grpc 1.35.0.pre1 → 1.37.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (507) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +121 -89
  3. data/include/grpc/grpc.h +15 -1
  4. data/include/grpc/grpc_security.h +16 -11
  5. data/include/grpc/impl/codegen/port_platform.h +2 -0
  6. data/src/core/ext/filters/client_channel/client_channel.cc +359 -331
  7. data/src/core/ext/filters/client_channel/client_channel.h +0 -2
  8. data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
  9. data/src/core/ext/filters/client_channel/config_selector.h +9 -1
  10. data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -4
  11. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
  12. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
  13. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
  14. data/src/core/ext/filters/client_channel/lb_policy.cc +3 -0
  15. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
  16. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
  17. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
  18. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
  19. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
  20. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
  21. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
  22. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -25
  25. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +1 -1
  26. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +232 -110
  27. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
  28. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
  29. data/src/core/ext/filters/client_channel/resolver.cc +5 -5
  30. data/src/core/ext/filters/client_channel/resolver.h +1 -12
  31. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
  32. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
  33. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
  34. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +34 -50
  35. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
  36. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
  37. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
  38. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
  39. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +307 -155
  40. data/src/core/ext/filters/client_channel/server_address.cc +9 -0
  41. data/src/core/ext/filters/client_channel/server_address.h +31 -0
  42. data/src/core/ext/filters/client_channel/subchannel.cc +69 -146
  43. data/src/core/ext/filters/client_channel/subchannel.h +63 -95
  44. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
  45. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
  46. data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
  47. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +500 -0
  48. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
  49. data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
  50. data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
  51. data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
  52. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
  53. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
  54. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +3 -2
  55. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
  56. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -2
  57. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +490 -178
  58. data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
  59. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
  60. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +1 -1
  61. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
  62. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +39 -7
  63. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
  64. data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
  65. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
  66. data/src/core/ext/transport/chttp2/transport/internal.h +1 -0
  67. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
  68. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
  69. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
  70. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
  71. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
  72. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
  73. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
  74. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
  75. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
  76. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
  77. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
  78. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
  79. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
  80. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
  81. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
  82. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
  83. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
  84. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
  85. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
  86. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
  87. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
  88. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
  89. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
  90. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
  91. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
  92. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
  93. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
  94. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
  95. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
  96. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
  97. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
  98. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
  99. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +57 -16
  100. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +150 -0
  101. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
  102. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
  103. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
  104. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
  105. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
  106. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
  107. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
  108. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
  109. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
  110. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +19 -21
  111. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +64 -51
  112. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
  113. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
  114. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
  115. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
  116. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
  117. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
  118. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
  119. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
  120. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
  121. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
  122. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
  123. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
  124. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
  125. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
  126. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
  127. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
  128. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
  129. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
  130. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
  131. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
  132. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
  133. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
  134. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
  135. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
  136. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
  137. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
  138. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
  139. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
  140. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
  141. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
  142. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
  143. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
  144. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
  145. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
  146. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
  147. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
  148. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
  149. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
  150. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
  151. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
  152. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
  153. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
  154. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
  155. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
  156. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
  157. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
  158. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
  159. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
  160. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
  161. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
  162. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
  163. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
  164. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
  165. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
  166. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
  167. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
  168. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
  169. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
  170. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
  171. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
  172. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
  173. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
  174. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
  175. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
  176. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  177. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
  178. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
  179. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
  180. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
  181. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
  182. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
  183. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
  184. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
  185. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
  186. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
  187. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
  188. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
  189. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  190. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
  191. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
  192. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
  193. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
  194. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
  195. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
  196. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
  197. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
  198. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
  199. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
  200. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
  201. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
  202. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +9 -9
  203. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
  204. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
  205. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
  206. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
  207. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
  208. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
  209. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
  210. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
  211. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
  212. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  213. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
  214. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  215. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
  216. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  217. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
  218. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  219. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
  220. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  221. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
  222. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  223. data/src/core/ext/xds/xds_api.cc +2149 -666
  224. data/src/core/ext/xds/xds_api.h +321 -119
  225. data/src/core/ext/xds/xds_bootstrap.cc +80 -45
  226. data/src/core/ext/xds/xds_bootstrap.h +17 -5
  227. data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
  228. data/src/core/ext/xds/xds_certificate_provider.h +83 -44
  229. data/src/core/ext/xds/xds_client.cc +181 -34
  230. data/src/core/ext/xds/xds_client.h +29 -0
  231. data/src/core/ext/xds/xds_client_stats.cc +2 -1
  232. data/src/core/ext/xds/xds_client_stats.h +2 -2
  233. data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
  234. data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
  235. data/src/core/ext/xds/xds_http_filters.cc +114 -0
  236. data/src/core/ext/xds/xds_http_filters.h +130 -0
  237. data/src/core/ext/xds/xds_server_config_fetcher.cc +425 -24
  238. data/src/core/lib/channel/channel_stack.cc +12 -0
  239. data/src/core/lib/channel/channel_stack.h +7 -0
  240. data/src/core/lib/channel/channelz.cc +92 -4
  241. data/src/core/lib/channel/channelz.h +30 -1
  242. data/src/core/lib/channel/channelz_registry.cc +14 -0
  243. data/src/core/lib/channel/handshaker.cc +2 -44
  244. data/src/core/lib/channel/handshaker.h +1 -18
  245. data/src/core/lib/channel/status_util.cc +12 -2
  246. data/src/core/lib/channel/status_util.h +5 -0
  247. data/src/core/lib/gpr/log.cc +6 -1
  248. data/src/core/lib/gpr/sync_abseil.cc +3 -6
  249. data/src/core/lib/gpr/sync_windows.cc +2 -2
  250. data/src/core/lib/gprpp/atomic.h +3 -3
  251. data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
  252. data/src/core/lib/gprpp/mpscq.cc +2 -2
