grpc 1.34.0 → 1.37.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +893 -2840
- data/etc/roots.pem +257 -573
- data/include/grpc/compression.h +1 -1
- data/include/grpc/grpc.h +28 -0
- data/include/grpc/grpc_security.h +77 -14
- data/include/grpc/impl/codegen/atm_windows.h +4 -0
- data/include/grpc/impl/codegen/byte_buffer.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +1 -1
- data/include/grpc/impl/codegen/log.h +0 -2
- data/include/grpc/impl/codegen/port_platform.h +2 -0
- data/include/grpc/impl/codegen/sync_windows.h +4 -0
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/support/sync.h +3 -3
- data/include/grpc/support/time.h +7 -7
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +2823 -1559
- data/src/core/ext/filters/client_channel/client_channel.h +0 -6
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/config_selector.h +13 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +191 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +6 -6
- data/src/core/ext/filters/client_channel/health/health_check_client.h +2 -2
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -7
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
- data/src/core/ext/filters/client_channel/lb_policy.cc +4 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +35 -35
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +369 -108
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +0 -8
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +13 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1384 -0
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +41 -57
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +444 -22
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -17
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +21 -34
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +310 -160
- data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +11 -13
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +8 -8
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
- data/src/core/ext/filters/client_channel/retry_throttle.h +3 -1
- data/src/core/ext/filters/client_channel/server_address.cc +9 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
- data/src/core/ext/filters/client_channel/subchannel.cc +100 -193
- data/src/core/ext/filters/client_channel/subchannel.h +73 -111
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/deadline/deadline_filter.cc +4 -2
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +495 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
- data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/filters/message_size/message_size_filter.cc +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
- data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
- data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +23 -10
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +29 -16
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +623 -219
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +46 -15
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -1
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +27 -28
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +139 -40
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +119 -124
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +450 -284
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +24 -23
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +62 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +21 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +88 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +69 -45
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +275 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +19 -19
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +80 -43
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +27 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +30 -30
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +136 -49
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +41 -41
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +172 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +53 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +188 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +48 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -14
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +34 -32
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +151 -61
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +33 -29
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +138 -54
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +81 -35
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +15 -13
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +70 -37
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +257 -216
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +995 -495
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +26 -6
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -4
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +96 -98
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +378 -226
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +28 -25
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +124 -53
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +9 -12
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +29 -24
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +32 -33
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +118 -67
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +51 -44
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +179 -129
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -8
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -3
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +2 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +16 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +34 -34
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +149 -72
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +54 -37
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +171 -59
- data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
- data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
- data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +6 -6
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +9 -9
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_store.cc +10 -7
- data/src/core/ext/xds/certificate_provider_store.h +12 -7
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +25 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +1 -4
- data/src/core/ext/xds/xds_api.cc +2265 -593
- data/src/core/ext/xds/xds_api.h +335 -102
- data/src/core/ext/xds/xds_bootstrap.cc +80 -45
- data/src/core/ext/xds/xds_bootstrap.h +17 -6
- data/src/core/ext/xds/xds_certificate_provider.cc +232 -67
- data/src/core/ext/xds/xds_certificate_provider.h +103 -26
- data/src/core/ext/xds/xds_client.cc +212 -63
- data/src/core/ext/xds/xds_client.h +35 -1
- data/src/core/ext/xds/xds_client_stats.cc +4 -3
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +532 -0
- data/src/core/lib/channel/channel_args.cc +8 -8
- data/src/core/lib/channel/channel_stack.cc +12 -0
- data/src/core/lib/channel/channel_stack.h +7 -0
- data/src/core/lib/channel/channel_trace.h +1 -1
- data/src/core/lib/channel/channelz.cc +105 -18
- data/src/core/lib/channel/channelz.h +30 -2
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/channelz_registry.h +0 -1
- data/src/core/lib/channel/handshaker.cc +4 -46
- data/src/core/lib/channel/handshaker.h +1 -18
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/compression/compression_args.cc +3 -2
- data/src/core/lib/debug/stats.h +2 -2
- data/src/core/lib/debug/stats_data.h +13 -13
- data/src/core/lib/gpr/alloc.cc +3 -2
- data/src/core/lib/gpr/log.cc +59 -17
- data/src/core/lib/gpr/log_linux.cc +3 -1
- data/src/core/lib/gpr/log_posix.cc +3 -1
- data/src/core/lib/gpr/log_windows.cc +3 -1
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +22 -21
- data/src/core/lib/gpr/string.h +5 -6
- data/src/core/lib/gpr/sync.cc +4 -4
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gpr/time.cc +12 -12
- data/src/core/lib/gprpp/arena.h +3 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +2 -2
- data/src/core/lib/gprpp/ref_counted_ptr.h +11 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/thd_posix.cc +6 -1
- data/src/core/lib/gprpp/thd_windows.cc +3 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +3 -3
- data/src/core/lib/http/parser.cc +1 -2
- data/src/core/lib/iomgr/buffer_list.h +1 -1
- data/src/core/lib/iomgr/call_combiner.cc +8 -5
- data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
- data/src/core/lib/iomgr/combiner.cc +2 -1
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/error.cc +15 -11
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +11 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +23 -16
- data/src/core/lib/iomgr/ev_epollex_linux.cc +21 -17
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
- data/src/core/lib/iomgr/ev_posix.cc +3 -3
