grpc 1.37.1 → 1.39.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (636) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +96 -59
  3. data/include/grpc/event_engine/README.md +38 -0
  4. data/include/grpc/event_engine/endpoint_config.h +48 -0
  5. data/include/grpc/event_engine/event_engine.h +334 -0
  6. data/include/grpc/event_engine/port.h +41 -0
  7. data/include/grpc/event_engine/slice_allocator.h +91 -0
  8. data/include/grpc/grpc.h +11 -4
  9. data/include/grpc/grpc_security.h +32 -0
  10. data/include/grpc/grpc_security_constants.h +15 -0
  11. data/include/grpc/impl/codegen/grpc_types.h +28 -13
  12. data/include/grpc/impl/codegen/port_platform.h +22 -0
  13. data/include/grpc/module.modulemap +14 -14
  14. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
  15. data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
  16. data/src/core/ext/filters/client_channel/client_channel.cc +630 -3103
  17. data/src/core/ext/filters/client_channel/client_channel.h +489 -55
  18. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
  19. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
  20. data/src/core/ext/filters/client_channel/config_selector.h +1 -1
  21. data/src/core/ext/filters/client_channel/connector.h +1 -1
  22. data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
  23. data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
  24. data/src/core/ext/filters/client_channel/health/health_check_client.cc +28 -27
  25. data/src/core/ext/filters/client_channel/health/health_check_client.h +30 -29
  26. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
  27. data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +46 -43
  30. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
  31. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
  32. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
  33. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -12
  34. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +755 -0
  35. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
  36. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
  37. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
  38. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
  39. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +46 -54
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +23 -23
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +31 -46
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +146 -155
  43. data/src/core/ext/filters/client_channel/lb_policy.cc +1 -1
  44. data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
  45. data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
  46. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
  47. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -18
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
  53. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
  54. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
  55. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  56. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
  57. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  59. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +18 -12
  60. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
  61. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
  62. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +20 -13
  63. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
  64. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -32
  65. data/src/core/ext/filters/client_channel/resolver.h +2 -2
  66. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
  67. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
  68. data/src/core/ext/filters/client_channel/retry_filter.cc +2449 -0
  69. data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
  70. data/src/core/ext/filters/client_channel/retry_service_config.cc +306 -0
  71. data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
  72. data/src/core/ext/filters/client_channel/server_address.cc +1 -1
  73. data/src/core/ext/filters/client_channel/service_config.cc +15 -14
  74. data/src/core/ext/filters/client_channel/service_config.h +7 -6
  75. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
  76. data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
  77. data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
  78. data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
  79. data/src/core/ext/filters/client_channel/subchannel.h +7 -6
  80. data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
  81. data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
  82. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +25 -18
  83. data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
  84. data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
  85. data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
  86. data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
  87. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
  88. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
  89. data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
  90. data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
  91. data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
  92. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  93. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
  94. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
  95. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
  96. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
  97. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +3 -2
  98. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
  99. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +44 -45
  100. data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
  101. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
  102. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +5 -4
  103. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
  104. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +139 -120
  105. data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
  106. data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
  107. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  108. data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
  109. data/src/core/ext/transport/chttp2/transport/frame_data.cc +8 -8
  110. data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
  111. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
  112. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
  113. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
  114. data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
  115. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
  116. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
  117. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
  118. data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
  119. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
  120. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
  121. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
  122. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
  123. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
  124. data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
  125. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  126. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
  127. data/src/core/ext/transport/chttp2/transport/internal.h +32 -27
  128. data/src/core/ext/transport/chttp2/transport/parsing.cc +65 -58
  129. data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
  130. data/src/core/ext/transport/inproc/inproc_transport.cc +72 -60
