grpc 1.36.0 → 1.38.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +126 -92
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/channel_args.h +28 -0
- data/include/grpc/event_engine/event_engine.h +336 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/event_engine/slice_allocator.h +81 -0
- data/include/grpc/grpc.h +15 -1
- data/include/grpc/grpc_security_constants.h +14 -0
- data/include/grpc/impl/codegen/grpc_types.h +11 -0
- data/include/grpc/impl/codegen/port_platform.h +7 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +715 -3166
- data/src/core/ext/filters/client_channel/client_channel.h +489 -55
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +9 -1
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +18 -14
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +26 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +27 -26
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
- data/src/core/ext/filters/client_channel/lb_policy.cc +4 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +46 -43
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -12
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +36 -30
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +29 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +32 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +86 -63
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +3 -0
- data/src/core/ext/filters/client_channel/resolver.h +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +17 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +38 -33
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +17 -9
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -14
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +334 -114
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2188 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +287 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +90 -0
- data/src/core/ext/filters/client_channel/server_address.cc +4 -1
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +86 -162
- data/src/core/ext/filters/client_channel/subchannel.h +68 -99
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +501 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +5 -4
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +8 -8
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +5 -4
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +6 -5
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +485 -199
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -3
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +167 -122
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +13 -9
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +32 -27
- data/src/core/ext/transport/chttp2/transport/parsing.cc +63 -56
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +30 -29
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +15 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +44 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +13 -9
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +13 -7
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +21 -20
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +1649 -329
- data/src/core/ext/xds/xds_api.h +284 -44
- data/src/core/ext/xds/xds_bootstrap.cc +110 -156
- data/src/core/ext/xds/xds_bootstrap.h +24 -25
- data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
- data/src/core/ext/xds/xds_certificate_provider.h +4 -4
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +454 -177
- data/src/core/ext/xds/xds_client.h +62 -22
- data/src/core/ext/xds/xds_client_stats.h +5 -4
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +410 -131
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +107 -4
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +26 -6
- data/src/core/lib/channel/channel_stack.cc +22 -9
- data/src/core/lib/channel/channel_stack.h +17 -9
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +108 -12
- data/src/core/lib/channel/channelz.h +30 -1
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/handshaker.cc +7 -45
- data/src/core/lib/channel/handshaker.h +5 -22
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/event_engine/slice_allocator.cc +59 -0
- data/src/core/lib/event_engine/sockaddr.cc +38 -0
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/ref_counted.h +28 -14
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +180 -0
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +11 -7
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +7 -9
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +167 -61
- data/src/core/lib/iomgr/error.h +218 -107
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +6 -6
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +22 -22
- data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +12 -11
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/exec_ctx.cc +10 -6
- data/src/core/lib/iomgr/exec_ctx.h +1 -1
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -2
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +5 -5
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +3 -3
- data/src/core/lib/iomgr/resolve_address.h +6 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +12 -11
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +22 -20
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +15 -17
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +37 -38
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +23 -21
- data/src/core/lib/iomgr/tcp_server_posix.cc +22 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -17
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +27 -25
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +8 -8
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/{security/authorization → matchers}/matchers.cc +47 -47
- data/src/core/lib/{security/authorization → matchers}/matchers.h +42 -40
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +2 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -9
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +28 -8
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +62 -60
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +65 -34
- data/src/core/lib/security/transport/server_auth_filter.cc +24 -11
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/slice/slice_intern.cc +6 -7
- data/src/core/lib/surface/call.cc +46 -45
- data/src/core/lib/surface/call.h +2 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +6 -5
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +46 -47
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/lame_client.cc +43 -24
- data/src/core/lib/surface/lame_client.h +4 -3
- data/src/core/lib/surface/server.cc +68 -55
- data/src/core/lib/surface/server.h +89 -29
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +19 -8
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata_batch.cc +64 -37
- data/src/core/lib/transport/metadata_batch.h +33 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +4 -4
- data/src/core/lib/transport/transport_op_string.cc +5 -5
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/crypt/gsec.h +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +6 -8
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/fake_transport_security.cc +10 -1
- data/src/core/tsi/ssl_transport_security.cc +32 -14
- data/src/core/tsi/ssl_transport_security.h +3 -4
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +478 -462
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +4 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +45 -48
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +38 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +37 -45
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +103 -42
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +58 -37
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +19 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -30
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +39 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -38
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +210 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +416 -122
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -0
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +444 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +244 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +43 -12
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +149 -8
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +220 -46
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +7 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +74 -15
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +131 -83
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +34 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +205 -100
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +128 -61
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -99
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
- data/third_party/upb/upb/json_decode.c +0 -1443
- data/third_party/upb/upb/json_decode.h +0 -23
- data/third_party/upb/upb/json_encode.c +0 -713
- data/third_party/upb/upb/json_encode.h +0 -36
@@ -109,6 +109,7 @@
|
|
109
109
|
#ifndef OPENSSL_HEADER_CRYPTO_INTERNAL_H
|
110
110
|
#define OPENSSL_HEADER_CRYPTO_INTERNAL_H
|
111
111
|
|
112
|
+
#include <openssl/crypto.h>
|
112
113
|
#include <openssl/ex_data.h>
|
113
114
|
#include <openssl/stack.h>
|
114
115
|
#include <openssl/thread.h>
|
@@ -470,6 +471,12 @@ OPENSSL_EXPORT void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void));
|
|
470
471
|
|
471
472
|
// Reference counting.