- data/src/core/lib/iomgr/exec_ctx.cc +6 -2
- data/src/core/lib/iomgr/exec_ctx.h +6 -4
- data/src/core/lib/iomgr/executor.cc +2 -1
- data/src/core/lib/iomgr/executor.h +1 -1
- data/src/core/lib/iomgr/executor/threadpool.h +1 -1
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/load_file.h +1 -1
- data/src/core/lib/iomgr/lockfree_event.cc +19 -14
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/parse_address.cc +52 -46
- data/src/core/lib/iomgr/parse_address.h +13 -9
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +5 -5
- data/src/core/lib/iomgr/sockaddr_utils.cc +131 -11
- data/src/core/lib/iomgr/sockaddr_utils.h +26 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_mutator.cc +3 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_custom.cc +22 -17
- data/src/core/lib/iomgr/tcp_posix.cc +14 -14
- data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
- data/src/core/lib/iomgr/tcp_uv.cc +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +3 -3
- data/src/core/lib/iomgr/timer_generic.cc +5 -5
- data/src/core/lib/iomgr/timer_manager.cc +3 -3
- data/src/core/lib/iomgr/udp_server.cc +1 -2
- data/src/core/lib/iomgr/udp_server.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +17 -18
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/json/json.h +10 -0
- data/src/core/lib/matchers/matchers.cc +339 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/security/context/security_context.cc +4 -3
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/credentials.cc +6 -6
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +15 -10
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -2
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +217 -31
- data/src/core/lib/security/credentials/external/external_account_credentials.h +7 -5
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -6
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +3 -4
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +20 -18
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +5 -6
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +25 -18
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +18 -5
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -4
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +3 -6
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +37 -44
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +7 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +1 -6
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +1 -6
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +326 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +64 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +0 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +3 -2
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +209 -10
- data/src/core/lib/security/credentials/xds/xds_credentials.h +27 -9
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +50 -17
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +23 -6
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +3 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -6
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -19
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +89 -26
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +2 -3
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +35 -7
- data/src/core/lib/slice/slice_intern.cc +9 -11
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/surface/call.cc +32 -24
- data/src/core/lib/surface/call_details.cc +8 -8
- data/src/core/lib/surface/channel.cc +16 -10
- data/src/core/lib/surface/channel.h +6 -5
- data/src/core/lib/surface/channel_init.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +24 -19
- data/src/core/lib/surface/completion_queue.h +16 -16
- data/src/core/lib/surface/init.cc +19 -20
- data/src/core/lib/surface/lame_client.cc +47 -54
- data/src/core/lib/surface/lame_client.h +5 -0
- data/src/core/lib/surface/server.cc +102 -51
- data/src/core/lib/surface/server.h +112 -18
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +6 -4
- data/src/core/lib/transport/authority_override.h +5 -2
- data/src/core/lib/transport/connectivity_state.h +6 -4
- data/src/core/lib/transport/error_utils.h +1 -1
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/lib/transport/metadata_batch.cc +27 -0
- data/src/core/lib/transport/metadata_batch.h +18 -4
- data/src/core/lib/transport/static_metadata.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +4 -3
- data/src/core/lib/transport/transport.h +7 -7
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +22 -4
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -25
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +39 -44
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
- data/src/core/tsi/fake_transport_security.cc +16 -5
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +62 -52
- data/src/core/tsi/ssl_transport_security.h +6 -9
- data/src/core/tsi/transport_security.cc +6 -6
- data/src/core/tsi/transport_security_interface.h +1 -1
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +14 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +34 -13
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +715 -713
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -29
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +67 -33
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -99
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +362 -50
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
- data/third_party/upb/upb/decode.c +248 -167
- data/third_party/upb/upb/decode.h +20 -1
- data/third_party/upb/upb/decode.int.h +163 -0
- data/third_party/upb/upb/decode_fast.c +1040 -0
- data/third_party/upb/upb/decode_fast.h +126 -0
- data/third_party/upb/upb/def.c +525 -516
- data/third_party/upb/upb/def.h +16 -31
- data/third_party/upb/upb/def.hpp +37 -123
- data/third_party/upb/upb/encode.c +227 -169
- data/third_party/upb/upb/encode.h +27 -2
- data/third_party/upb/upb/msg.c +167 -88
- data/third_party/upb/upb/msg.h +174 -34
- data/third_party/upb/upb/port_def.inc +74 -61
- data/third_party/upb/upb/port_undef.inc +3 -7
- data/third_party/upb/upb/reflection.c +36 -19
- data/third_party/upb/upb/table.c +34 -197
- data/third_party/upb/upb/table.int.h +14 -5
- data/third_party/upb/upb/text_encode.c +45 -22
- data/third_party/upb/upb/text_encode.h +4 -1
- data/third_party/upb/upb/upb.c +18 -41
- data/third_party/upb/upb/upb.h +36 -7
- data/third_party/upb/upb/upb.hpp +4 -4
- data/third_party/upb/upb/upb.int.h +29 -0
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +152 -82
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -909
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -355
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -138
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -53
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -129
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -77
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -85
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -160
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -84
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +0 -265
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +0 -104
- data/src/core/lib/gprpp/map.h +0 -53
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -153
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/upb/upb/port.c +0 -26
|
@@ -59,10 +59,12 @@
|
|
|
59
59
|
#include <string.h>
|
|
60
60
|
|
|
61
61
|
#include <openssl/asn1.h>
|
|
62
|
+
#include <openssl/blake2.h>
|
|
62
63
|
#include <openssl/bytestring.h>
|
|
63
64
|
#include <openssl/nid.h>
|
|
64
65
|
|
|
65
66
|
#include "../internal.h"
|
|
67
|
+
#include "../fipsmodule/digest/internal.h"
|
|
66
68
|
|
|
67
69
|
|
|
68
70
|
struct nid_to_digest {
|
|
@@ -238,3 +240,26 @@ const EVP_MD *EVP_get_digestbyname(const char *name) {
|
|
|
238
240
|
|
|
239
241
|
return NULL;
|
|
240
242
|
}
|
|
243
|
+
|
|
244
|
+
static void blake2b256_init(EVP_MD_CTX *ctx) { BLAKE2B256_Init(ctx->md_data); }
|
|
245
|
+
|
|
246
|
+
static void blake2b256_update(EVP_MD_CTX *ctx, const void *data, size_t len) {
|
|
247
|
+
BLAKE2B256_Update(ctx->md_data, data, len);
|
|
248
|
+
}
|
|
249
|
+
|
|
250
|
+
static void blake2b256_final(EVP_MD_CTX *ctx, uint8_t *md) {
|
|
251
|
+
BLAKE2B256_Final(md, ctx->md_data);
|
|
252
|
+
}
|
|
253
|
+
|
|
254
|
+
static const EVP_MD evp_md_blake2b256 = {
|
|
255
|
+
NID_undef,
|
|
256
|
+
BLAKE2B256_DIGEST_LENGTH,
|
|
257
|
+
0,
|
|
258
|
+
blake2b256_init,
|
|
259
|
+
blake2b256_update,
|
|
260
|
+
blake2b256_final,
|
|
261
|
+
BLAKE2B_CBLOCK,
|
|
262
|
+
sizeof(BLAKE2B_CTX),
|
|
263
|
+
};
|
|
264
|
+
|
|
265
|
+
const EVP_MD *EVP_blake2b256(void) { return &evp_md_blake2b256; }
|
|
@@ -241,21 +241,6 @@ int EC_KEY_marshal_private_key(CBB *cbb, const EC_KEY *key,
|
|
|
241
241
|
return 1;
|
|
242
242
|
}
|
|
243
243
|
|
|
244
|
-
// is_unsigned_integer returns one if |cbs| is a valid unsigned DER INTEGER and
|
|
245
|
-
// zero otherwise.
