|
-
|
|
943
|
-
|
|
944
|
-
if (extra_in_len + ctx->tag_len < ctx->tag_len) {
|
|
936
|
+
static int aead_aes_gcm_seal_scatter_impl(
|
|
937
|
+
const struct aead_aes_gcm_ctx *gcm_ctx,
|
|
938
|
+
uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
|
|
939
|
+
const uint8_t *nonce, size_t nonce_len,
|
|
940
|
+
const uint8_t *in, size_t in_len,
|
|
941
|
+
const uint8_t *extra_in, size_t extra_in_len,
|
|
942
|
+
const uint8_t *ad, size_t ad_len,
|
|
943
|
+
size_t tag_len) {
|
|
944
|
+
if (extra_in_len + tag_len < tag_len) {
|
|
945
945
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
|
|
946
946
|
return 0;
|
|
947
947
|
}
|
|
948
|
-
if (max_out_tag_len < extra_in_len +
|
|
948
|
+
if (max_out_tag_len < extra_in_len + tag_len) {
|
|
949
949
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
|
|
950
950
|
return 0;
|
|
951
951
|
}
|
|
@@ -989,18 +989,35 @@ static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
|
989
989
|
}
|
|
990
990
|
}
|
|
991
991
|
|
|
992
|
-
CRYPTO_gcm128_tag(&gcm, out_tag + extra_in_len,
|
|
993
|
-
*out_tag_len =
|
|
992
|
+
CRYPTO_gcm128_tag(&gcm, out_tag + extra_in_len, tag_len);
|
|
993
|
+
*out_tag_len = tag_len + extra_in_len;
|
|
994
994
|
|
|
995
995
|
return 1;
|
|
996
996
|
}
|
|
997
997
|
|
|
998
|
-
static int
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
|
|
1003
|
-
|
|
998
|
+
static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
999
|
+
uint8_t *out_tag, size_t *out_tag_len,
|
|
1000
|
+
size_t max_out_tag_len,
|
|
1001
|
+
const uint8_t *nonce, size_t nonce_len,
|
|
1002
|
+
const uint8_t *in, size_t in_len,
|
|
1003
|
+
const uint8_t *extra_in,
|
|
1004
|
+
size_t extra_in_len,
|
|
1005
|
+
const uint8_t *ad, size_t ad_len) {
|
|
1006
|
+
const struct aead_aes_gcm_ctx *gcm_ctx =
|
|
1007
|
+
(const struct aead_aes_gcm_ctx *)&ctx->state;
|
|
1008
|
+
return aead_aes_gcm_seal_scatter_impl(
|
|
1009
|
+
gcm_ctx, out, out_tag, out_tag_len, max_out_tag_len, nonce, nonce_len, in,
|
|
1010
|
+
in_len, extra_in, extra_in_len, ad, ad_len, ctx->tag_len);
|
|
1011
|
+
}
|
|
1012
|
+
|
|
1013
|
+
static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx,
|
|
1014
|
+
uint8_t *out,
|
|
1015
|
+
const uint8_t *nonce, size_t nonce_len,
|
|
1016
|
+
const uint8_t *in, size_t in_len,
|
|
1017
|
+
const uint8_t *in_tag,
|
|
1018
|
+
size_t in_tag_len,
|
|
1019
|
+
const uint8_t *ad, size_t ad_len,
|
|
1020
|
+
size_t tag_len) {
|
|
1004
1021
|
uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN];
|
|
1005
1022
|
|
|
1006
1023
|
if (nonce_len == 0) {
|
|
@@ -1008,7 +1025,7 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
|
1008
1025
|
return 0;
|
|
1009
1026
|
}
|
|
1010
1027
|
|
|
1011
|
-
if (in_tag_len !=
|
|
1028
|
+
if (in_tag_len != tag_len) {
|
|
1012
1029
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
|
|
1013
1030
|
return 0;
|
|
1014
1031
|
}
|
|
@@ -1035,8 +1052,8 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
|
1035
1052
|
}
|
|
1036
1053
|
}
|
|
1037
1054
|
|
|
1038
|
-
CRYPTO_gcm128_tag(&gcm, tag,
|
|
1039
|
-
if (CRYPTO_memcmp(tag, in_tag,
|
|
1055
|
+
CRYPTO_gcm128_tag(&gcm, tag, tag_len);
|
|
1056
|
+
if (CRYPTO_memcmp(tag, in_tag, tag_len) != 0) {
|
|
1040
1057
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