  253. data/src/core/lib/gprpp/ref_counted.h +1 -1
  254. data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
  255. data/src/core/lib/gprpp/sync.h +129 -40
  256. data/src/core/lib/gprpp/thd.h +1 -1
  257. data/src/core/lib/gprpp/time_util.cc +77 -0
  258. data/src/core/lib/gprpp/time_util.h +42 -0
  259. data/src/core/lib/http/httpcli_security_connector.cc +2 -2
  260. data/src/core/lib/iomgr/buffer_list.h +1 -1
  261. data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
  262. data/src/core/lib/iomgr/error.h +1 -1
  263. data/src/core/lib/iomgr/ev_apple.cc +11 -8
  264. data/src/core/lib/iomgr/ev_epoll1_linux.cc +3 -3
  265. data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
  266. data/src/core/lib/iomgr/ev_posix.cc +3 -3
  267. data/src/core/lib/iomgr/exec_ctx.cc +6 -2
  268. data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
  269. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
  270. data/src/core/lib/iomgr/resource_quota.cc +1 -1
  271. data/src/core/lib/iomgr/sockaddr_utils.cc +121 -1
  272. data/src/core/lib/iomgr/sockaddr_utils.h +25 -0
  273. data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
  274. data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
  275. data/src/core/lib/iomgr/tcp_posix.cc +5 -8
  276. data/src/core/lib/iomgr/tcp_uv.cc +2 -2
  277. data/src/core/lib/iomgr/timer_generic.cc +2 -2
  278. data/src/core/lib/iomgr/timer_manager.cc +1 -1
  279. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
  280. data/src/core/lib/matchers/matchers.cc +339 -0
  281. data/src/core/lib/matchers/matchers.h +160 -0
  282. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
  283. data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
  284. data/src/core/lib/security/credentials/credentials.h +2 -1
  285. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
  286. data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
  287. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
  288. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
  289. data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
  290. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
  291. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
  292. data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
  293. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
  294. data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
  295. data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
  296. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
  297. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
  298. data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
  299. data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
  300. data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
  301. data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
  302. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
  303. data/src/core/lib/security/security_connector/ssl_utils.cc +9 -4
  304. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +32 -14
  305. data/src/core/lib/security/transport/security_handshaker.cc +33 -5
  306. data/src/core/lib/security/transport/server_auth_filter.cc +7 -0
  307. data/src/core/lib/slice/slice_intern.cc +5 -6
  308. data/src/core/lib/surface/channel.h +3 -3
  309. data/src/core/lib/surface/completion_queue.cc +1 -1
  310. data/src/core/lib/surface/init.cc +13 -15
  311. data/src/core/lib/surface/lame_client.cc +38 -19
  312. data/src/core/lib/surface/lame_client.h +4 -3
  313. data/src/core/lib/surface/server.cc +43 -36
  314. data/src/core/lib/surface/server.h +76 -14
  315. data/src/core/lib/surface/version.cc +2 -2
  316. data/src/core/lib/transport/metadata.cc +6 -2
  317. data/src/core/lib/transport/metadata_batch.cc +27 -0
  318. data/src/core/lib/transport/metadata_batch.h +14 -0
  319. data/src/core/plugin_registry/grpc_plugin_registry.cc +12 -0
  320. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +18 -24
  321. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
  322. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
  323. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
  324. data/src/core/tsi/fake_transport_security.cc +11 -2
  325. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
  326. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
  327. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
  328. data/src/core/tsi/ssl_transport_security.cc +0 -3
  329. data/src/core/tsi/ssl_transport_security.h +0 -3
  330. data/src/ruby/ext/grpc/extconf.rb +9 -1
  331. data/src/ruby/ext/grpc/rb_channel.c +10 -1
  332. data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
  333. data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
  334. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  335. data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
  336. data/src/ruby/ext/grpc/rb_grpc.c +4 -0
  337. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
  338. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
  339. data/src/ruby/ext/grpc/rb_server.c +13 -1
  340. data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
  341. data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
  342. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
  343. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
  344. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
  345. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
  346. data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
  347. data/src/ruby/lib/grpc/version.rb +1 -1
  348. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
  349. data/src/ruby/spec/call_spec.rb +1 -1
  350. data/src/ruby/spec/channel_credentials_spec.rb +32 -0
  351. data/src/ruby/spec/channel_spec.rb +17 -6
  352. data/src/ruby/spec/client_auth_spec.rb +27 -1
  353. data/src/ruby/spec/errors_spec.rb +1 -1
  354. data/src/ruby/spec/generic/active_call_spec.rb +2 -2
  355. data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
  356. data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
  357. data/src/ruby/spec/server_credentials_spec.rb +25 -0
  358. data/src/ruby/spec/server_spec.rb +22 -0
  359. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
  360. data/third_party/boringssl-with-bazel/err_data.c +715 -713
  361. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  362. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
  363. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
  364. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
  365. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  366. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
  367. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
  368. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
  369. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
  370. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
  371. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
  372. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
  373. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
  374. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
  375. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
  376. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  377. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
  378. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  379. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
  380. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
  381. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  382. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
  383. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  384. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
  385. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
  386. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  387. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
  388. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
  389. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
  395. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  396. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
  398. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
  403. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
  404. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
  405. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
  406. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
  407. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  408. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  409. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
  410. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
  411. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  412. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
  413. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -29
  414. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
  415. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
  416. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
  417. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
  418. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
  419. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
  420. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
  421. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  422. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
  423. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  424. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
  425. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
  426. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
  427. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
  428. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
  429. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
  430. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
  431. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  432. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
  433. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
  434. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
  435. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
  436. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
  437. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
  438. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
  439. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
  440. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  441. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
  442. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +19 -0
  443. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
  444. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
  445. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  446. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
  447. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
  448. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
  449. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
  450. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +67 -33
  451. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
  452. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -99
  453. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
  454. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
  455. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
  456. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
  457. data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
  458. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
  459. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
  460. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
  461. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
  462. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
  463. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
  464. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +362 -50
  465. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
  466. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
  467. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
  468. data/third_party/xxhash/xxhash.h +5443 -0
  469. metadata +140 -84
  470. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
  471. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
  472. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
  473. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
  474. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
  475. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
  476. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
  477. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
  478. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
  479. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
  480. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
  481. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
  482. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
  483. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
  484. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
  485. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
  486. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
  487. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
  488. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
  489. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
  490. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
  491. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
  492. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
  493. data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
  494. data/src/core/lib/security/authorization/authorization_engine.h +0 -84
  495. data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
  496. data/src/core/lib/security/authorization/evaluate_args.h +0 -59
  497. data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
  498. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
  499. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
  500. data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
  501. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
  502. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
  503. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
  504. data/third_party/upb/upb/json_decode.c +0 -1443
  505. data/third_party/upb/upb/json_decode.h +0 -23
  506. data/third_party/upb/upb/json_encode.c +0 -713
  507. data/third_party/upb/upb/json_encode.h +0 -36
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c CHANGED
@@ -21,6 +21,8 @@
21
21
  #include <openssl/aes.h>
22
22
  #include <openssl/bn.h>
23
23
  #include <openssl/des.h>
24
+ #include <openssl/dh.h>
25
+ #include <openssl/digest.h>
24
26
  #include <openssl/ec.h>
25
27
  #include <openssl/ecdsa.h>
26
28
  #include <openssl/ec_key.h>
@@ -31,6 +33,7 @@
31
33
  #include "../../internal.h"
32
34
  #include "../ec/internal.h"
33
35
  #include "../rand/internal.h"
36
+ #include "../tls/internal.h"
34
37
 