|
|
246
|
-
static int is_unsigned_integer(const CBS *cbs) {
|
|
247
|
-
if (CBS_len(cbs) == 0) {
|
|
248
|
-
return 0;
|
|
249
|
-
}
|
|
250
|
-
uint8_t byte = CBS_data(cbs)[0];
|
|
251
|
-
if ((byte & 0x80) ||
|
|
252
|
-
(byte == 0 && CBS_len(cbs) > 1 && (CBS_data(cbs)[1] & 0x80) == 0)) {
|
|
253
|
-
// Negative or not minimally-encoded.
|
|
254
|
-
return 0;
|
|
255
|
-
}
|
|
256
|
-
return 1;
|
|
257
|
-
}
|
|
258
|
-
|
|
259
244
|
// kPrimeFieldOID is the encoding of 1.2.840.10045.1.1.
|
|
260
245
|
static const uint8_t kPrimeField[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01};
|
|
261
246
|
|
|
@@ -276,7 +261,7 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
|
|
|
276
261
|
OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) !=
|
|
277
262
|
0 ||
|
|
278
263
|
!CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) ||
|
|
279
|
-
!
|
|
264
|
+
!CBS_is_unsigned_asn1_integer(out_prime) ||
|
|
280
265
|
CBS_len(&field_id) != 0 ||
|
|
281
266
|
!CBS_get_asn1(¶ms, &curve, CBS_ASN1_SEQUENCE) ||
|
|
282
267
|
!CBS_get_asn1(&curve, out_a, CBS_ASN1_OCTETSTRING) ||
|
|
@@ -286,7 +271,7 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
|
|
|
286
271
|
CBS_len(&curve) != 0 ||
|
|
287
272
|
!CBS_get_asn1(¶ms, &base, CBS_ASN1_OCTETSTRING) ||
|
|
288
273
|
!CBS_get_asn1(¶ms, out_order, CBS_ASN1_INTEGER) ||
|
|
289
|
-
!
|
|
274
|
+
!CBS_is_unsigned_asn1_integer(out_order) ||
|
|
290
275
|
!CBS_get_optional_asn1(¶ms, &cofactor, &has_cofactor,
|
|
291
276
|
CBS_ASN1_INTEGER) ||
|
|
292
277
|
CBS_len(¶ms) != 0) {
|
|
@@ -60,6 +60,8 @@
|
|
|
60
60
|
#include "cipher/e_aes.c"
|
|
61
61
|
#include "cipher/e_des.c"
|
|
62
62
|
#include "des/des.c"
|
|
63
|
+
#include "dh/check.c"
|
|
64
|
+
#include "dh/dh.c"
|
|
63
65
|
#include "digest/digest.c"
|
|
64
66
|
#include "digest/digests.c"
|
|
65
67
|
#include "ecdh/ecdh.c"
|
|
@@ -193,7 +195,7 @@ BORINGSSL_bcm_power_on_self_test(void) {
|
|
|
193
195
|
assert_within(rodata_start, kP256Params, rodata_end);
|
|
194
196
|
assert_within(rodata_start, kPKCS1SigPrefixes, rodata_end);
|
|
195
197
|
|
|
196
|
-
#if defined(OPENSSL_ANDROID)
|
|
198
|
+
#if defined(OPENSSL_AARCH64) || defined(OPENSSL_ANDROID)
|
|
197
199
|
uint8_t result[SHA256_DIGEST_LENGTH];
|
|
198
200
|
const EVP_MD *const kHashFunction = EVP_sha256();
|
|
199
201
|
#else
|
|
@@ -101,26 +101,7 @@ void BN_free(BIGNUM *bn) {
|
|
|
101
101
|
}
|
|
102
102
|
|
|
103
103
|
void BN_clear_free(BIGNUM *bn) {
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
if (bn == NULL) {
|
|
107
|
-
return;
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
if (bn->d != NULL) {
|
|
111
|
-
if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
|
|
112
|
-
OPENSSL_free(bn->d);
|
|
113
|
-
} else {
|
|
114
|
-
OPENSSL_cleanse(bn->d, bn->dmax * sizeof(bn->d[0]));
|
|
115
|
-
}
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
should_free = (bn->flags & BN_FLG_MALLOCED) != 0;
|
|
119
|
-
if (should_free) {
|
|
120
|
-
OPENSSL_free(bn);
|
|
121
|
-
} else {
|
|
122
|
-
OPENSSL_cleanse(bn, sizeof(BIGNUM));
|
|
123
|
-
}
|
|
104
|
+
BN_free(bn);
|
|
124
105
|
}
|
|
125
106
|
|
|
126
107
|
BIGNUM *BN_dup(const BIGNUM *src) {
|
|
@@ -302,6 +283,18 @@ int bn_set_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
|
|
|
302
283
|
return 1;
|
|
303
284
|
}
|
|
304
285
|
|
|
286
|
+
void bn_set_static_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
|
|
287
|
+
if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
|
|
288
|
+
OPENSSL_free(bn->d);
|
|
289
|
+
}
|
|
290
|
+
bn->d = (BN_ULONG *)words;
|
|
291
|
+
|
|
292
|
+
bn->width = num;
|
|
293
|
+
bn->dmax = num;
|
|
294
|
+
bn->neg = 0;
|
|
295
|
+
bn->flags |= BN_FLG_STATIC_DATA;
|
|
296
|
+
}
|
|
297
|
+
|
|
305
298
|
int bn_fits_in_words(const BIGNUM *bn, size_t num) {
|
|
306
299
|
// All words beyond |num| must be zero.