  131. data/src/core/ext/xds/certificate_provider_factory.h +1 -1
  132. data/src/core/ext/xds/certificate_provider_store.h +3 -3
  133. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
  134. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
  135. data/src/core/ext/xds/xds_api.cc +348 -199
  136. data/src/core/ext/xds/xds_api.h +21 -12
  137. data/src/core/ext/xds/xds_bootstrap.cc +97 -159
  138. data/src/core/ext/xds/xds_bootstrap.h +19 -24
  139. data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
  140. data/src/core/ext/xds/xds_certificate_provider.h +4 -4
  141. data/src/core/ext/xds/xds_channel_args.h +5 -2
  142. data/src/core/ext/xds/xds_client.cc +310 -178
  143. data/src/core/ext/xds/xds_client.h +41 -27
  144. data/src/core/ext/xds/xds_client_stats.h +3 -2
  145. data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
  146. data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
  147. data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
  148. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +16 -20
  149. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +16 -11
  150. data/src/core/lib/channel/channel_stack.cc +10 -9
  151. data/src/core/lib/channel/channel_stack.h +10 -9
  152. data/src/core/lib/channel/channel_stack_builder.cc +2 -2
  153. data/src/core/lib/channel/channel_stack_builder.h +1 -1
  154. data/src/core/lib/channel/channelz.cc +21 -13
  155. data/src/core/lib/channel/channelz.h +3 -0
  156. data/src/core/lib/channel/connected_channel.cc +4 -4
  157. data/src/core/lib/channel/handshaker.cc +7 -6
  158. data/src/core/lib/channel/handshaker.h +5 -5
  159. data/src/core/lib/event_engine/endpoint_config.cc +46 -0
  160. data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
  161. data/src/core/lib/event_engine/event_engine.cc +50 -0
  162. data/src/core/lib/event_engine/slice_allocator.cc +89 -0
  163. data/src/core/lib/event_engine/sockaddr.cc +40 -0
  164. data/src/core/lib/event_engine/sockaddr.h +44 -0
  165. data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
  166. data/src/core/lib/gprpp/ref_counted.h +28 -14
  167. data/src/core/lib/gprpp/status_helper.cc +407 -0
  168. data/src/core/lib/gprpp/status_helper.h +183 -0
  169. data/src/core/lib/http/httpcli.cc +11 -11
  170. data/src/core/lib/http/httpcli_security_connector.cc +11 -7
  171. data/src/core/lib/http/parser.cc +16 -16
  172. data/src/core/lib/http/parser.h +4 -4
  173. data/src/core/lib/iomgr/buffer_list.cc +7 -9
  174. data/src/core/lib/iomgr/buffer_list.h +4 -5
  175. data/src/core/lib/iomgr/call_combiner.cc +15 -12
  176. data/src/core/lib/iomgr/call_combiner.h +12 -14
  177. data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
  178. data/src/core/lib/iomgr/cfstream_handle.h +1 -1
  179. data/src/core/lib/iomgr/closure.h +7 -6
  180. data/src/core/lib/iomgr/combiner.cc +14 -12
  181. data/src/core/lib/iomgr/combiner.h +2 -2
  182. data/src/core/lib/iomgr/endpoint.cc +1 -1
  183. data/src/core/lib/iomgr/endpoint.h +2 -2
  184. data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
  185. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
  186. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  187. data/src/core/lib/iomgr/error.cc +168 -61
  188. data/src/core/lib/iomgr/error.h +217 -106
  189. data/src/core/lib/iomgr/error_cfstream.cc +3 -2
  190. data/src/core/lib/iomgr/error_cfstream.h +2 -2
  191. data/src/core/lib/iomgr/error_internal.h +5 -1
  192. data/src/core/lib/iomgr/ev_apple.cc +5 -5
  193. data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
  194. data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
  195. data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
  196. data/src/core/lib/iomgr/ev_posix.cc +9 -8
  197. data/src/core/lib/iomgr/ev_posix.h +9 -9
  198. data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
  199. data/src/core/lib/iomgr/event_engine/closure.h +33 -0
  200. data/src/core/lib/iomgr/event_engine/endpoint.cc +194 -0
  201. data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
  202. data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
  203. data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
  204. data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
  205. data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
  206. data/src/core/lib/iomgr/event_engine/promise.h +51 -0
  207. data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
  208. data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
  209. data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
  210. data/src/core/lib/iomgr/event_engine/tcp.cc +243 -0
  211. data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
  212. data/src/core/lib/iomgr/exec_ctx.cc +12 -4
  213. data/src/core/lib/iomgr/exec_ctx.h +4 -5
  214. data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
  215. data/src/core/lib/iomgr/executor/threadpool.h +2 -2
  216. data/src/core/lib/iomgr/executor.cc +8 -8
  217. data/src/core/lib/iomgr/executor.h +2 -2
  218. data/src/core/lib/iomgr/iomgr.cc +2 -2
  219. data/src/core/lib/iomgr/iomgr.h +1 -1
  220. data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
  221. data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
  222. data/src/core/lib/iomgr/iomgr_internal.h +3 -3
  223. data/src/core/lib/iomgr/iomgr_posix.cc +3 -1
  224. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -12
  225. data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
  226. data/src/core/lib/iomgr/load_file.cc +4 -4
  227. data/src/core/lib/iomgr/load_file.h +2 -2
  228. data/src/core/lib/iomgr/lockfree_event.cc +5 -5
  229. data/src/core/lib/iomgr/lockfree_event.h +1 -1
  230. data/src/core/lib/iomgr/pollset.cc +5 -5
  231. data/src/core/lib/iomgr/pollset.h +9 -9
  232. data/src/core/lib/iomgr/pollset_custom.cc +7 -7
  233. data/src/core/lib/iomgr/pollset_custom.h +3 -1
  234. data/src/core/lib/iomgr/pollset_uv.cc +3 -1
  235. data/src/core/lib/iomgr/pollset_uv.h +5 -1
  236. data/src/core/lib/iomgr/pollset_windows.cc +5 -5
  237. data/src/core/lib/iomgr/port.h +7 -5
  238. data/src/core/lib/iomgr/python_util.h +1 -1
  239. data/src/core/lib/iomgr/resolve_address.cc +8 -4
  240. data/src/core/lib/iomgr/resolve_address.h +12 -6
  241. data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
  242. data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
  243. data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
  244. data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
  245. data/src/core/lib/iomgr/resource_quota.cc +11 -10
  246. data/src/core/lib/iomgr/sockaddr.h +1 -0
  247. data/src/core/lib/iomgr/socket_mutator.cc +15 -2
  248. data/src/core/lib/iomgr/socket_mutator.h +26 -2
  249. data/src/core/lib/iomgr/socket_utils_common_posix.cc +24 -22
  250. data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
  251. data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
  252. data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
  253. data/src/core/lib/iomgr/tcp_client_posix.cc +22 -19
  254. data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
  255. data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
  256. data/src/core/lib/iomgr/tcp_custom.cc +14 -16
  257. data/src/core/lib/iomgr/tcp_custom.h +13 -12
  258. data/src/core/lib/iomgr/tcp_posix.cc +78 -73
  259. data/src/core/lib/iomgr/tcp_posix.h +8 -0
  260. data/src/core/lib/iomgr/tcp_server.cc +6 -6
  261. data/src/core/lib/iomgr/tcp_server.h +12 -11
  262. data/src/core/lib/iomgr/tcp_server_custom.cc +26 -25
  263. data/src/core/lib/iomgr/tcp_server_posix.cc +28 -21
  264. data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