35
38
 
36
39
  // MSVC wants to put a NUL byte at the end of non-char arrays and so cannot
@@ -244,6 +247,41 @@ static EC_KEY *self_test_ecdsa_key(void) {
244
247
  return ec_key;
245
248
  }
246
249
 
250
+ static DH *self_test_dh(void) {
251
+ DH *dh = DH_get_rfc7919_2048();
252
+ if (!dh) {
253
+ return NULL;
254
+ }
255
+
256
+ BIGNUM *priv = BN_new();
257
+ if (!priv) {
258
+ goto err;
259
+ }
260
+
261
+ // kFFDHE2048PrivateKeyData is a 225-bit value. (225 because that's the
262
+ // minimum private key size in
263
+ // https://tools.ietf.org/html/rfc7919#appendix-A.1.)
264
+ static const BN_ULONG kFFDHE2048PrivateKeyData[] = {
265
+ TOBN(0x187be36b, 0xd38a4fa1),
266
+ TOBN(0x0a152f39, 0x6458f3b8),
267
+ TOBN(0x0570187e, 0xc422eeb7),
268
+ TOBN(0x00000001, 0x91173f2a),
269
+ };
270
+
271
+ bn_set_static_words(priv, kFFDHE2048PrivateKeyData,
272
+ OPENSSL_ARRAY_SIZE(kFFDHE2048PrivateKeyData));
273
+
274
+ if (!DH_set0_key(dh, NULL, priv)) {
275
+ goto err;
276
+ }
277
+ return dh;
278
+
279
+ err:
280
+ BN_free(priv);
281
+ DH_free(dh);
282
+ return NULL;
283
+ }
284
+
247
285
  #if defined(OPENSSL_ANDROID)
248
286
  static const size_t kModuleDigestSize = SHA256_DIGEST_LENGTH;
249
287
  #else
@@ -460,6 +498,81 @@ int boringssl_fips_self_test(
460
498
  0x00,
461
499
  #endif
462
500
  };
501
+ const uint8_t kTLSOutput[32] = {
502
+ 0x67, 0x85, 0xde, 0x60, 0xfc, 0x0a, 0x83, 0xe9, 0xa2, 0x2a, 0xb3,
503
+ 0xf0, 0x27, 0x0c, 0xba, 0xf7, 0xfa, 0x82, 0x3d, 0x14, 0x77, 0x1d,
504
+ 0x86, 0x29, 0x79, 0x39, 0x77, 0x8a, 0xd5, 0x0e, 0x9d,
505
+ #if !defined(BORINGSSL_FIPS_BREAK_TLS_KDF)
506
+ 0x32,
507
+ #else
508
+ 0x00,
509
+ #endif
510
+ };
511
+ const uint8_t kTLSSecret[32] = {
512
+ 0xbf, 0xe4, 0xb7, 0xe0, 0x26, 0x55, 0x5f, 0x6a, 0xdf, 0x5d, 0x27,
513
+ 0xd6, 0x89, 0x99, 0x2a, 0xd6, 0xf7, 0x65, 0x66, 0x07, 0x4b, 0x55,
514
+ 0x5f, 0x64, 0x55, 0xcd, 0xd5, 0x77, 0xa4, 0xc7, 0x09, 0x61,
515
+ };
516
+ const char kTLSLabel[] = "FIPS self test";
517
+ const uint8_t kTLSSeed1[16] = {
518
+ 0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
519
+ 0x6d, 0x51, 0xf4, 0x79, 0x18, 0x63, 0x51, 0x65,
520
+ };
521
+ const uint8_t kTLSSeed2[16] = {
522
+ 0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
523
+ 0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
524
+ };
525
+
526
+ // kFFDHE2048PublicValueData is an arbitrary public value, mod
527
+ // kFFDHE2048Data. (The private key happens to be 4096.)
528
+ static const BN_ULONG kFFDHE2048PublicValueData[] = {
529
+ TOBN(0x187be36b, 0xd38a4fa1), TOBN(0x0a152f39, 0x6458f3b8),
530
+ TOBN(0x0570187e, 0xc422eeb7), TOBN(0x18af7482, 0x91173f2a),
531
+ TOBN(0xe9fdac6a, 0xcff4eaaa), TOBN(0xf6afebb7, 0x6e589d6c),