|
|
307
300
|
BN_ULONG mask = 0;
|
|
@@ -64,10 +64,10 @@
|
|
|
64
64
|
#include "internal.h"
|
|
65
65
|
|
|
66
66
|
|
|
67
|
-
#if !defined(BN_CAN_DIVIDE_ULLONG) && !defined(BN_CAN_USE_INLINE_ASM)
|
|
68
67
|
// bn_div_words divides a double-width |h|,|l| by |d| and returns the result,
|
|
69
68
|
// which must fit in a |BN_ULONG|.
|
|
70
|
-
static BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l,
|
|
69
|
+
OPENSSL_UNUSED static BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l,
|
|
70
|
+
BN_ULONG d) {
|
|
71
71
|
BN_ULONG dh, dl, q, ret = 0, th, tl, t;
|
|
72
72
|
int i, count = 2;
|
|
73
73
|
|
|
@@ -135,7 +135,6 @@ static BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) {
|
|
|
135
135
|
ret |= q;
|
|
136
136
|
return ret;
|
|
137
137
|
}
|
|
138
|
-
#endif // !defined(BN_CAN_DIVIDE_ULLONG) && !defined(BN_CAN_USE_INLINE_ASM)
|
|
139
138
|
|
|
140
139
|
static inline void bn_div_rem_words(BN_ULONG *quotient_out, BN_ULONG *rem_out,
|
|
141
140
|
BN_ULONG n0, BN_ULONG n1, BN_ULONG d0) {
|
|
@@ -123,7 +123,7 @@
|
|
|
123
123
|
#ifndef OPENSSL_HEADER_BN_INTERNAL_H
|
|
124
124
|
#define OPENSSL_HEADER_BN_INTERNAL_H
|
|
125
125
|
|
|
126
|
-
#include <openssl/
|
|
126
|
+
#include <openssl/bn.h>
|
|
127
127
|
|
|
128
128
|
#if defined(OPENSSL_X86_64) && defined(_MSC_VER)
|
|
129
129
|
OPENSSL_MSVC_PRAGMA(warning(push, 3))
|
|
@@ -241,6 +241,14 @@ void bn_select_words(BN_ULONG *r, BN_ULONG mask, const BN_ULONG *a,
|
|
|
241
241
|
// least significant word first.
|
|
242
242
|
int bn_set_words(BIGNUM *bn, const BN_ULONG *words, size_t num);
|
|
243
243
|
|
|
244
|
+
// bn_set_static_words acts like |bn_set_words|, but doesn't copy the data. A
|
|
245
|
+
// flag is set on |bn| so that |BN_free| won't attempt to free the data.
|
|
246
|
+
//
|
|
247
|
+
// The |STATIC_BIGNUM| macro is probably a better solution for this outside of
|
|
248
|
+
// the FIPS module. Inside of the FIPS module that macro generates rel.ro data,
|
|
249
|
+
// which doesn't work with FIPS requirements.
|
|
250
|
+
void bn_set_static_words(BIGNUM *bn, const BN_ULONG *words, size_t num);
|
|
251
|
+
|
|
244
252
|
// bn_fits_in_words returns one if |bn| may be represented in |num| words, plus
|
|
245
253
|
// a sign bit, and zero otherwise.
|
|
246
254
|
int bn_fits_in_words(const BIGNUM *bn, size_t num);
|
|
@@ -57,6 +57,7 @@
|
|
|
57
57
|
#include <openssl/cipher.h>
|
|
58
58
|
|
|
59
59
|
#include <assert.h>
|
|
60
|
+
#include <limits.h>
|
|
60
61
|
#include <string.h>
|
|
61
62
|
|
|
62
63
|
#include <openssl/err.h>
|
|
@@ -240,14 +241,20 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
|
|
|
240
241
|
|
|
241
242
|
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
242
243
|
const uint8_t *in, int in_len) {
|
|
243
|
-
|
|
244
|
+
// Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
|
|
245
|
+
// does not overflow |*out_len|.
|
|
246
|
+
int bl = ctx->cipher->block_size;
|
|
247
|
+
if (bl > 1 && in_len > INT_MAX - bl) {
|
|
248
|
+
OPENSSL_PUT_ERROR(CIPHER, ERR_R_OVERFLOW);
|
|
249
|
+
return 0;
|
|
250
|
+
}
|
|
244
251
|
|
|
245
252
|
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
|
246
|
-
|
|
247
|
-
if (
|
|
253
|
+
int ret = ctx->cipher->cipher(ctx, out, in, in_len);
|
|
254
|
+
if (ret < 0) {
|
|
248
255
|
return 0;
|
|
249
256
|
} else {
|
|
250
|
-
*out_len =
|
|
257
|
+
*out_len = ret;
|
|
251
258
|
}
|
|
252
259
|
return 1;
|
|
253
260
|
}
|
|
@@ -267,8 +274,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
|
267
274
|
}
|
|
268
275
|
}
|
|
269
276
|
|
|
270
|
-
i = ctx->buf_len;
|
|
271
|
-
bl = ctx->cipher->block_size;
|
|
277
|
+
int i = ctx->buf_len;
|
|
272
278
|
assert(bl <= (int)sizeof(ctx->buf));
|
|
273
279
|
if (i != 0) {
|
|
274
280
|
if (bl - i > in_len) {
|
|
@@ -277,7 +283,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
|
277
283
|
*out_len = 0;
|
|
278
284
|
return 1;
|
|
279
285
|
} else {
|
|
280
|
-
j = bl - i;
|
|
286
|
+
int j = bl - i;
|
|
281
287
|
OPENSSL_memcpy(&ctx->buf[i], in, j);
|
|
282
288
|
if (!ctx->cipher->cipher(ctx, out, ctx->buf, bl)) {
|
|
283
289
|
return 0;
|
|
@@ -353,8 +359,13 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len) {
|
|
|
353
359
|
|
|
354
360
|
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
355
361
|
const uint8_t *in, int in_len) {
|
|
356
|
-
|
|
357
|
-
|
|
362
|
+
// Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
|
|
363
|
+
// does not overflow |*out_len|.