|
472
473
|
|
474
|
+
// Automatically enable C11 atomics if implemented.
|
475
|
+
#if !defined(OPENSSL_C11_ATOMIC) && !defined(__STDC_NO_ATOMICS__) && \
|
476
|
+
defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
|
477
|
+
#define OPENSSL_C11_ATOMIC
|
478
|
+
#endif
|
479
|
+
|
473
480
|
// CRYPTO_REFCOUNT_MAX is the value at which the reference count saturates.
|
474
481
|
#define CRYPTO_REFCOUNT_MAX 0xffffffff
|
475
482
|
|
@@ -607,6 +614,7 @@ BSSL_NAMESPACE_END
|
|
607
614
|
typedef enum {
|
608
615
|
OPENSSL_THREAD_LOCAL_ERR = 0,
|
609
616
|
OPENSSL_THREAD_LOCAL_RAND,
|
617
|
+
OPENSSL_THREAD_LOCAL_FIPS_COUNTERS,
|
610
618
|
OPENSSL_THREAD_LOCAL_TEST,
|
611
619
|
NUM_OPENSSL_THREAD_LOCALS,
|
612
620
|
} thread_local_data_t;
|
@@ -811,6 +819,58 @@ static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
|
|
811
819
|
return memset(dst, c, n);
|
812
820
|
}
|
813
821
|
|
822
|
+
|
823
|
+
// Loads and stores.
|
824
|
+
//
|
825
|
+
// The following functions load and store sized integers with the specified
|
826
|
+
// endianness. They use |memcpy|, and so avoid alignment or strict aliasing
|
827
|
+
// requirements on the input and output pointers.
|
828
|
+
|
829
|
+
static inline uint32_t CRYPTO_load_u32_le(const void *in) {
|
830
|
+
uint32_t v;
|
831
|
+
OPENSSL_memcpy(&v, in, sizeof(v));
|
832
|
+
return v;
|
833
|
+
}
|
834
|
+
|
835
|
+
static inline void CRYPTO_store_u32_le(void *out, uint32_t v) {
|
836
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
837
|
+
}
|
838
|
+
|
839
|
+
static inline uint32_t CRYPTO_load_u32_be(const void *in) {
|
840
|
+
uint32_t v;
|
841
|
+
OPENSSL_memcpy(&v, in, sizeof(v));
|
842
|
+
return CRYPTO_bswap4(v);
|
843
|
+
}
|
844
|
+
|
845
|
+
static inline void CRYPTO_store_u32_be(void *out, uint32_t v) {
|
846
|
+
v = CRYPTO_bswap4(v);
|
847
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
848
|
+
}
|
849
|
+
|
850
|
+
static inline uint64_t CRYPTO_load_u64_be(const void *ptr) {
|
851
|
+
uint64_t ret;
|
852
|
+
OPENSSL_memcpy(&ret, ptr, sizeof(ret));
|
853
|
+
return CRYPTO_bswap8(ret);
|
854
|
+
}
|
855
|
+
|
856
|
+
static inline void CRYPTO_store_u64_be(void *out, uint64_t v) {
|
857
|
+
v = CRYPTO_bswap8(v);
|
858
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
859
|
+
}
|
860
|
+
|
861
|
+
static inline crypto_word_t CRYPTO_load_word_le(const void *in) {
|
862
|
+
crypto_word_t v;
|
863
|
+
OPENSSL_memcpy(&v, in, sizeof(v));
|
864
|
+
return v;
|
865
|
+
}
|
866
|
+
|
867
|
+
static inline void CRYPTO_store_word_le(void *out, crypto_word_t v) {
|
868
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
869
|
+
}
|
870
|
+
|
871
|
+
|
872
|
+
// FIPS functions.