  265. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -18
  266. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
  267. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  268. data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
  269. data/src/core/lib/iomgr/tcp_uv.cc +25 -23
  270. data/src/core/lib/iomgr/tcp_windows.cc +13 -13
  271. data/src/core/lib/iomgr/tcp_windows.h +2 -2
  272. data/src/core/lib/iomgr/timer.h +6 -1
  273. data/src/core/lib/iomgr/timer_custom.cc +2 -1
  274. data/src/core/lib/iomgr/timer_custom.h +1 -1
  275. data/src/core/lib/iomgr/timer_generic.cc +6 -6
  276. data/src/core/lib/iomgr/udp_server.cc +21 -20
  277. data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
  278. data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
  279. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
  280. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
  281. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
  282. data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
  283. data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
  284. data/src/core/lib/iomgr/work_serializer.h +17 -1
  285. data/src/core/lib/json/json.h +1 -1
  286. data/src/core/lib/json/json_reader.cc +4 -4
  287. data/src/core/lib/matchers/matchers.cc +39 -39
  288. data/src/core/lib/matchers/matchers.h +28 -28
  289. data/src/core/lib/security/authorization/authorization_engine.h +44 -0
  290. data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
  291. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
  292. data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
  293. data/src/core/lib/security/authorization/evaluate_args.h +91 -0
  294. data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
  295. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
  296. data/src/core/lib/security/credentials/credentials.h +2 -2
  297. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
  298. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
  299. data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
  300. data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
  301. data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
  302. data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
  303. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
  304. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
  305. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
  306. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
  307. data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
  308. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
  309. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -10
  310. data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
  311. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  312. data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
  313. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
  314. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
  315. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
  316. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
  317. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
  318. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
  319. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
  320. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
  321. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
  322. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
  323. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
  324. data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
  325. data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
  326. data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
  327. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
  328. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
  329. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
  330. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
  331. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
  332. data/src/core/lib/security/security_connector/local/local_security_connector.cc +22 -9
  333. data/src/core/lib/security/security_connector/security_connector.h +9 -4
  334. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
  335. data/src/core/lib/security/security_connector/ssl_utils.cc +27 -4
  336. data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
  337. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +56 -60
  338. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
  339. data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
  340. data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
  341. data/src/core/lib/security/transport/security_handshaker.cc +33 -32
  342. data/src/core/lib/security/transport/server_auth_filter.cc +19 -13
  343. data/src/core/lib/security/transport/tsi_error.cc +2 -1
  344. data/src/core/lib/security/transport/tsi_error.h +2 -1
  345. data/src/core/lib/security/util/json_util.cc +2 -2
  346. data/src/core/lib/security/util/json_util.h +1 -1
  347. data/src/core/lib/surface/call.cc +67 -46
  348. data/src/core/lib/surface/call.h +13 -2
  349. data/src/core/lib/surface/channel.cc +6 -6
  350. data/src/core/lib/surface/channel.h +3 -2
  351. data/src/core/lib/surface/channel_ping.cc +1 -1
  352. data/src/core/lib/surface/completion_queue.cc +68 -69
  353. data/src/core/lib/surface/completion_queue.h +3 -2
  354. data/src/core/lib/surface/completion_queue_factory.cc +1 -2
  355. data/src/core/lib/surface/init.cc +1 -3
  356. data/src/core/lib/surface/init.h +10 -1
  357. data/src/core/lib/surface/lame_client.cc +11 -11
  358. data/src/core/lib/surface/lame_client.h +1 -1
  359. data/src/core/lib/surface/server.cc +28 -22
  360. data/src/core/lib/surface/server.h +16 -15
  361. data/src/core/lib/surface/validate_metadata.cc +7 -7
  362. data/src/core/lib/surface/validate_metadata.h +3 -2
  363. data/src/core/lib/surface/version.cc +4 -2
  364. data/src/core/lib/transport/byte_stream.cc +5 -5
  365. data/src/core/lib/transport/byte_stream.h +8 -8
  366. data/src/core/lib/transport/connectivity_state.cc +1 -1
  367. data/src/core/lib/transport/error_utils.cc +21 -10
  368. data/src/core/lib/transport/error_utils.h +11 -5
  369. data/src/core/lib/transport/metadata_batch.cc +37 -37
  370. data/src/core/lib/transport/metadata_batch.h +19 -18
  371. data/src/core/lib/transport/transport.cc +4 -3
  372. data/src/core/lib/transport/transport.h +6 -4
  373. data/src/core/lib/transport/transport_op_string.cc +6 -6
  374. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
  375. data/src/core/tsi/alts/crypt/gsec.h +6 -0
  376. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
  377. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
  378. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
  379. data/src/core/tsi/ssl_transport_security.cc +32 -14
  380. data/src/core/tsi/ssl_transport_security.h +3 -4
  381. data/src/ruby/bin/math_services_pb.rb +1 -1
  382. data/src/ruby/ext/grpc/extconf.rb +2 -0
  383. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
  384. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +11 -2
  385. data/src/ruby/lib/grpc/version.rb +1 -1
  386. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
  387. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
  388. data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
  389. data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
  390. data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
  391. data/third_party/abseil-cpp/absl/base/config.h +37 -9
  392. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