|
|
364
|
+
unsigned int b = ctx->cipher->block_size;
|
|
365
|
+
if (b > 1 && in_len > INT_MAX - (int)b) {
|
|
366
|
+
OPENSSL_PUT_ERROR(CIPHER, ERR_R_OVERFLOW);
|
|
367
|
+
return 0;
|
|
368
|
+
}
|
|
358
369
|
|
|
359
370
|
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
|
|
360
371
|
int r = ctx->cipher->cipher(ctx, out, in, in_len);
|
|
@@ -376,15 +387,12 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
|
|
|
376
387
|
return EVP_EncryptUpdate(ctx, out, out_len, in, in_len);
|
|
377
388
|
}
|
|
378
389
|
|
|
379
|
-
b = ctx->cipher->block_size;
|
|
380
390
|
assert(b <= sizeof(ctx->final));
|
|
381
|
-
|
|
391
|
+
int fix_len = 0;
|
|
382
392
|
if (ctx->final_used) {
|
|
383
393
|
OPENSSL_memcpy(out, ctx->final, b);
|
|
384
394
|
out += b;
|
|
385
395
|
fix_len = 1;
|
|
386
|
-
} else {
|
|
387
|
-
fix_len = 0;
|
|
388
396
|
}
|
|
389
397
|
|
|
390
398
|
if (!EVP_EncryptUpdate(ctx, out, out_len, in, in_len)) {
|
|
File without changes
|
|
@@ -60,17 +60,16 @@
|
|
|
60
60
|
|
|
61
61
|
#include <openssl/bn.h>
|
|
62
62
|
#include <openssl/err.h>
|
|
63
|
-
#include <openssl/
|
|
63
|
+
#include <openssl/digest.h>
|
|
64
64
|
#include <openssl/mem.h>
|
|
65
65
|
#include <openssl/thread.h>
|
|
66
66
|
|
|
67
|
-
#include "
|
|
67
|
+
#include "../../internal.h"
|
|
68
|
+
#include "../bn/internal.h"
|
|
68
69
|
|
|
69
70
|
|
|
70
71
|
#define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
|
71
72
|
|
|
72
|
-
static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
|
|
73
|
-
|
|
74
73
|
DH *DH_new(void) {
|
|
75
74
|
DH *dh = OPENSSL_malloc(sizeof(DH));
|
|
76
75
|
if (dh == NULL) {
|
|
@@ -83,7 +82,6 @@ DH *DH_new(void) {
|
|
|
83
82
|
CRYPTO_MUTEX_init(&dh->method_mont_p_lock);
|
|
84
83
|
|
|
85
84
|
dh->references = 1;
|
|
86
|
-
CRYPTO_new_ex_data(&dh->ex_data);
|
|
87
85
|
|
|
88
86
|
return dh;
|
|
89
87
|
}
|
|
@@ -97,8 +95,6 @@ void DH_free(DH *dh) {
|
|
|
97
95
|
return;
|
|
98
96
|
}
|
|
99
97
|
|
|
100
|
-
CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data);
|
|
101
|
-
|
|
102
98
|
BN_MONT_CTX_free(dh->method_mont_p);
|
|
103
99
|
BN_clear_free(dh->p);
|
|
104
100
|
BN_clear_free(dh->g);
|
|
@@ -189,120 +185,6 @@ int DH_set_length(DH *dh, unsigned priv_length) {
|
|
|
189
185
|
return 1;
|
|
190
186
|
}
|
|
191
187
|
|
|
192
|
-
int DH_generate_parameters_ex(DH *dh, int prime_bits, int generator, BN_GENCB *cb) {
|
|
193
|
-
// We generate DH parameters as follows
|
|
194
|
-
// find a prime q which is prime_bits/2 bits long.
|
|
195
|
-
// p=(2*q)+1 or (p-1)/2 = q
|
|
196
|
-
// For this case, g is a generator if
|
|
197
|
-
// g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
|
|
198
|
-
// Since the factors of p-1 are q and 2, we just need to check
|
|
199
|
-
// g^2 mod p != 1 and g^q mod p != 1.
|
|
200
|
-
//
|
|
201
|
-
// Having said all that,
|
|
202
|
-
// there is another special case method for the generators 2, 3 and 5.
|
|
203
|
-
// for 2, p mod 24 == 11
|
|
204
|
-
// for 3, p mod 12 == 5 <<<<< does not work for safe primes.
|
|
205
|
-
// for 5, p mod 10 == 3 or 7
|
|
206
|
-
//
|
|
207
|
-
// Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
|
|
208
|
-
// special generators and for answering some of my questions.
|
|
209
|
-
//
|
|
210
|
-
// I've implemented the second simple method :-).
|
|
211
|
-
// Since DH should be using a safe prime (both p and q are prime),
|
|
212
|
-
// this generator function can take a very very long time to run.
|
|
213
|
-
|
|
214
|
-
// Actually there is no reason to insist that 'generator' be a generator.
|
|
215
|
-
// It's just as OK (and in some sense better) to use a generator of the
|
|
216
|
-
// order-q subgroup.