|
873
|
+
|
814
874
|
#if defined(BORINGSSL_FIPS)
|
815
875
|
// BORINGSSL_FIPS_abort is called when a FIPS power-on or continuous test
|
816
876
|
// fails. It prevents any further cryptographic operations by the current
|
@@ -826,6 +886,11 @@ void BORINGSSL_FIPS_abort(void) __attribute__((noreturn));
|
|
826
886
|
int boringssl_fips_self_test(const uint8_t *module_hash,
|
827
887
|
size_t module_hash_len);
|
828
888
|
|
889
|
+
#if defined(BORINGSSL_FIPS_COUNTERS)
|
890
|
+
void boringssl_fips_inc_counter(enum fips_counter_t counter);
|
891
|
+
#else
|
892
|
+
OPENSSL_INLINE void boringssl_fips_inc_counter(enum fips_counter_t counter) {}
|
893
|
+
#endif
|
829
894
|
|
830
895
|
#if defined(__cplusplus)
|
831
896
|
} // extern C
|
@@ -107,6 +107,20 @@ WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags));
|
|
107
107
|
// allocation and freeing. If defined, it is the responsibility of
|
108
108
|
// |OPENSSL_memory_free| to zero out the memory before returning it to the
|
109
109
|
// system. |OPENSSL_memory_free| will not be passed NULL pointers.
|
110
|
+
//
|
111
|
+
// WARNING: These functions are called on every allocation and free in
|
112
|
+
// BoringSSL across the entire process. They may be called by any code in the
|
113
|
+
// process which calls BoringSSL, including in process initializers and thread
|
114
|
+
// destructors. When called, BoringSSL may hold pthreads locks. Any other code
|
115
|
+
// in the process which, directly or indirectly, calls BoringSSL may be on the
|
116
|
+
// call stack and may itself be using arbitrary synchronization primitives.
|
117
|
+
//
|
118
|
+
// As a result, these functions may not have the usual programming environment
|
119
|
+
// available to most C or C++ code. In particular, they may not call into
|
120
|
+
// BoringSSL, or any library which depends on BoringSSL. Any synchronization
|
121
|
+
// primitives used must tolerate every other synchronization primitive linked
|
122
|
+
// into the process, including pthreads locks. Failing to meet these constraints
|
123
|
+
// may result in deadlocks, crashes, or memory corruption.
|
110
124
|
WEAK_SYMBOL_FUNC(void*, OPENSSL_memory_alloc, (size_t size));
|
111
125
|
WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr));
|
112
126
|
WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr));
|
@@ -338,12 +338,12 @@ OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid) {
|
|
338
338
|
return 1;
|
339
339
|
}
|
340
340
|
|
341
|
-
|
341
|
+
ASN1_OBJECT *OBJ_nid2obj(int nid) {
|
342
342
|
if (nid >= 0 && nid < NUM_NID) {
|
343
343
|
if (nid != NID_undef && kObjects[nid].nid == NID_undef) {
|
344
344
|
goto err;
|
345
345
|
}
|
346
|
-
return &kObjects[nid];
|
346
|
+
return (ASN1_OBJECT *)&kObjects[nid];
|
347
347
|
}
|
348
348
|
|
349
349
|
CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
|
@@ -411,7 +411,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names) {
|
|
411
411
|
}
|
412
412
|
|
413
413
|
if (nid != NID_undef) {
|
414
|
-
return
|
414
|
+
return OBJ_nid2obj(nid);
|
415
415
|
}
|
416
416
|
}
|
417
417
|
|
@@ -235,7 +235,7 @@ static PKCS7 *pkcs7_new(CBS *cbs) {
|
|
235
235
|
return NULL;
|
236
236
|
}
|
237
237
|
OPENSSL_memset(ret, 0, sizeof(PKCS7));
|
238
|
-
ret->type =
|
238
|
+
ret->type = OBJ_nid2obj(NID_pkcs7_signed);
|
239
239
|
ret->d.sign = OPENSSL_malloc(sizeof(PKCS7_SIGNED));
|
240
240
|
if (ret->d.sign == NULL) {
|
241
241
|
goto err;
|
@@ -943,11 +943,6 @@ int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey,
|
|
943
943
|
|
944
944
|
// OpenSSL selects the last certificate which matches the private key as
|
945
945
|
// |out_cert|.