  393. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
  394. data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
  395. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
  396. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
  397. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
  398. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
  399. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
  400. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
  401. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
  402. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
  403. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
  404. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
  405. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
  406. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
  407. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
  408. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
  409. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
  410. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
  411. data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
  412. data/third_party/abseil-cpp/absl/base/macros.h +11 -0
  413. data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
  414. data/third_party/abseil-cpp/absl/base/options.h +1 -1
  415. data/third_party/abseil-cpp/absl/base/port.h +0 -1
  416. data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
  417. data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
  418. data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
  419. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
  420. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
  421. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
  422. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
  423. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
  424. data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
  425. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
  426. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
  427. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
  428. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
  429. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
  430. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
  431. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
  432. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
  433. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
  434. data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
  435. data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
  436. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
  437. data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
  438. data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
  439. data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
  440. data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
  441. data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
  442. data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
  443. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
  444. data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
  445. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
  446. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
  447. data/third_party/abseil-cpp/absl/status/status.cc +29 -22
  448. data/third_party/abseil-cpp/absl/status/status.h +81 -20
  449. data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
  450. data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
  451. data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
  452. data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
  453. data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
  454. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
  455. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
  456. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
  457. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
  458. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
  459. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
  460. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
  461. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
  462. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
  463. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
  464. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
  465. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
  466. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
  467. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
  468. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
  469. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
  470. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
  471. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
  472. data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
  473. data/third_party/abseil-cpp/absl/strings/match.h +16 -6
  474. data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
  475. data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
  476. data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
  477. data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
  478. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
  479. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
  480. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
  481. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
  482. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
  483. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
  484. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
  485. data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
  486. data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
  487. data/third_party/abseil-cpp/absl/time/clock.h +2 -2
  488. data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
  489. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
  490. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
  491. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
  492. data/third_party/abseil-cpp/absl/time/time.cc +4 -3
  493. data/third_party/abseil-cpp/absl/time/time.h +26 -24
  494. data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
  495. data/third_party/abseil-cpp/absl/types/variant.h +9 -4
  496. data/third_party/boringssl-with-bazel/err_data.c +483 -461
  497. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
  498. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +9 -7
  499. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
  500. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
  501. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
  502. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
  503. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
  504. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
  505. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
  506. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
  507. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
  508. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
  509. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
  510. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
  511. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
  512. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
  513. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
  514. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
  515. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
  516. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
  517. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