|
|
1041
1058
|
return 0;
|
|
1042
1059
|
}
|
|
@@ -1044,11 +1061,22 @@ static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
|
1044
1061
|
return 1;
|
|
1045
1062
|
}
|
|
1046
1063
|
|
|
1064
|
+
static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
1065
|
+
const uint8_t *nonce, size_t nonce_len,
|
|
1066
|
+
const uint8_t *in, size_t in_len,
|
|
1067
|
+
const uint8_t *in_tag, size_t in_tag_len,
|
|
1068
|
+
const uint8_t *ad, size_t ad_len) {
|
|
1069
|
+
struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *)&ctx->state;
|
|
1070
|
+
return aead_aes_gcm_open_gather_impl(gcm_ctx, out, nonce, nonce_len, in,
|
|
1071
|
+
in_len, in_tag, in_tag_len, ad, ad_len,
|
|
1072
|
+
ctx->tag_len);
|
|
1073
|
+
}
|
|
1074
|
+
|
|
1047
1075
|
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm) {
|
|
1048
1076
|
memset(out, 0, sizeof(EVP_AEAD));
|
|
1049
1077
|
|
|
1050
1078
|
out->key_len = 16;
|
|
1051
|
-
out->nonce_len =
|
|
1079
|
+
out->nonce_len = AES_GCM_NONCE_LENGTH;
|
|
1052
1080
|
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1053
1081
|
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1054
1082
|
out->seal_scatter_supports_extra_in = 1;
|
|
@@ -1063,7 +1091,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_192_gcm) {
|
|
|
1063
1091
|
memset(out, 0, sizeof(EVP_AEAD));
|
|
1064
1092
|
|
|
1065
1093
|
out->key_len = 24;
|
|
1066
|
-
out->nonce_len =
|
|
1094
|
+
out->nonce_len = AES_GCM_NONCE_LENGTH;
|
|
1067
1095
|
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1068
1096
|
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1069
1097
|
out->seal_scatter_supports_extra_in = 1;
|
|
@@ -1078,7 +1106,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm) {
|
|
|
1078
1106
|
memset(out, 0, sizeof(EVP_AEAD));
|
|
1079
1107
|
|
|
1080
1108
|
out->key_len = 32;
|
|
1081
|
-
out->nonce_len =
|
|
1109
|
+
out->nonce_len = AES_GCM_NONCE_LENGTH;
|
|
1082
1110
|
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1083
1111
|
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1084
1112
|
out->seal_scatter_supports_extra_in = 1;
|
|
@@ -1089,6 +1117,116 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm) {
|
|
|
1089
1117
|
out->open_gather = aead_aes_gcm_open_gather;
|
|
1090
1118
|
}
|
|
1091
1119
|
|
|
1120
|
+
static int aead_aes_gcm_init_randnonce(EVP_AEAD_CTX *ctx, const uint8_t *key,
|
|
1121
|
+
size_t key_len,
|
|
1122
|
+
size_t requested_tag_len) {
|
|
1123
|
+
if (requested_tag_len != EVP_AEAD_DEFAULT_TAG_LENGTH) {
|
|
1124
|
+
if (requested_tag_len < AES_GCM_NONCE_LENGTH) {
|
|
1125
|
+
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
|
|
1126
|
+
return 0;
|
|
1127
|
+
}
|
|
1128
|
+
requested_tag_len -= AES_GCM_NONCE_LENGTH;
|
|
1129
|
+
}
|
|
1130
|
+
|
|
1131
|
+
if (!aead_aes_gcm_init(ctx, key, key_len, requested_tag_len)) {
|
|
1132
|
+
return 0;
|
|
1133
|
+
}
|
|
1134
|
+
|
|
1135
|
+
ctx->tag_len += AES_GCM_NONCE_LENGTH;
|
|
1136
|
+
return 1;
|
|
1137
|
+
}
|
|
1138
|
+
|
|
1139
|
+
static int aead_aes_gcm_seal_scatter_randnonce(
|
|
1140
|
+
const EVP_AEAD_CTX *ctx,
|
|
1141
|
+
uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
|
|
1142
|
+
const uint8_t *external_nonce, size_t external_nonce_len,
|
|
1143
|
+