|
946
|
-
//
|
947
|
-
// TODO(davidben): OpenSSL additionally reverses the order of the
|
948
|
-
// certificates, which was likely originally a bug, but may be a feature by
|
949
|
-
// now. See https://crbug.com/boringssl/250 and
|
950
|
-
// https://github.com/openssl/openssl/issues/6698.
|
951
946
|
*out_cert = NULL;
|
952
947
|
size_t num_certs = sk_X509_num(ca_certs);
|
953
948
|
if (*out_pkey != NULL && num_certs > 0) {
|
@@ -1074,31 +1069,24 @@ static int add_cert_bag(CBB *cbb, X509 *cert, const char *name,
|
|
1074
1069
|
return 1;
|
1075
1070
|
}
|
1076
1071
|
|
1077
|
-
static int
|
1078
|
-
|
1079
|
-
|
1080
|
-
|
1081
|
-
|
1082
|
-
CBB cbb, safe_contents;
|
1083
|
-
if (!CBB_init(&cbb, 0) ||
|
1084
|
-
!CBB_add_asn1(&cbb, &safe_contents, CBS_ASN1_SEQUENCE) ||
|
1072
|
+
static int add_cert_safe_contents(CBB *cbb, X509 *cert,
|
1073
|
+
const STACK_OF(X509) *chain, const char *name,
|
1074
|
+
const uint8_t *key_id, size_t key_id_len) {
|
1075
|
+
CBB safe_contents;
|
1076
|
+
if (!CBB_add_asn1(cbb, &safe_contents, CBS_ASN1_SEQUENCE) ||
|
1085
1077
|
(cert != NULL &&
|
1086
1078
|
!add_cert_bag(&safe_contents, cert, name, key_id, key_id_len))) {
|
1087
|
-
|
1079
|
+
return 0;
|
1088
1080
|
}
|
1089
1081
|
|
1090
1082
|
for (size_t i = 0; i < sk_X509_num(chain); i++) {
|
1091
1083
|
// Only the leaf certificate gets attributes.
|
1092
1084
|
if (!add_cert_bag(&safe_contents, sk_X509_value(chain, i), NULL, NULL, 0)) {
|
1093
|
-
|
1085
|
+
return 0;
|
1094
1086
|
}
|
1095
1087
|
}
|
1096
1088
|
|
1097
|
-
|
1098
|
-
|
1099
|
-
err:
|
1100
|
-
CBB_cleanup(&cbb);
|
1101
|
-
return ret;
|
1089
|
+
return CBB_flush(cbb);
|
1102
1090
|
}
|
1103
1091
|
|
1104
1092
|
static int add_encrypted_data(CBB *out, int pbe_nid, const char *password,
|
@@ -1181,9 +1169,6 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
1181
1169
|
if (// In OpenSSL, this specifies a non-standard Microsoft key usage extension
|
1182
1170
|
// which we do not currently support.
|
1183
1171
|
key_type != 0 ||
|
1184
|
-
// In OpenSSL, -1 here means to use no encryption, which we do not
|
1185
|
-
// currently support.
|
1186
|
-
key_nid < 0 || cert_nid < 0 ||
|
1187
1172
|
// In OpenSSL, -1 here means to omit the MAC, which we do not
|
1188
1173
|
// currently support. Omitting it is also invalid for a password-based
|
1189
1174
|
// PKCS#12 file.
|
@@ -1194,6 +1179,36 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
1194
1179
|
return 0;
|
1195
1180
|
}
|
1196
1181
|
|
1182
|
+
// PKCS#12 is a very confusing recursive data format, built out of another
|
1183
|
+
// recursive data format. Section 5.1 of RFC7292 describes the encoding
|
1184
|
+
// algorithm, but there is no clear overview. A quick summary:
|
1185
|
+
//
|
1186
|
+
// PKCS#7 defines a ContentInfo structure, which is a overgeneralized typed
|
1187
|
+
// combinator structure for applying cryptography. We care about two types. A
|
1188
|
+
// data ContentInfo contains an OCTET STRING and is a leaf node of the
|
1189
|
+
// combinator tree. An encrypted-data ContentInfo contains encryption
|
1190
|
+
// parameters (key derivation and encryption) and wraps another ContentInfo,
|
1191
|
+
// usually data.