532
+ TOBN(0xf92f8e9a, 0xb7e33fb0), TOBN(0x70acf2aa, 0x4cf36ddd),
533
+ TOBN(0x561ab426, 0xd07137fd), TOBN(0x5f57d037, 0x430ee91e),
534
+ TOBN(0xe3e768c8, 0x60d10b8a), TOBN(0xb14884d8, 0xa18af8ce),
535
+ TOBN(0xf8a98014, 0xa12b74e4), TOBN(0x748d407c, 0x3437b7a8),
536
+ TOBN(0x627588c4, 0x9875d5a7), TOBN(0xdd24a127, 0x53c8f09d),
537
+ TOBN(0x85a997d5, 0x0cd51aec), TOBN(0x44f0c619, 0xce348458),
538
+ TOBN(0x9b894b24, 0x5f6b69a1), TOBN(0xae1302f2, 0xf6d4777e),
539
+ TOBN(0xe6678eeb, 0x375db18e), TOBN(0x2674e1d6, 0x4fbcbdc8),
540
+ TOBN(0xb297a823, 0x6fa93d28), TOBN(0x6a12fb70, 0x7c8c0510),
541
+ TOBN(0x5c6d1aeb, 0xdb06f65b), TOBN(0xe8c2954e, 0x4c1804ca),
542
+ TOBN(0x06bdeac1, 0xf5500fa7), TOBN(0x6a315604, 0x189cd76b),
543
+ TOBN(0xbae7b0b3, 0x6e362dc0), TOBN(0xa57c73bd, 0xdc70fb82),
544
+ TOBN(0xfaff50d2, 0x9d573457), TOBN(0x352bd399, 0xbe84058e),
545
+ };
546
+
547
+ const uint8_t kDHOutput[2048 / 8] = {
548
+ 0x2a, 0xe6, 0xd3, 0xa6, 0x13, 0x58, 0x8e, 0xce, 0x53, 0xaa, 0xf6, 0x5d,
549
+ 0x9a, 0xae, 0x02, 0x12, 0xf5, 0x80, 0x3d, 0x06, 0x09, 0x76, 0xac, 0x57,
550
+ 0x37, 0x9e, 0xab, 0x38, 0x62, 0x25, 0x05, 0x1d, 0xf3, 0xa9, 0x39, 0x60,
551
+ 0xf6, 0xae, 0x90, 0xed, 0x1e, 0xad, 0x6e, 0xe9, 0xe3, 0xba, 0x27, 0xf6,
552
+ 0xdb, 0x54, 0xdf, 0xe2, 0xbd, 0xbb, 0x7f, 0xf1, 0x81, 0xac, 0x1a, 0xfa,
553
+ 0xdb, 0x87, 0x07, 0x98, 0x76, 0x90, 0x21, 0xf2, 0xae, 0xda, 0x0d, 0x84,
554
+ 0x97, 0x64, 0x0b, 0xbf, 0xb8, 0x8d, 0x10, 0x46, 0xe2, 0xd5, 0xca, 0x1b,
555
+ 0xbb, 0xe5, 0x37, 0xb2, 0x3b, 0x35, 0xd3, 0x1b, 0x65, 0xea, 0xae, 0xf2,
556
+ 0x03, 0xe2, 0xb6, 0xde, 0x22, 0xb7, 0x86, 0x49, 0x79, 0xfe, 0xd7, 0x16,
557
+ 0xf7, 0xdc, 0x9c, 0x59, 0xf5, 0xb7, 0x70, 0xc0, 0x53, 0x42, 0x6f, 0xb1,
558
+ 0xd2, 0x4e, 0x00, 0x25, 0x4b, 0x2d, 0x5a, 0x9b, 0xd0, 0xe9, 0x27, 0x43,
559
+ 0xcc, 0x00, 0x66, 0xea, 0x94, 0x7a, 0x0b, 0xb9, 0x89, 0x0c, 0x5e, 0x94,
560
+ 0xb8, 0x3a, 0x78, 0x9c, 0x4d, 0x84, 0xe6, 0x32, 0x2c, 0x38, 0x7c, 0xf7,
561
+ 0x43, 0x9c, 0xd8, 0xb8, 0x1c, 0xce, 0x24, 0x91, 0x20, 0x67, 0x7a, 0x54,
562
+ 0x1f, 0x7e, 0x86, 0x7f, 0xa1, 0xc1, 0x03, 0x4e, 0x2c, 0x26, 0x71, 0xb2,
563
+ 0x06, 0x30, 0xb3, 0x6c, 0x15, 0xcc, 0xac, 0x25, 0xe5, 0x37, 0x3f, 0x24,
564
+ 0x8f, 0x2a, 0x89, 0x5e, 0x3d, 0x43, 0x94, 0xc9, 0x36, 0xae, 0x40, 0x00,
565
+ 0x6a, 0x0d, 0xb0, 0x6e, 0x8b, 0x2e, 0x70, 0x57, 0xe1, 0x88, 0x53, 0xd6,
566
+ 0x06, 0x80, 0x2a, 0x4e, 0x5a, 0xf0, 0x1e, 0xaa, 0xcb, 0xab, 0x06, 0x0e,
567
+ 0x27, 0x0f, 0xd9, 0x88, 0xd9, 0x01, 0xe3, 0x07, 0xeb, 0xdf, 0xc3, 0x12,
568
+ 0xe3, 0x40, 0x88, 0x7b, 0x5f, 0x59, 0x78, 0x6e, 0x26, 0x20, 0xc3, 0xdf,
569
+ 0xc8, 0xe4, 0x5e,
570
+ #if !defined(BORINGSSL_FIPS_BREAK_FFC_DH)
571
+ 0xb8,
572
+ #else
573
+ 0x00,
574
+ #endif
575
+ };
463
576
 