const uint8_t *in, size_t in_len,
|
|
1144
|
+
const uint8_t *extra_in, size_t extra_in_len,
|
|
1145
|
+
const uint8_t *ad, size_t ad_len) {
|
|
1146
|
+
if (external_nonce_len != 0) {
|
|
1147
|
+
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
|
|
1148
|
+
return 0;
|
|
1149
|
+
}
|
|
1150
|
+
|
|
1151
|
+
uint8_t nonce[AES_GCM_NONCE_LENGTH];
|
|
1152
|
+
if (max_out_tag_len < sizeof(nonce)) {
|
|
1153
|
+
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
|
|
1154
|
+
return 0;
|
|
1155
|
+
}
|
|
1156
|
+
|
|
1157
|
+
RAND_bytes(nonce, sizeof(nonce));
|
|
1158
|
+
const struct aead_aes_gcm_ctx *gcm_ctx =
|
|
1159
|
+
(const struct aead_aes_gcm_ctx *)&ctx->state;
|
|
1160
|
+
if (!aead_aes_gcm_seal_scatter_impl(gcm_ctx, out, out_tag, out_tag_len,
|
|
1161
|
+
max_out_tag_len - AES_GCM_NONCE_LENGTH,
|
|
1162
|
+
nonce, sizeof(nonce), in, in_len,
|
|
1163
|
+
extra_in, extra_in_len, ad, ad_len,
|
|
1164
|
+
ctx->tag_len - AES_GCM_NONCE_LENGTH)) {
|
|
1165
|
+
return 0;
|
|
1166
|
+
}
|
|
1167
|
+
|
|
1168
|
+
assert(*out_tag_len + sizeof(nonce) <= max_out_tag_len);
|
|
1169
|
+
memcpy(out_tag + *out_tag_len, nonce, sizeof(nonce));
|
|
1170
|
+
*out_tag_len += sizeof(nonce);
|
|
1171
|
+
|
|
1172
|
+
return 1;
|
|
1173
|
+
}
|
|
1174
|
+
|
|
1175
|
+
static int aead_aes_gcm_open_gather_randnonce(
|
|
1176
|
+
const EVP_AEAD_CTX *ctx, uint8_t *out,
|
|
1177
|
+
const uint8_t *external_nonce, size_t external_nonce_len,
|
|
1178
|
+
const uint8_t *in, size_t in_len,
|
|
1179
|
+
const uint8_t *in_tag, size_t in_tag_len,
|
|
1180
|
+
const uint8_t *ad, size_t ad_len) {
|
|
1181
|
+
if (external_nonce_len != 0) {
|
|
1182
|
+
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
|
|
1183
|
+
return 0;
|
|
1184
|
+
}
|
|
1185
|
+
|
|
1186
|
+
if (in_tag_len < AES_GCM_NONCE_LENGTH) {
|
|
1187
|
+
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
|
|
1188
|
+
return 0;
|
|
1189
|
+
}
|
|
1190
|
+
const uint8_t *nonce = in_tag + in_tag_len - AES_GCM_NONCE_LENGTH;
|
|
1191
|
+
|
|
1192
|
+
const struct aead_aes_gcm_ctx *gcm_ctx =
|
|
1193
|
+
(const struct aead_aes_gcm_ctx *)&ctx->state;
|
|
1194
|
+
return aead_aes_gcm_open_gather_impl(
|
|
1195
|
+
gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag,
|
|
1196
|
+
in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len,
|
|
1197
|
+
ctx->tag_len - AES_GCM_NONCE_LENGTH);
|
|
1198
|
+
}
|
|
1199
|
+
|
|
1200
|
+
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_randnonce) {
|
|
1201
|
+
memset(out, 0, sizeof(EVP_AEAD));
|
|
1202
|
+
|
|
1203
|
+
out->key_len = 16;
|
|
1204
|
+
out->nonce_len = 0;
|
|
1205
|
+
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
|
|
1206
|
+
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
|
|
1207
|
+
out->seal_scatter_supports_extra_in = 1;
|
|
1208
|
+
|
|
1209
|
+
out->init = aead_aes_gcm_init_randnonce;
|
|
1210
|
+
out->cleanup = aead_aes_gcm_cleanup;
|
|
1211
|
+
out->seal_scatter = aead_aes_gcm_seal_scatter_randnonce;
|
|
1212
|
+
out->open_gather = aead_aes_gcm_open_gather_randnonce;
|
|
1213
|
+
}
|
|
1214
|
+
|
|
1215
|
+
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_randnonce) {
|
|
1216
|
+
memset(out, 0, sizeof(EVP_AEAD));
|
|
1217
|
+
|
|
1218
|
+
out->key_len = 32;
|
|
1219
|
+
out->nonce_len = 0;