|
1192
|
+
//
|
1193
|
+
// A PKCS#12 file is a PFX structure (section 4), which contains a single data
|
1194
|
+
// ContentInfo and a MAC over it. This root ContentInfo is the
|
1195
|
+
// AuthenticatedSafe and its payload is a SEQUENCE of other ContentInfos, so
|
1196
|
+
// that different parts of the PKCS#12 file can by differently protected.
|
1197
|
+
//
|
1198
|
+
// Each ContentInfo in the AuthenticatedSafe, after undoing all the PKCS#7
|
1199
|
+
// combinators, has SafeContents payload. A SafeContents is a SEQUENCE of
|
1200
|
+
// SafeBag. SafeBag is PKCS#12's typed structure, with subtypes such as KeyBag
|
1201
|
+
// and CertBag. Confusingly, there is a SafeContents bag type which itself
|
1202
|
+
// recursively contains more SafeBags, but we do not implement this. Bags also
|
1203
|
+
// can have attributes.
|
1204
|
+
//
|
1205
|
+
// The grouping of SafeBags into intermediate ContentInfos does not appear to
|
1206
|
+
// be significant, except that all SafeBags sharing a ContentInfo have the
|
1207
|
+
// same level of protection. Additionally, while keys may be encrypted by
|
1208
|
+
// placing a KeyBag in an encrypted-data ContentInfo, PKCS#12 also defines a
|
1209
|
+
// key-specific encryption container, PKCS8ShroudedKeyBag, which is used
|
1210
|
+
// instead.
|
1211
|
+
|
1197
1212
|
// Note that |password| may be NULL to specify no password, rather than the
|
1198
1213
|
// empty string. They are encoded differently in PKCS#12. (One is the empty
|
1199
1214
|
// byte array and the other is NUL-terminated UCS-2.)
|
@@ -1236,24 +1251,43 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
1236
1251
|
// If there are any certificates, place them in CertBags wrapped in a single
|
1237
1252
|
// encrypted ContentInfo.
|
1238
1253
|
if (cert != NULL || sk_X509_num(chain) > 0) {
|
1239
|
-
|
1240
|
-
|
1241
|
-
|
1242
|
-
|
1243
|
-
|
1244
|
-
|
1245
|
-
|
1246
|
-
|
1247
|
-
|
1248
|
-
|
1249
|
-
|
1254
|
+
if (cert_nid < 0) {
|
1255
|
+
// Place the certificates in an unencrypted ContentInfo. This could be
|
1256
|
+
// more compactly-encoded by reusing the same ContentInfo as the key, but
|
1257
|
+
// OpenSSL does not do this. We keep them separate for consistency. (Keys,
|
1258
|
+
// even when encrypted, are always placed in unencrypted ContentInfos.
|
1259
|
+
// PKCS#12 defines bag-level encryption for keys.)
|
1260
|
+
CBB content_info, oid, wrapper, data;
|
1261
|
+
if (!CBB_add_asn1(&content_infos, &content_info, CBS_ASN1_SEQUENCE) ||
|
1262
|
+
!CBB_add_asn1(&content_info, &oid, CBS_ASN1_OBJECT) ||
|
1263
|
+
!CBB_add_bytes(&oid, kPKCS7Data, sizeof(kPKCS7Data)) ||
|
1264
|
+
!CBB_add_asn1(&content_info, &wrapper,
|
1265
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
|
1266
|
+
!CBB_add_asn1(&wrapper, &data, CBS_ASN1_OCTETSTRING) ||
|
1267
|
+
!add_cert_safe_contents(&data, cert, chain, name, key_id,
|
1268
|
+
key_id_len) ||
|
1269
|
+
!CBB_flush(&content_infos)) {
|
1270
|
+
goto err;
|
1271
|
+
}
|
1272
|
+
} else {
|
1273
|
+
CBB plaintext_cbb;
|
1274
|
+
int ok = CBB_init(&plaintext_cbb, 0) &&
|
1275
|
+
add_cert_safe_contents(&plaintext_cbb, cert, chain, name, key_id,
|
1276
|
+
key_id_len) &&
|
1277
|
+
add_encrypted_data(
|
1278
|
+
&content_infos, cert_nid, password, password_len, iterations,
|
1279
|
+
CBB_data(&plaintext_cbb), CBB_len(&plaintext_cbb));
|
1280
|
+
CBB_cleanup(&plaintext_cbb);
|
1281
|
+
if (!ok) {
|
1282
|
+
goto err;
|
1283
|
+
}
|
1250
1284
|
}
|
1251
1285
|
}
|
1252
1286
|
|
1253
|
-
// If there is a key, place it in a single
|
1254
|
-
// unencrypted ContentInfo. (One could also place it in a KeyBag
|
1255
|
-
// encrypted ContentInfo, but OpenSSL does not do this and some
|
1256
|
-
// consumers do not support KeyBags.)