464
577
  EVP_AEAD_CTX aead_ctx;
465
578
  EVP_AEAD_CTX_zero(&aead_ctx);
@@ -666,6 +779,29 @@ int boringssl_fips_self_test(
666
779
  goto err;
667
780
  }
668
781
 
782
+ // FFC Diffie-Hellman KAT
783
+
784
+ BIGNUM *const ffdhe2048_value = BN_new();
785
+ DH *const dh = self_test_dh();
786
+ int dh_ok = 0;
787
+ if (ffdhe2048_value && dh) {
788
+ bn_set_static_words(ffdhe2048_value, kFFDHE2048PublicValueData,
789
+ OPENSSL_ARRAY_SIZE(kFFDHE2048PublicValueData));
790
+
791
+ uint8_t dh_out[sizeof(kDHOutput)];
792
+ dh_ok =
793
+ sizeof(dh_out) == DH_size(dh) &&
794
+ DH_compute_key_padded(dh_out, ffdhe2048_value, dh) == sizeof(dh_out) &&
795
+ check_test(kDHOutput, dh_out, sizeof(dh_out), "FFC DH");
796
+ }
797
+
798
+ BN_free(ffdhe2048_value);
799
+ DH_free(dh);
800
+ if (!dh_ok) {
801
+ fprintf(stderr, "FFDH failed.\n");
802
+ goto err;
803
+ }
804
+
669
805
  // DBRG KAT
670
806
  CTR_DRBG_STATE drbg;
671
807
  if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,
@@ -690,6 +826,17 @@ int boringssl_fips_self_test(
690
826
  goto err;
691
827
  }
692
828
 
829
+ // TLS KDF KAT
830
+ uint8_t tls_output[sizeof(kTLSOutput)];
831
+ if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret,
832
+ sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel),
833
+ kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2,
834
+ sizeof(kTLSSeed2)) ||
835
+ !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS KDF KAT")) {
836
+ fprintf(stderr, "TLS KDF failed.\n");
837
+ goto err;
838
+ }
839
+
693
840
  ret = 1;
694
841
 
695
842
  #if defined(BORINGSSL_FIPS_SELF_TEST_FLAG_FILE)
data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c CHANGED
@@ -27,7 +27,7 @@
27
27
  #include "internal.h"
28
28
 
29
29
 
30
- // This file implements draft-irtf-cfrg-hpke-05.
30
+ // This file implements draft-irtf-cfrg-hpke-07.
31
31
 