|
|
1220
|
+
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
|
|
1221
|
+
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN + AES_GCM_NONCE_LENGTH;
|
|
1222
|
+
out->seal_scatter_supports_extra_in = 1;
|
|
1223
|
+
|
|
1224
|
+
out->init = aead_aes_gcm_init_randnonce;
|
|
1225
|
+
out->cleanup = aead_aes_gcm_cleanup;
|
|
1226
|
+
out->seal_scatter = aead_aes_gcm_seal_scatter_randnonce;
|
|
1227
|
+
out->open_gather = aead_aes_gcm_open_gather_randnonce;
|
|
1228
|
+
}
|
|
1229
|
+
|
|
1092
1230
|
struct aead_aes_gcm_tls12_ctx {
|
|
1093
1231
|
struct aead_aes_gcm_ctx gcm_ctx;
|
|
1094
1232
|
uint64_t min_next_nonce;
|
|
@@ -1128,7 +1266,7 @@ static int aead_aes_gcm_tls12_seal_scatter(
|
|
|
1128
1266
|
struct aead_aes_gcm_tls12_ctx *gcm_ctx =
|
|
1129
1267
|
(struct aead_aes_gcm_tls12_ctx *) &ctx->state;
|
|
1130
1268
|
|
|
1131
|
-
if (nonce_len !=
|
|
1269
|
+
if (nonce_len != AES_GCM_NONCE_LENGTH) {
|
|
1132
1270
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
|
|
1133
1271
|
return 0;
|
|
1134
1272
|
}
|
|
@@ -1155,7 +1293,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls12) {
|
|
|
1155
1293
|
memset(out, 0, sizeof(EVP_AEAD));
|
|
1156
1294
|
|
|
1157
1295
|
out->key_len = 16;
|
|
1158
|
-
out->nonce_len =
|
|
1296
|
+
out->nonce_len = AES_GCM_NONCE_LENGTH;
|
|
1159
1297
|
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1160
1298
|
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1161
1299
|
out->seal_scatter_supports_extra_in = 1;
|
|
@@ -1170,7 +1308,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls12) {
|
|
|
1170
1308
|
memset(out, 0, sizeof(EVP_AEAD));
|
|
1171
1309
|
|
|
1172
1310
|
out->key_len = 32;
|
|
1173
|
-
out->nonce_len =
|
|
1311
|
+
out->nonce_len = AES_GCM_NONCE_LENGTH;
|
|
1174
1312
|
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1175
1313
|
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1176
1314
|
out->seal_scatter_supports_extra_in = 1;
|
|
@@ -1223,7 +1361,7 @@ static int aead_aes_gcm_tls13_seal_scatter(
|
|
|
1223
1361
|
struct aead_aes_gcm_tls13_ctx *gcm_ctx =
|
|
1224
1362
|
(struct aead_aes_gcm_tls13_ctx *) &ctx->state;
|
|
1225
1363
|
|
|
1226
|
-
if (nonce_len !=
|
|
1364
|
+
if (nonce_len != AES_GCM_NONCE_LENGTH) {
|
|
1227
1365
|
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
|
|
1228
1366
|
return 0;
|
|
1229
1367
|
}
|
|
@@ -1261,7 +1399,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls13) {
|
|
|
1261
1399
|
memset(out, 0, sizeof(EVP_AEAD));
|
|
1262
1400
|
|
|
1263
1401
|
out->key_len = 16;
|
|
1264
|
-
out->nonce_len =
|
|
1402
|
+
out->nonce_len = AES_GCM_NONCE_LENGTH;
|
|
1265
1403
|
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1266
1404
|
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1267
1405
|
out->seal_scatter_supports_extra_in = 1;
|
|
@@ -1276,7 +1414,7 @@ DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls13) {
|
|
|
1276
1414
|
memset(out, 0, sizeof(EVP_AEAD));
|
|
1277
1415
|
|
|
1278
1416
|
out->key_len = 32;
|
|
1279
|
-
out->nonce_len =
|
|
1417
|
+
out->nonce_len = AES_GCM_NONCE_LENGTH;
|
|
1280
1418
|
out->overhead = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1281
1419
|
out->max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN;
|
|
1282
1420