|
1287
|
+
// If there is a key, place it in a single KeyBag or PKCS8ShroudedKeyBag
|
1288
|
+
// wrapped in an unencrypted ContentInfo. (One could also place it in a KeyBag
|
1289
|
+
// inside an encrypted ContentInfo, but OpenSSL does not do this and some
|
1290
|
+
// PKCS#12 consumers do not support KeyBags.)
|
1257
1291
|
if (pkey != NULL) {
|
1258
1292
|
CBB content_info, oid, wrapper, data, safe_contents, bag, bag_oid,
|
1259
1293
|
bag_contents;
|
@@ -1267,16 +1301,29 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
1267
1301
|
!CBB_add_asn1(&data, &safe_contents, CBS_ASN1_SEQUENCE) ||
|
1268
1302
|
// Add a SafeBag containing a PKCS8ShroudedKeyBag.
|
1269
1303
|
!CBB_add_asn1(&safe_contents, &bag, CBS_ASN1_SEQUENCE) ||
|
1270
|
-
!CBB_add_asn1(&bag, &bag_oid, CBS_ASN1_OBJECT)
|
1271
|
-
|
1272
|
-
|
1273
|
-
|
1274
|
-
|
1275
|
-
|
1276
|
-
|
1277
|
-
|
1278
|
-
|
1279
|
-
|
1304
|
+
!CBB_add_asn1(&bag, &bag_oid, CBS_ASN1_OBJECT)) {
|
1305
|
+
goto err;
|
1306
|
+
}
|
1307
|
+
if (key_nid < 0) {
|
1308
|
+
if (!CBB_add_bytes(&bag_oid, kKeyBag, sizeof(kKeyBag)) ||
|
1309
|
+
!CBB_add_asn1(&bag, &bag_contents,
|
1310
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
|
1311
|
+
!EVP_marshal_private_key(&bag_contents, pkey)) {
|
1312
|
+
goto err;
|
1313
|
+
}
|
1314
|
+
} else {
|
1315
|
+
if (!CBB_add_bytes(&bag_oid, kPKCS8ShroudedKeyBag,
|
1316
|
+
sizeof(kPKCS8ShroudedKeyBag)) ||
|
1317
|
+
!CBB_add_asn1(&bag, &bag_contents,
|
1318
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
|
1319
|
+
!PKCS8_marshal_encrypted_private_key(
|
1320
|
+
&bag_contents, key_nid, NULL, password, password_len,
|
1321
|
+
NULL /* generate a random salt */,
|
1322
|
+
0 /* use default salt length */, iterations, pkey)) {
|
1323
|
+
goto err;
|
1324
|
+
}
|
1325
|
+
}
|
1326
|
+
if (!add_bag_attributes(&bag, name, key_id, key_id_len) ||
|
1280
1327
|
!CBB_flush(&content_infos)) {
|
1281
1328
|
goto err;
|
1282
1329
|
}
|
@@ -69,6 +69,6 @@ RAND_METHOD *RAND_OpenSSL(void) {
|
|
69
69
|
|
70
70
|
const RAND_METHOD *RAND_get_rand_method(void) { return RAND_SSLeay(); }
|
71
71
|
|
72
|
-
|
72
|
+
int RAND_set_rand_method(const RAND_METHOD *method) { return 1; }
|
73
73
|
|
74
74
|
void RAND_cleanup(void) {}
|
@@ -127,34 +127,6 @@ static pthread_once_t g_thread_local_init_once = PTHREAD_ONCE_INIT;
|
|
127
127
|
static pthread_key_t g_thread_local_key;
|
128
128
|
static int g_thread_local_key_created = 0;
|
129
129
|
|
130
|
-
// OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY can be defined to cause
|
131
|
-
// |pthread_key_delete| to be called in a destructor function. This can be
|
132
|
-
// useful for programs that dlclose BoringSSL.