32
32
  #define KEM_CONTEXT_LEN (2 * X25519_PUBLIC_VALUE_LEN)
33
33
 
@@ -40,7 +40,7 @@
40
40
  #define HPKE_MODE_BASE 0
41
41
  #define HPKE_MODE_PSK 1
42
42
 
43
- static const char kHpkeRfcId[] = "HPKE-05 ";
43
+ static const char kHpkeRfcId[] = "HPKE-07";
44
44
 
45
45
  static int add_label_string(CBB *cbb, const char *label) {
46
46
  return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label));
@@ -125,7 +125,7 @@ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
125
125
  return 1;
126
126
  }
127
127
 
128
- static const EVP_AEAD *hpke_get_aead(uint16_t aead_id) {
128
+ const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id) {
129
129
  switch (aead_id) {
130
130
  case EVP_HPKE_AEAD_AES_GCM_128:
131
131
  return EVP_aead_aes_128_gcm();
@@ -138,7 +138,7 @@ static const EVP_AEAD *hpke_get_aead(uint16_t aead_id) {
138
138
  return NULL;
139
139
  }
140
140
 
141
- static const EVP_MD *hpke_get_kdf(uint16_t kdf_id) {
141
+ const EVP_MD *EVP_HPKE_get_hkdf_md(uint16_t kdf_id) {
142
142
  switch (kdf_id) {
143
143
  case EVP_HPKE_HKDF_SHA256:
144
144
  return EVP_sha256();
@@ -174,7 +174,7 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
174
174
  }
175
175
 
176
176
  // Attempt to get an EVP_AEAD*.
177
- const EVP_AEAD *aead = hpke_get_aead(hpke->aead_id);
177
+ const EVP_AEAD *aead = EVP_HPKE_get_aead(hpke->aead_id);
178
178
  if (aead == NULL) {
179
179
  return 0;
180
180
  }
@@ -216,24 +216,13 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
216
216
  return 0;
217
217
  }
218
218
 
219
- // psk_hash = LabeledExtract("", "psk_hash", psk)
220
- static const char kPskHashLabel[] = "psk_hash";
221
- uint8_t psk_hash[EVP_MAX_MD_SIZE];
222
- size_t psk_hash_len;
223
- if (!hpke_labeled_extract(hpke->hkdf_md, psk_hash, &psk_hash_len, NULL, 0,
224
- suite_id, sizeof(suite_id), kPskHashLabel, psk,
225
- psk_len)) {
226
- return 0;
227
- }
228
-
229
- // secret = LabeledExtract(psk_hash, "secret", shared_secret)
219
+ // secret = LabeledExtract(shared_secret, "secret", psk)
230
220
  static const char kSecretExtractLabel[] = "secret";
231
221
  uint8_t secret[EVP_MAX_MD_SIZE];
232
222
  size_t secret_len;
233
- if (!hpke_labeled_extract(hpke->hkdf_md, secret, &secret_len, psk_hash,
234
- psk_hash_len, suite_id, sizeof(suite_id),
235
- kSecretExtractLabel, shared_secret,
236
- shared_secret_len)) {
223
+ if (!hpke_labeled_extract(hpke->hkdf_md, secret, &secret_len, shared_secret,
224
+ shared_secret_len, suite_id, sizeof(suite_id),
225
+ kSecretExtractLabel, psk, psk_len)) {
237
226
  return 0;
238
227
  }
239
228
 
@@ -252,9 +241,9 @@ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
252
241
  return 0;
253
242
  }
254
243
 
255
- // nonce = LabeledExpand(secret, "nonce", key_schedule_context, Nn)
256
- static const char kNonceExpandLabel[] = "nonce";
257
- if (!hpke_labeled_expand(hpke->hkdf_md, hpke->nonce,
244
+ // base_nonce = LabeledExpand(secret, "base_nonce", key_schedule_context, Nn)
245
+ static const char kNonceExpandLabel[] = "base_nonce";
246
+ if (!hpke_labeled_expand(hpke->hkdf_md, hpke->base_nonce,
258
247
  EVP_AEAD_nonce_length(aead), secret, secret_len,
259
248
  suite_id, sizeof(suite_id), kNonceExpandLabel,
260
249
  context, context_len)) {
@@ -351,7 +340,7 @@ int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
351
340
  hpke->is_sender = 1;
352
341
  hpke->kdf_id = kdf_id;
353
342
  hpke->aead_id = aead_id;
354
- hpke->hkdf_md = hpke_get_kdf(kdf_id);
343
+ hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
355
344
  if (hpke->hkdf_md == NULL) {
356
345
  return 0;
357
346
  }
@@ -375,7 +364,7 @@ int EVP_HPKE_CTX_setup_base_r_x25519(
375
364
  hpke->is_sender = 0;
376
365
  hpke->kdf_id = kdf_id;
377
366
  hpke->aead_id = aead_id;
378
- hpke->hkdf_md = hpke_get_kdf(kdf_id);
367
+ hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
379
368
  if (hpke->hkdf_md == NULL) {
380
369
  return 0;
381
370
  }
@@ -415,7 +404,7 @@ int EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
415
404
  hpke->is_sender = 1;
416
405
  hpke->kdf_id = kdf_id;
417
406
  hpke->aead_id = aead_id;
418
- hpke->hkdf_md = hpke_get_kdf(kdf_id);
407
+ hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
419
408
  if (hpke->hkdf_md == NULL) {
420
409
  return 0;
421
410
  }
@@ -440,7 +429,7 @@ int EVP_HPKE_CTX_setup_psk_r_x25519(
440
429
  hpke->is_sender = 0;
441
430
  hpke->kdf_id = kdf_id;
442
431
  hpke->aead_id = aead_id;
443
- hpke->hkdf_md = hpke_get_kdf(kdf_id);
432
+ hpke->hkdf_md = EVP_HPKE_get_hkdf_md(kdf_id);
444
433
  if (hpke->hkdf_md == NULL) {
445
434
  return 0;
446
435
  }
@@ -466,9 +455,9 @@ static void hpke_nonce(const EVP_HPKE_CTX *hpke, uint8_t *out_nonce,
466
455
  seq_copy >>= 8;
467
456
  }
468
457
 