|
out->seal_scatter_supports_extra_in = 1;
|
|
@@ -933,20 +933,57 @@ static int ensure_bignum(BIGNUM **out) {
|
|
|
933
933
|
return *out != NULL;
|
|
934
934
|
}
|
|
935
935
|
|
|
936
|
-
// kBoringSSLRSASqrtTwo is the BIGNUM representation of ⌊2
|
|
937
|
-
// chosen to give enough precision for
|
|
936
|
+
// kBoringSSLRSASqrtTwo is the BIGNUM representation of ⌊2²⁰⁴⁷×√2⌋. This is
|
|
937
|
+
// chosen to give enough precision for 4096-bit RSA, the largest key size FIPS
|
|
938
938
|
// specifies. Key sizes beyond this will round up.
|
|
939
939
|
//
|
|
940
|
-
// To
|
|
940
|
+
// To calculate, use the following Haskell code:
|
|
941
|
+
//
|
|
942
|
+
// import Text.Printf (printf)
|
|
943
|
+
// import Data.List (intercalate)
|
|
944
|
+
//
|
|
945
|
+
// pow2 = 4095
|
|
946
|
+
// target = 2^pow2
|
|
947
|
+
//
|
|
948
|
+
// f x = x*x - (toRational target)
|
|
949
|
+
//
|
|
950
|
+
// fprime x = 2*x
|
|
951
|
+
//
|
|
952
|
+
// newtonIteration x = x - (f x) / (fprime x)
|
|
953
|
+
//
|
|
954
|
+
// converge x =
|
|
955
|
+
// let n = floor x in
|
|
956
|
+
// if n*n - target < 0 && (n+1)*(n+1) - target > 0
|
|
957
|
+
// then n
|
|
958
|
+
// else converge (newtonIteration x)
|
|
959
|
+
//
|
|
960
|
+
// divrem bits x = (x `div` (2^bits), x `rem` (2^bits))
|
|
961
|
+
//
|
|
962
|
+
// bnWords :: Integer -> [Integer]
|
|
963
|
+
// bnWords x =
|
|
964
|
+
// if x == 0
|
|
965
|
+
// then []
|
|
966
|
+
// else let (high, low) = divrem 64 x in low : bnWords high
|
|
967
|
+
//
|
|
968
|
+
// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" high low
|
|
969
|
+
//
|
|
970
|
+
// output :: String
|
|
971
|
+
// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 `div` 2))
|
|
972
|
+
//
|
|
973
|
+
// To verify this number, check that n² < 2⁴⁰⁹⁵ < (n+1)², where n is value
|
|
941
974
|
// represented here. Note the components are listed in little-endian order. Here
|
|
942
975
|
// is some sample Python code to check:
|
|
943
976
|
//
|
|
944
977
|
// >>> TOBN = lambda a, b: a << 32 | b
|
|
945
978
|
// >>> l = [ <paste the contents of kSqrtTwo> ]
|
|
946
979
|
// >>> n = sum(a * 2**(64*i) for i, a in enumerate(l))
|
|
947
|
-
// >>> n**2 < 2**
|
|
980
|
+
// >>> n**2 < 2**4095 < (n+1)**2
|
|
948
981
|
// True
|
|
949
982
|
const BN_ULONG kBoringSSLRSASqrtTwo[] = {
|
|
983
|
+
TOBN(0x4d7c60a5, 0xe633e3e1), TOBN(0x5fcf8f7b, 0xca3ea33b),
|
|
984
|
+
TOBN(0xc246785e, 0x92957023), TOBN(0xf9acce41, 0x797f2805),
|
|
985
|
+
TOBN(0xfdfe170f, 0xd3b1f780), TOBN(0xd24f4a76, 0x3facb882),
|
|
986
|
+
TOBN(0x18838a2e, 0xaff5f3b2), TOBN(0xc1fcbdde, 0xa2f7dc33),
|
|
950
987
|
TOBN(0xdea06241, 0xf7aa81c2), TOBN(0xf6a1be3f, 0xca221307),
|
|
951
988
|
TOBN(0x332a5e9f, 0x7bda1ebf), TOBN(0x0104dc01, 0xfe32352f),
|
|
952
989
|
TOBN(0xb8cf341b, 0x6f8236c7), TOBN(0x4264dabc, 0xd528b651),
|
|
@@ -1167,13 +1204,13 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value,
|
|
|
1167
1204
|
int sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2;
|
|
1168
1205
|
assert(sqrt2_bits == (int)BN_num_bits(sqrt2));
|
|
1169
1206
|
if (sqrt2_bits > prime_bits) {
|
|
1170
|
-
// For key sizes up to
|
|
1207
|
+
// For key sizes up to 4096 (prime_bits = 2048), this is exactly
|
|
1171
1208
|
// ⌊2^(prime_bits-1)×√2⌋.