|
133
|
-
//
|
134
|
-
// Note that dlclose()ing BoringSSL is not supported and will leak memory:
|
135
|
-
// thread-local values will be leaked as well as anything initialised via a
|
136
|
-
// once. The |pthread_key_t| is destroyed because they run out very quickly,
|
137
|
-
// while the other leaks are slow, and this allows code that happens to use
|
138
|
-
// dlclose() despite all the problems to continue functioning.
|
139
|
-
//
|
140
|
-
// This is marked "dangerous" because it can cause multi-threaded processes to
|
141
|
-
// crash (even if they don't use dlclose): if the destructor runs while other
|
142
|
-
// threads are still executing then they may end up using an invalid key to
|
143
|
-
// access thread-local variables.
|
144
|
-
//
|
145
|
-
// This may be removed after February 2020.
|
146
|
-
#if defined(OPENSSL_DANGEROUS_RELEASE_PTHREAD_KEY) && \
|
147
|
-
(defined(__GNUC__) || defined(__clang__))
|
148
|
-
// thread_key_destructor is called when the library is unloaded with dlclose.
|
149
|
-
static void thread_key_destructor(void) __attribute__((destructor, unused));
|
150
|
-
static void thread_key_destructor(void) {
|
151
|
-
if (g_thread_local_key_created) {
|
152
|
-
g_thread_local_key_created = 0;
|
153
|
-
pthread_key_delete(g_thread_local_key);
|
154
|
-
}
|
155
|
-
}
|
156
|
-
#endif
|
157
|
-
|
158
130
|
static void thread_local_init(void) {
|
159
131
|
g_thread_local_key_created =
|
160
132
|
pthread_key_create(&g_thread_local_key, thread_local_destructor) == 0;
|
@@ -24,6 +24,25 @@ extern "C" {
|
|
24
24
|
#endif
|
25
25
|
|
26
26
|
|
27
|
+
/* Internal structures. */
|
28
|
+
|
29
|
+
struct X509_val_st {
|
30
|
+
ASN1_TIME *notBefore;
|
31
|
+
ASN1_TIME *notAfter;
|
32
|
+
} /* X509_VAL */;
|
33
|
+
|
34
|
+
struct X509_pubkey_st {
|
35
|
+
X509_ALGOR *algor;
|
36
|
+
ASN1_BIT_STRING *public_key;
|
37
|
+
EVP_PKEY *pkey;
|
38
|
+
} /* X509_PUBKEY */;
|
39
|
+
|
40
|
+
struct x509_attributes_st {
|
41
|
+
ASN1_OBJECT *object;
|
42
|
+
STACK_OF(ASN1_TYPE) *set;
|
43
|
+
} /* X509_ATTRIBUTE */;
|
44
|
+
|
45
|
+
|
27
46
|
/* RSA-PSS functions. */
|
28
47
|
|
29
48
|
/* x509_rsa_pss_to_ctx configures |ctx| for an RSA-PSS operation based on
|
@@ -62,6 +62,10 @@
|
|
62
62
|
#include <openssl/stack.h>
|
63
63
|
#include <openssl/x509.h>
|
64
64
|
|
65
|
+
#include "../asn1/asn1_locl.h"
|
66
|
+
#include "internal.h"
|
67
|
+
|
68
|
+
|
65
69
|
int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
|
66
70
|
{
|
67
71
|
return sk_X509_ATTRIBUTE_num(x);
|
@@ -214,7 +218,7 @@ void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
|
|
214
218
|
}
|
215
219
|
|
216
220
|
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
|
217
|
-
int
|
221
|
+
int attrtype, const void *data,
|
218
222
|
int len)
|
219
223
|
{
|
220
224
|
const ASN1_OBJECT *obj;
|
@@ -224,12 +228,12 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
|
|
224
228
|
OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_NID);
|
225
229
|
return (NULL);
|
226
230
|
}
|
227
|
-
return X509_ATTRIBUTE_create_by_OBJ(attr, obj,
|
231
|
+
return X509_ATTRIBUTE_create_by_OBJ(attr, obj, attrtype, data, len);
|
228
232
|
}
|
229
233
|
|
230
234
|
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
|
231
235
|
const ASN1_OBJECT *obj,
|
232
|
-
int
|
236
|
+
int attrtype, const void *data,
|
233
237
|
int len)
|
234
238
|
{
|
235
239
|
X509_ATTRIBUTE *ret;
|