469
- // XOR the encoded sequence with the |hpke->nonce|.
458
+ // XOR the encoded sequence with the |hpke->base_nonce|.
470
459
  for (size_t i = 0; i < nonce_len; i++) {
471
- out_nonce[i] ^= hpke->nonce[i];
460
+ out_nonce[i] ^= hpke->base_nonce[i];
472
461
  }
473
462
  }
474
463
 
data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h CHANGED
@@ -18,6 +18,7 @@
18
18
  #include <openssl/aead.h>
19
19
  #include <openssl/base.h>
20
20
  #include <openssl/curve25519.h>
21
+ #include <openssl/digest.h>
21
22
 
22
23
  #if defined(__cplusplus)
23
24
  extern "C" {
@@ -30,7 +31,7 @@ extern "C" {
30
31
  // receiver with a public key. Optionally, the sender may authenticate its
31
32
  // possession of a pre-shared key to the recipient.
32
33
  //
33
- // See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-05.
34
+ // See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07.
34
35
 
35
36
  // EVP_HPKE_AEAD_* are AEAD identifiers.
36
37
  #define EVP_HPKE_AEAD_AES_GCM_128 0x0001
@@ -55,7 +56,7 @@ typedef struct evp_hpke_ctx_st {
55
56
  EVP_AEAD_CTX aead_ctx;
56
57
  uint16_t kdf_id;
57
58
  uint16_t aead_id;
58
- uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
59
+ uint8_t base_nonce[EVP_AEAD_MAX_NONCE_LENGTH];
59
60
  uint8_t exporter_secret[EVP_MAX_MD_SIZE];
60
61
  uint64_t seq;
61
62
  int is_sender;
@@ -77,8 +78,8 @@ OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
77
78
  // In each of the following functions, |hpke| must have been initialized with
78
79
  // |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and
79
80
  // must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
80
- // for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*"
81
- // constants."
81
+ // for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*|
82
+ // constants.
82
83
 
83
84
  // EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
84
85
  // encrypt for the private key corresponding to |peer_public_value| (the
@@ -215,6 +216,14 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
215
216
  // set up as a sender.
216
217
  OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke);
217
218
 
219
+ // EVP_HPKE_get_aead returns the AEAD corresponding to |aead_id|, or NULL if
220
+ // |aead_id| is not a known AEAD identifier.
221
+ OPENSSL_EXPORT const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id);
222
+
223
+ // EVP_HPKE_get_hkdf_md returns the hash function associated with |kdf_id|, or
224
+ // NULL if |kdf_id| is not a known KDF identifier that uses HKDF.
225
+ OPENSSL_EXPORT const EVP_MD *EVP_HPKE_get_hkdf_md(uint16_t kdf_id);
226
+
218
227
 
219
228
  #if defined(__cplusplus)
220
229
  } // extern C
data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c CHANGED
@@ -46,10 +46,14 @@ struct poly1305_state_st {
46
46
  uint32_t s1, s2, s3, s4;
47
47
  uint32_t h0, h1, h2, h3, h4;
48
48
  uint8_t buf[16];
49
- unsigned int buf_used;
49
+ size_t buf_used;
50
50
  uint8_t key[16];
51
51
  };
52
52
 
53
+ OPENSSL_STATIC_ASSERT(
54
+ sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
55
+ "poly1305_state isn't large enough to hold aligned poly1305_state_st");
56
+
53
57
  static inline struct poly1305_state_st *poly1305_aligned_state(
54
58
  poly1305_state *state) {
55
59
  return (struct poly1305_state_st *)(((uintptr_t)state + 63) & ~63);
@@ -200,7 +204,6 @@ void CRYPTO_poly1305_init(poly1305_state *statep, const uint8_t key[32]) {
200
204
 
201
205
  void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
202
206
  size_t in_len) {
203
- unsigned int i;
204
207
  struct poly1305_state_st *state = poly1305_aligned_state(statep);
205
208
 
206
209
  #if defined(OPENSSL_POLY1305_NEON)
@@ -211,11 +214,11 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
211
214
  #endif
212
215
 