|
|
217
|
-
|
|
218
|
-
BIGNUM *t1, *t2;
|
|
219
|
-
int g, ok = 0;
|
|
220
|
-
BN_CTX *ctx = NULL;
|
|
221
|
-
|
|
222
|
-
ctx = BN_CTX_new();
|
|
223
|
-
if (ctx == NULL) {
|
|
224
|
-
goto err;
|
|
225
|
-
}
|
|
226
|
-
BN_CTX_start(ctx);
|
|
227
|
-
t1 = BN_CTX_get(ctx);
|
|
228
|
-
t2 = BN_CTX_get(ctx);
|
|
229
|
-
if (t1 == NULL || t2 == NULL) {
|
|
230
|
-
goto err;
|
|
231
|
-
}
|
|
232
|
-
|
|
233
|
-
// Make sure |dh| has the necessary elements
|
|
234
|
-
if (dh->p == NULL) {
|
|
235
|
-
dh->p = BN_new();
|
|
236
|
-
if (dh->p == NULL) {
|
|
237
|
-
goto err;
|
|
238
|
-
}
|
|
239
|
-
}
|
|
240
|
-
if (dh->g == NULL) {
|
|
241
|
-
dh->g = BN_new();
|
|
242
|
-
if (dh->g == NULL) {
|
|
243
|
-
goto err;
|
|
244
|
-
}
|
|
245
|
-
}
|
|
246
|
-
|
|
247
|
-
if (generator <= 1) {
|
|
248
|
-
OPENSSL_PUT_ERROR(DH, DH_R_BAD_GENERATOR);
|
|
249
|
-
goto err;
|
|
250
|
-
}
|
|
251
|
-
if (generator == DH_GENERATOR_2) {
|
|
252
|
-
if (!BN_set_word(t1, 24)) {
|
|
253
|
-
goto err;
|
|
254
|
-
}
|
|
255
|
-
if (!BN_set_word(t2, 11)) {
|
|
256
|
-
goto err;
|
|
257
|
-
}
|
|
258
|
-
g = 2;
|
|
259
|
-
} else if (generator == DH_GENERATOR_5) {
|
|
260
|
-
if (!BN_set_word(t1, 10)) {
|
|
261
|
-
goto err;
|
|
262
|
-
}
|
|
263
|
-
if (!BN_set_word(t2, 3)) {
|
|
264
|
-
goto err;
|
|
265
|
-
}
|
|
266
|
-
// BN_set_word(t3,7); just have to miss
|
|
267
|
-
// out on these ones :-(
|
|
268
|
-
g = 5;
|
|
269
|
-
} else {
|
|
270
|
-
// in the general case, don't worry if 'generator' is a
|
|
271
|
-
// generator or not: since we are using safe primes,
|
|
272
|
-
// it will generate either an order-q or an order-2q group,
|
|
273
|
-
// which both is OK
|
|
274
|
-
if (!BN_set_word(t1, 2)) {
|
|
275
|
-
goto err;
|
|
276
|
-
}
|
|
277
|
-
if (!BN_set_word(t2, 1)) {
|
|
278
|
-
goto err;
|
|
279
|
-
}
|
|
280
|
-
g = generator;
|
|
281
|
-
}
|
|
282
|
-
|
|
283
|
-
if (!BN_generate_prime_ex(dh->p, prime_bits, 1, t1, t2, cb)) {
|
|
284
|
-
goto err;
|
|
285
|
-
}
|
|
286
|
-
if (!BN_GENCB_call(cb, 3, 0)) {
|
|
287
|
-
goto err;
|
|
288
|
-
}
|
|
289
|
-
if (!BN_set_word(dh->g, g)) {
|
|
290
|
-
goto err;
|
|
291
|
-
}
|
|
292
|
-
ok = 1;
|
|
293
|
-
|
|
294
|
-
err:
|
|
295
|
-
if (!ok) {
|
|
296
|
-
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
|
|
297
|
-
}
|
|
298
|
-
|
|
299
|
-
if (ctx != NULL) {
|
|
300
|
-
BN_CTX_end(ctx);
|
|
301
|
-
BN_CTX_free(ctx);
|
|
302
|
-
}
|
|
303
|
-
return ok;
|
|
304
|
-
}
|
|
305
|
-
|
|
306
188
|
int DH_generate_key(DH *dh) {
|
|
307
189
|
int ok = 0;
|
|
308
190
|
int generate_new_key = 0;
|
|
@@ -390,144 +272,185 @@ err:
|
|
|
390
272
|
return ok;
|
|
391
273
|
}
|
|
392
274
|
|
|
393
|
-
int
|
|
394
|
-
|
|
395
|
-
BIGNUM *shared_key;
|
|
396
|
-
int ret = -1;
|
|
397
|
-
int check_result;
|
|
398
|
-
|
|
275
|
+
static int dh_compute_key(DH *dh, BIGNUM *out_shared_key,
|
|
276
|
+
const BIGNUM *peers_key, BN_CTX *ctx) {
|
|
399
277
|
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
|
400
278
|
OPENSSL_PUT_ERROR(DH, DH_R_MODULUS_TOO_LARGE);
|
|
401
|
-
|
|
402
|
-
}
|
|
403
|
-
|
|
404
|
-
ctx = BN_CTX_new();
|
|
405
|
-
if (ctx == NULL) {
|
|
406
|
-
goto err;
|
|
407
|
-
}
|
|
408
|
-
BN_CTX_start(ctx);
|
|
409
|
-
shared_key = BN_CTX_get(ctx);
|
|
410
|
-
if (shared_key == NULL) {
|
|
411
|
-
goto err;
|
|
279
|
+
return 0;
|
|
412
280
|
}
|
|
413
281
|
|
|
414
282
|
if (dh->priv_key == NULL) {
|
|
415
283
|
OPENSSL_PUT_ERROR(DH, DH_R_NO_PRIVATE_VALUE);
|
|
416
|
-
|
|
417
|
-
}
|
|
418
|
-
|
|
419
|
-
if (!BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock,
|
|
420
|
-
dh->p, ctx)) {
|
|
421
|
-
goto err;
|
|
284
|
+
return 0;
|
|
422
285
|
}
|
|
423
286
|
|
|
287
|
+
int check_result;
|
|
424
288
|
if (!DH_check_pub_key(dh, peers_key, &check_result) || check_result) {
|
|
425
289
|
OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PUBKEY);
|
|
290
|
+
return 0;
|
|
291
|
+
}
|
|
292
|
+
|
|
293
|
+
int ret = 0;
|
|
294
|
+
BN_CTX_start(ctx);
|
|
295
|
+
BIGNUM *p_minus_1 = BN_CTX_get(ctx);
|
|
296
|
+
|
|
297
|
+
if (!p_minus_1 ||
|
|
298
|
+
!BN_MONT_CTX_set_locked(&dh->method_mont_p, &dh->method_mont_p_lock,
|
|
299
|
+
dh->p, ctx)) {
|
|
426
300
|
goto err;
|
|
427
301
|
}
|
|
428
302
|
|
|
429
|
-
if (!BN_mod_exp_mont_consttime(
|
|
430
|
-
ctx, dh->method_mont_p)
|
|
303
|
+
if (!BN_mod_exp_mont_consttime(out_shared_key, peers_key, dh->priv_key, dh->p,
|
|
304
|
+
ctx, dh->method_mont_p) ||
|
|
305
|
+
!BN_copy(p_minus_1, dh->p) ||
|
|
306
|
+
!BN_sub_word(p_minus_1, 1)) {
|
|
431
307
|
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
|
|
432
308
|
goto err;
|
|
433
309
|
}
|
|
434
310
|
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
BN_CTX_free(ctx);
|
|
311
|
+
// This performs the check required by SP 800-56Ar3 section 5.7.1.1 step two.