|
|
1172
1209
|
if (!BN_rshift(sqrt2, sqrt2, sqrt2_bits - prime_bits)) {
|
|
1173
1210
|
goto bn_err;
|
|
1174
1211
|
}
|
|
1175
1212
|
} else if (prime_bits > sqrt2_bits) {
|
|
1176
|
-
// For key sizes beyond
|
|
1213
|
+
// For key sizes beyond 4096, this is approximate. We err towards retrying
|
|
1177
1214
|
// to ensure our key is the right size and round up.
|
|
1178
1215
|
if (!BN_add_word(sqrt2, 1) ||
|
|
1179
1216
|
!BN_lshift(sqrt2, sqrt2, prime_bits - sqrt2_bits)) {
|
|
@@ -1330,7 +1367,9 @@ int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
|
|
|
1330
1367
|
int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
|
|
1331
1368
|
// FIPS 186-4 allows 2048-bit and 3072-bit RSA keys (1024-bit and 1536-bit
|
|
1332
1369
|
// primes, respectively) with the prime generation method we use.
|
|
1333
|
-
|
|
1370
|
+
// Subsequently, IG A.14 stated that larger modulus sizes can be used and ACVP
|
|
1371
|
+
// testing supports 4096 bits.
|
|
1372
|
+
if (bits != 2048 && bits != 3072 && bits != 4096) {
|
|
1334
1373
|
OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);
|
|
1335
1374
|
return 0;
|
|
1336
1375
|
}
|
|
@@ -611,7 +611,7 @@ int boringssl_fips_self_test(
|
|
|
611
611
|
goto err;
|
|
612
612
|
}
|
|
613
613
|
|
|
614
|
-
// ECDSA Sign/Verify
|
|
614
|
+
// ECDSA Sign/Verify KAT
|
|
615
615
|
|
|
616
616
|
// The 'k' value for ECDSA is fixed to avoid an entropy draw.
|
|
617
617
|
ec_key->fixed_k = BN_new();
|
|
@@ -632,7 +632,13 @@ int boringssl_fips_self_test(
|
|
|
632
632
|
!BN_bn2bin(sig->s, ecdsa_s_bytes) ||
|
|
633
633
|
!check_test(kECDSASigR, ecdsa_r_bytes, sizeof(kECDSASigR), "ECDSA R") ||
|
|
634
634
|
!check_test(kECDSASigS, ecdsa_s_bytes, sizeof(kECDSASigS), "ECDSA S")) {
|
|
635
|
-
fprintf(stderr, "ECDSA KAT failed.\n");
|
|
635
|
+
fprintf(stderr, "ECDSA signature KAT failed.\n");
|
|
636
|
+
goto err;
|
|
637
|
+
}
|
|
638
|
+
|
|
639
|
+
if (!ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
|
|
640
|
+
ec_key)) {
|
|
641
|
+
fprintf(stderr, "ECDSA verification KAT failed.\n");
|
|
636
642
|
goto err;
|
|
637
643
|
}
|
|
638
644
|
|