213
216
  if (state->buf_used) {
214
- unsigned todo = 16 - state->buf_used;
217
+ size_t todo = 16 - state->buf_used;
215
218
  if (todo > in_len) {
216
- todo = (unsigned)in_len;
219
+ todo = in_len;
217
220
  }
218
- for (i = 0; i < todo; i++) {
221
+ for (size_t i = 0; i < todo; i++) {
219
222
  state->buf[state->buf_used + i] = in[i];
220
223
  }
221
224
  state->buf_used += todo;
@@ -236,10 +239,10 @@ void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
236
239
  }
237
240
 
238
241
  if (in_len) {
239
- for (i = 0; i < in_len; i++) {
242
+ for (size_t i = 0; i < in_len; i++) {
240
243
  state->buf[i] = in[i];
241
244
  }
242
- state->buf_used = (unsigned)in_len;
245
+ state->buf_used = in_len;
243
246
  }
244
247
  }
245
248
 
data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c CHANGED
@@ -36,7 +36,7 @@ extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y,
36
36
  const fe1305x2 *c);
37
37
 
38
38
  extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in,
39
- unsigned int inlen);
39
+ size_t inlen);
40
40
 
41
41
  static void freeze(fe1305x2 *r) {
42
42
  int i;
@@ -136,7 +136,7 @@ static void fe1305x2_tobytearray(uint8_t r[16], fe1305x2 *x) {
136
136
  }
137
137
 
138
138
  static void fe1305x2_frombytearray(fe1305x2 *r, const uint8_t *x, size_t xlen) {
139
- unsigned i;
139
+ size_t i;
140
140
  uint8_t t[17];
141
141
 
142
142
  for (i = 0; (i < 16) && (i < xlen); i++) {
@@ -179,17 +179,20 @@ static const alignas(16) fe1305x2 zero;
179
179
  struct poly1305_state_st {
180
180
  uint8_t data[sizeof(fe1305x2[5]) + 128];
181
181
  uint8_t buf[32];
182
- unsigned int buf_used;
182
+ size_t buf_used;
183
183
  uint8_t key[16];
184
184
  };
185
185
 
186
+ OPENSSL_STATIC_ASSERT(
187
+ sizeof(struct poly1305_state_st) + 63 <= sizeof(poly1305_state),
188
+ "poly1305_state isn't large enough to hold aligned poly1305_state_st.");
189
+
186
190
  void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) {
187
191
  struct poly1305_state_st *st = (struct poly1305_state_st *)(state);
188
192
  fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data)));
189
193
  fe1305x2 *const h = r + 1;
190
194
  fe1305x2 *const c = h + 1;
191
195
  fe1305x2 *const precomp = c + 1;
192
- unsigned int j;
193
196
 
194
197
  r->v[1] = r->v[0] = 0x3ffffff & load32(key);
195
198
  r->v[3] = r->v[2] = 0x3ffff03 & (load32(key + 3) >> 2);
@@ -197,7 +200,7 @@ void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) {
197
200
  r->v[7] = r->v[6] = 0x3f03fff & (load32(key + 9) >> 6);
198
201
  r->v[9] = r->v[8] = 0x00fffff & (load32(key + 12) >> 8);
199
202
 
200
- for (j = 0; j < 10; j++) {
203
+ for (size_t j = 0; j < 10; j++) {
201
204
  h->v[j] = 0; // XXX: should fast-forward a bit
202
205
  }
203
206
 
@@ -215,14 +218,13 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
215
218
  fe1305x2 *const h = r + 1;
216
219
  fe1305x2 *const c = h + 1;
217
220
  fe1305x2 *const precomp = c + 1;
218
- unsigned int i;
219
221
 
220
222
  if (st->buf_used) {
221
- unsigned int todo = 32 - st->buf_used;
223
+ size_t todo = 32 - st->buf_used;
222
224
  if (todo > in_len) {
223
225
  todo = in_len;
224
226
  }
225
- for (i = 0; i < todo; i++) {
227
+ for (size_t i = 0; i < todo; i++) {
226
228
  st->buf[st->buf_used + i] = in[i];
227
229
  }
228
230
  st->buf_used += todo;
@@ -232,7 +234,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
232
234
  if (st->buf_used == sizeof(st->buf) && in_len) {
233
235
  addmulmod(h, h, precomp, &zero);
234
236
  fe1305x2_frombytearray(c, st->buf, sizeof(st->buf));
235
- for (i = 0; i < 10; i++) {
237
+ for (size_t i = 0; i < 10; i++) {
236
238
  h->v[i] += c->v[i];
237
239
  }
238
240
  st->buf_used = 0;
@@ -240,7 +242,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
240
242
  }
241
243
 
242
244
  while (in_len > 32) {
243
- unsigned int tlen = 1048576;
245
+ size_t tlen = 1048576;
244
246
  if (in_len < tlen) {
245
247
  tlen = in_len;
246
248
  }
@@ -250,7 +252,7 @@ void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in,
250
252
  }
251
253
 
252
254
  if (in_len) {
253
- for (i = 0; i < in_len; i++) {
255
+ for (size_t i = 0; i < in_len; i++) {
254
256
  st->buf[i] = in[i];
255
257
  }
256
258
  st->buf_used = in_len;