  518. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
  519. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
  520. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
  521. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
  522. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
  523. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
  524. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
  525. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +52 -65
  526. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +52 -66
  527. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
  528. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
  529. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
  530. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
  531. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
  532. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
  533. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
  534. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
  535. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
  536. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
  537. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
  538. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
  539. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
  540. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +61 -75
  541. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +80 -103
  542. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +40 -49
  543. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +367 -315
  544. data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
  545. data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
  546. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
  547. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +5 -3
  548. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
  549. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
  550. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
  551. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
  552. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
  553. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +120 -11
  554. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
  555. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
  556. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
  557. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
  558. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
  559. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
  560. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
  561. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
  562. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
  563. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
  564. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
  565. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
  566. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
  567. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
  568. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
  569. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
  570. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
  571. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
  572. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
  573. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
  574. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
  575. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
  576. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
  577. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
  578. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
  579. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
  580. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
  581. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
  582. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +47 -7
  583. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
  584. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
  585. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
  586. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
  587. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
  588. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
  589. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
  591. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +20 -49
  592. data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
  593. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
  594. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
  595. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +25 -7
  596. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
  597. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
  598. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
  599. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +283 -85
  600. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +13 -19
  601. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +445 -152
  602. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
  603. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -1
  604. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +7 -2
  605. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
  606. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1133 -0
  607. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
  608. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +66 -30
  609. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
  610. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +154 -24
  611. data/third_party/boringssl-with-bazel/src/ssl/internal.h +414 -135
  612. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
  613. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  614. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
  615. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
  616. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
  617. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +51 -60
  618. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
  619. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
  620. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
  621. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
  622. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
  623. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +664 -702
  624. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +65 -7
  625. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
  626. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
  627. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +213 -118
  628. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
  629. metadata +94 -46
  630. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
  631. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
  632. data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
  633. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
  634. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
  635. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -246
  636. data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
@@ -60,7 +60,8 @@ OPENSSL_STATIC_ASSERT(16 % sizeof(size_t) == 0,
60
60
  void CRYPTO_ofb128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
61
61
  const AES_KEY *key, uint8_t ivec[16], unsigned *num,
62
62
  block128_f block) {
63
- assert(in && out && key && ivec && num);
63
+ assert(key != NULL && ivec != NULL && num != NULL);
64
+ assert(len == 0 || (in != NULL && out != NULL));
64
65
 