|
|
312
|
+
if (BN_cmp_word(out_shared_key, 1) <= 0 ||
|
|
313
|
+
BN_cmp(out_shared_key, p_minus_1) == 0) {
|
|
314
|
+
OPENSSL_PUT_ERROR(DH, DH_R_INVALID_PUBKEY);
|
|
315
|
+
goto err;
|
|
441
316
|
}
|
|
442
317
|
|
|
318
|
+
ret = 1;
|
|
319
|
+
|
|
320
|
+
err:
|
|
321
|
+
BN_CTX_end(ctx);
|
|
443
322
|
return ret;
|
|
444
323
|
}
|
|
445
324
|
|
|
446
|
-
int
|
|
325
|
+
int DH_compute_key_padded(unsigned char *out, const BIGNUM *peers_key, DH *dh) {
|
|
326
|
+
BN_CTX *ctx = BN_CTX_new();
|
|
327
|
+
if (ctx == NULL) {
|
|
328
|
+
return -1;
|
|
329
|
+
}
|
|
330
|
+
BN_CTX_start(ctx);
|
|
447
331
|
|
|
448
|
-
|
|
332
|
+
int dh_size = DH_size(dh);
|
|
333
|
+
int ret = -1;
|
|
334
|
+
BIGNUM *shared_key = BN_CTX_get(ctx);
|
|
335
|
+
if (shared_key &&
|
|
336
|
+
dh_compute_key(dh, shared_key, peers_key, ctx) &&
|
|
337
|
+
BN_bn2bin_padded(out, dh_size, shared_key)) {
|
|
338
|
+
ret = dh_size;
|
|
339
|
+
}
|
|
449
340
|
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
return
|
|
341
|
+
BN_CTX_end(ctx);
|
|
342
|
+
BN_CTX_free(ctx);
|
|
343
|
+
return ret;
|
|
453
344
|
}
|
|
454
345
|
|
|
455
|
-
|
|
456
|
-
|
|
346
|
+
int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) {
|
|
347
|
+
BN_CTX *ctx = BN_CTX_new();
|
|
348
|
+
if (ctx == NULL) {
|
|
349
|
+
return -1;
|
|
350
|
+
}
|
|
351
|
+
BN_CTX_start(ctx);
|
|
457
352
|
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
}
|
|
353
|
+
int ret = -1;
|
|
354
|
+
BIGNUM *shared_key = BN_CTX_get(ctx);
|
|
355
|
+
if (shared_key && dh_compute_key(dh, shared_key, peers_key, ctx)) {
|
|
356
|
+
ret = BN_bn2bin(shared_key, out);
|
|
463
357
|
}
|
|
464
358
|
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
return
|
|
359
|
+
BN_CTX_end(ctx);
|
|
360
|
+
BN_CTX_free(ctx);
|
|
361
|
+
return ret;
|
|
468
362
|
}
|
|
469
363
|
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
364
|
+
int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len,
|
|
365
|
+
size_t max_out_len, const BIGNUM *peers_key,
|
|
366
|
+
const EVP_MD *digest) {
|
|
367
|
+
*out_len = (size_t)-1;
|
|
368
|
+
|
|
369
|
+
const size_t digest_len = EVP_MD_size(digest);
|
|
370
|
+
if (digest_len > max_out_len) {
|
|
476
371
|
return 0;
|
|
477
372
|
}
|
|
478
373
|
|
|
479
|
-
|
|
480
|
-
|
|
374
|
+
int ret = 0;
|
|
375
|
+
const size_t dh_len = DH_size(dh);
|
|
376
|
+
uint8_t *shared_bytes = OPENSSL_malloc(dh_len);
|
|
377
|
+
unsigned out_len_unsigned;
|
|
378
|
+
if (!shared_bytes ||
|
|
379
|
+
// SP 800-56A is ambiguous about whether the output should be padded prior
|
|
380
|
+
// to revision three. But revision three, section C.1, awkwardly specifies
|
|
381
|
+
// padding to the length of p.
|
|
382
|
+
//
|
|
383
|
+
// Also, padded output avoids side-channels, so is always strongly
|
|
384
|
+
// advisable.