@@ -244,7 +248,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
|
|
244
248
|
|
245
249
|
if (!X509_ATTRIBUTE_set1_object(ret, obj))
|
246
250
|
goto err;
|
247
|
-
if (!X509_ATTRIBUTE_set1_data(ret,
|
251
|
+
if (!X509_ATTRIBUTE_set1_data(ret, attrtype, data, len))
|
248
252
|
goto err;
|
249
253
|
|
250
254
|
if ((attr != NULL) && (*attr == NULL))
|
@@ -257,17 +261,17 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
|
|
257
261
|
}
|
258
262
|
|
259
263
|
X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
|
260
|
-
const char *
|
264
|
+
const char *attrname, int type,
|
261
265
|
const unsigned char *bytes,
|
262
266
|
int len)
|
263
267
|
{
|
264
268
|
ASN1_OBJECT *obj;
|
265
269
|
X509_ATTRIBUTE *nattr;
|
266
270
|
|
267
|
-
obj = OBJ_txt2obj(
|
271
|
+
obj = OBJ_txt2obj(attrname, 0);
|
268
272
|
if (obj == NULL) {
|
269
273
|
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_NAME);
|
270
|
-
ERR_add_error_data(2, "name=",
|
274
|
+
ERR_add_error_data(2, "name=", attrname);
|
271
275
|
return (NULL);
|
272
276
|
}
|
273
277
|
nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
|
@@ -307,9 +311,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
|
|
307
311
|
goto err;
|
308
312
|
atype = attrtype;
|
309
313
|
}
|
310
|
-
if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
|
311
|
-
goto err;
|
312
|
-
attr->single = 0;
|
313
314
|
/*
|
314
315
|
* This is a bit naughty because the attribute should really have at
|
315
316
|
* least one value but some types use and zero length SET and require
|
@@ -328,7 +329,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
|
|
328
329
|
ASN1_TYPE_set(ttmp, atype, stmp);
|
329
330
|
stmp = NULL;
|
330
331
|
}
|
331
|
-
if (!sk_ASN1_TYPE_push(attr->
|
332
|
+
if (!sk_ASN1_TYPE_push(attr->set, ttmp))
|
332
333
|
goto err;
|
333
334
|
return 1;
|
334
335
|
err:
|
@@ -338,13 +339,9 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
|
|
338
339
|
return 0;
|
339
340
|
}
|
340
341
|
|
341
|
-
int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
|
342
|
+
int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
|
342
343
|
{
|
343
|
-
|
344
|
-
return sk_ASN1_TYPE_num(attr->value.set);
|
345
|
-
if (attr->value.single)
|
346
|
-
return 1;
|
347
|
-
return 0;
|
344
|
+
return sk_ASN1_TYPE_num(attr->set);
|
348
345
|
}
|
349
346
|
|
350
347
|
ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
|
@@ -355,27 +352,24 @@ ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
|
|
355
352
|
}
|
356
353
|
|
357
354
|
void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
|
358
|
-
int
|
355
|
+
int attrtype, void *unused)
|
359
356
|
{
|
360
357
|
ASN1_TYPE *ttmp;
|
361
358
|
ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
|
362
359
|
if (!ttmp)
|
363
360
|
return NULL;
|
364
|
-
if (
|
361
|
+
if (attrtype != ASN1_TYPE_get(ttmp)) {
|
365
362
|
OPENSSL_PUT_ERROR(X509, X509_R_WRONG_TYPE);
|
366
363
|
return NULL;
|
367
364
|
}
|
368
|
-
return ttmp
|
365
|
+
return (void *)asn1_type_value_as_pointer(ttmp);
|
369
366
|
}
|
370
367
|
|
371
368
|
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
|
372
369
|
{
|
373
370
|
if (attr == NULL)
|
374
|
-
return
|
371
|
+
return NULL;
|
375
372
|
if (idx >= X509_ATTRIBUTE_count(attr))
|
376
373
|
return NULL;
|
377
|
-
|
378
|
-
return sk_ASN1_TYPE_value(attr->value.set, idx);
|
379
|
-
else
|
380
|
-
return attr->value.single;
|
374
|
+
return sk_ASN1_TYPE_value(attr->set, idx);
|
381
375
|
}
|