|
|
385
|
+
DH_compute_key_padded(shared_bytes, peers_key, dh) != (int)dh_len ||
|
|
386
|
+
!EVP_Digest(shared_bytes, dh_len, out, &out_len_unsigned, digest, NULL) ||
|
|
387
|
+
out_len_unsigned != digest_len) {
|
|
388
|
+
goto err;
|
|
481
389
|
}
|
|
482
390
|
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
return 0;
|
|
486
|
-
}
|
|
391
|
+
*out_len = digest_len;
|
|
392
|
+
ret = 1;
|
|
487
393
|
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
394
|
+
err:
|
|
395
|
+
OPENSSL_free(shared_bytes);
|
|
396
|
+
return ret;
|
|
397
|
+
}
|
|
491
398
|
|
|
492
|
-
|
|
493
|
-
to->seed = OPENSSL_memdup(from->seed, from->seedlen);
|
|
494
|
-
if (!to->seed) {
|
|
495
|
-
return 0;
|
|
496
|
-
}
|
|
497
|
-
to->seedlen = from->seedlen;
|
|
498
|
-
}
|
|
399
|
+
int DH_size(const DH *dh) { return BN_num_bytes(dh->p); }
|
|
499
400
|
|
|
401
|
+
unsigned DH_num_bits(const DH *dh) { return BN_num_bits(dh->p); }
|
|
402
|
+
|
|
403
|
+
int DH_up_ref(DH *dh) {
|
|
404
|
+
CRYPTO_refcount_inc(&dh->references);
|
|
500
405
|
return 1;
|
|
501
406
|
}
|
|
502
407
|
|
|
503
|
-
DH *
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
408
|
+
DH *DH_get_rfc7919_2048(void) {
|
|
409
|
+
// This is the prime from https://tools.ietf.org/html/rfc7919#appendix-A.1,
|
|
410
|
+
// which is specifically approved for FIPS in appendix D of SP 800-56Ar3.
|
|
411
|
+
static const BN_ULONG kFFDHE2048Data[] = {
|
|
412
|
+
TOBN(0xffffffff, 0xffffffff), TOBN(0x886b4238, 0x61285c97),
|
|
413
|
+
TOBN(0xc6f34a26, 0xc1b2effa), TOBN(0xc58ef183, 0x7d1683b2),
|
|
414
|
+
TOBN(0x3bb5fcbc, 0x2ec22005), TOBN(0xc3fe3b1b, 0x4c6fad73),
|
|
415
|
+
TOBN(0x8e4f1232, 0xeef28183), TOBN(0x9172fe9c, 0xe98583ff),
|
|
416
|
+
TOBN(0xc03404cd, 0x28342f61), TOBN(0x9e02fce1, 0xcdf7e2ec),
|
|
417
|
+
TOBN(0x0b07a7c8, 0xee0a6d70), TOBN(0xae56ede7, 0x6372bb19),
|
|
418
|
+
TOBN(0x1d4f42a3, 0xde394df4), TOBN(0xb96adab7, 0x60d7f468),
|
|
419
|
+
TOBN(0xd108a94b, 0xb2c8e3fb), TOBN(0xbc0ab182, 0xb324fb61),
|
|
420
|
+
TOBN(0x30acca4f, 0x483a797a), TOBN(0x1df158a1, 0x36ade735),
|
|
421
|
+
TOBN(0xe2a689da, 0xf3efe872), TOBN(0x984f0c70, 0xe0e68b77),
|
|
422
|
+
TOBN(0xb557135e, 0x7f57c935), TOBN(0x85636555, 0x3ded1af3),
|
|
423
|
+
TOBN(0x2433f51f, 0x5f066ed0), TOBN(0xd3df1ed5, 0xd5fd6561),
|
|
424
|
+
TOBN(0xf681b202, 0xaec4617a), TOBN(0x7d2fe363, 0x630c75d8),
|
|
425
|
+
TOBN(0xcc939dce, 0x249b3ef9), TOBN(0xa9e13641, 0x146433fb),
|
|
426
|
+
TOBN(0xd8b9c583, 0xce2d3695), TOBN(0xafdc5620, 0x273d3cf1),
|
|
427
|
+
TOBN(0xadf85458, 0xa2bb4a9a), TOBN(0xffffffff, 0xffffffff),
|
|
428
|
+
};
|
|
429
|
+
|
|
430
|
+
BIGNUM *const ffdhe2048_p = BN_new();
|
|
431
|
+
BIGNUM *const ffdhe2048_q = BN_new();
|
|
432
|
+
BIGNUM *const ffdhe2048_g = BN_new();
|
|
433
|
+
DH *const dh = DH_new();
|
|
434
|
+
|
|
435
|
+
if (!ffdhe2048_p || !ffdhe2048_q || !ffdhe2048_g || !dh) {
|
|
436
|
+
goto err;
|
|
507
437
|
}
|
|
508
438
|
|
|
509
|
-
|
|
510
|
-
|
|
511
|
-
return NULL;
|
|
512
|
-
}
|
|
439
|
+
bn_set_static_words(ffdhe2048_p, kFFDHE2048Data,
|
|
440
|
+
OPENSSL_ARRAY_SIZE(kFFDHE2048Data));
|
|
513
441
|
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
|
|
519
|
-
int index;
|
|
520
|
-
if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
|
|
521
|
-
free_func)) {
|
|
522
|
-
return -1;
|
|
442
|
+
if (!BN_rshift1(ffdhe2048_q, ffdhe2048_p) ||
|
|
443
|
+
!BN_set_word(ffdhe2048_g, 2) ||
|
|
444
|
+
!DH_set0_pqg(dh, ffdhe2048_p, ffdhe2048_q, ffdhe2048_g)) {
|
|
445
|
+
goto err;
|
|
523
446
|
}
|
|
524
|
-
return index;
|
|
525
|
-
}
|
|
526
447
|
|
|
527
|
-
|
|
528
|
-
return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
|
|
529
|
-
}
|
|
448
|
+
return dh;
|
|
530
449
|
|
|
531
|
-
|
|
532
|
-
|
|
450
|
+
err:
|
|
451
|
+
BN_free(ffdhe2048_p);
|
|
452
|
+
BN_free(ffdhe2048_q);
|
|
453
|
+
BN_free(ffdhe2048_g);
|
|
454
|
+
DH_free(dh);
|
|
455
|
+
return NULL;
|
|
533
456
|
}
|