65
66
  unsigned n = *num;
66
67
 
@@ -45,12 +45,10 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
45
45
  // for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
46
46
  // entropy came directly from the CPU and zero if it came from the OS. It
47
47
  // actively obtains entropy from the CPU/OS and so should not be called from
48
- // within the FIPS module if |BORINGSSL_FIPS_PASSIVE_ENTROPY| is defined.
48
+ // within the FIPS module.
49
49
  void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
50
50
  int *out_used_cpu);
51
51
 
52
- #if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
53
-
54
52
  // RAND_load_entropy supplies |entropy_len| bytes of entropy to the module. The
55
53
  // |from_cpu| parameter is true iff the entropy was obtained directly from the
56
54
  // CPU.
@@ -61,7 +59,6 @@ void RAND_load_entropy(const uint8_t *entropy, size_t entropy_len,
61
59
  // when the module has stopped because it has run out of entropy.
62
60
  void RAND_need_entropy(size_t bytes_needed);
63
61
 
64
- #endif // BORINGSSL_FIPS_PASSIVE_ENTROPY
65
62
  #endif // BORINGSSL_FIPS
66
63
 
67
64
  // CRYPTO_sysrand fills |len| bytes at |buf| with entropy from the operating
@@ -178,8 +178,6 @@ void CRYPTO_get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
178
178
  #endif
179
179
  }
180
180
 
181
- #if defined(BORINGSSL_FIPS_PASSIVE_ENTROPY)
182
-
183
181
  // In passive entropy mode, entropy is supplied from outside of the module via
184
182
  // |RAND_load_entropy| and is stored in global instance of the following
185
183
  // structure.
@@ -242,17 +240,6 @@ static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
242
240
  CRYPTO_STATIC_MUTEX_unlock_write(entropy_buffer_lock_bss_get());
243
241
  }
244
242
 
245
- #else
246
-
247
- // In the active case, |get_seed_entropy| simply calls |CRYPTO_get_seed_entropy|
248
- // in order to obtain entropy from the CPU or OS.
249
- static void get_seed_entropy(uint8_t *out_entropy, size_t out_entropy_len,
250
- int *out_used_cpu) {
251
- CRYPTO_get_seed_entropy(out_entropy, out_entropy_len, out_used_cpu);
252
- }
253
-
254
- #endif // !BORINGSSL_FIPS_PASSIVE_ENTROPY
255
-
256
243
  // rand_get_seed fills |seed| with entropy and sets |*out_used_cpu| to one if
257
244
  // that entropy came directly from the CPU and zero otherwise.
258
245
  static void rand_get_seed(struct rand_thread_state *state,
@@ -62,6 +62,15 @@
62
62
  #include <sys/random.h>
63
63
  #endif
64
64
 
65
+ #if defined(OPENSSL_FREEBSD)
66
+ #define URANDOM_BLOCKS_FOR_ENTROPY
67
+ #if __FreeBSD__ >= 12
68
+ // getrandom is supported in FreeBSD 12 and up.
69
+ #define FREEBSD_GETRANDOM
70
+ #include <sys/random.h>
71
+ #endif
72
+ #endif
73
+
65
74
  #include <openssl/thread.h>
66
75
  #include <openssl/mem.h>
67
76
 
@@ -176,6 +185,11 @@ static void init_once(void) {
176
185
  }
177
186
  #endif
178
187
 
188
+ #if defined(FREEBSD_GETRANDOM)
189
+ *urandom_fd_bss_get() = kHaveGetrandom;
190
+ return;
191
+ #endif
192
+
179
193
  // Android FIPS builds must support getrandom.
180
194
  #if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID)
181
195
  perror("getrandom not found");
@@ -256,11 +270,11 @@ static void wait_for_entropy(void) {
256
270
  return;
257
271
  }
258
272
 
259
- #if defined(BORINGSSL_FIPS)
260
- // In FIPS mode we ensure that the kernel has sufficient entropy before
261
- // continuing. This is automatically handled by getrandom, which requires
262
- // that the entropy pool has been initialised, but for urandom we have to
263
- // poll.
273
+ #if defined(BORINGSSL_FIPS) && !defined(URANDOM_BLOCKS_FOR_ENTROPY)
274
+ // In FIPS mode on platforms where urandom doesn't block at startup, we ensure
275
+ // that the kernel has sufficient entropy before continuing. This is
276
+ // automatically handled by getrandom, which requires that the entropy pool
277
+ // has been initialised, but for urandom we have to poll.
264
278
  for (;;) {
265
279
  int entropy_bits;
266
280
  if (ioctl(fd, RNDGETENTCNT, &entropy_bits)) {
@@ -277,7 +291,7 @@ static void wait_for_entropy(void) {
277
291
 
278
292
  usleep(250000);
279
293
  }
280
- #endif // BORINGSSL_FIPS
294
+ #endif // BORINGSSL_FIPS && !URANDOM_BLOCKS_FOR_ENTROPY
281
295
  }
282
296
 
283
297
  // fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
@@ -291,11 +305,14 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
291
305
  return 1;
292
306
  }
293
307
 
294
- #if defined(USE_NR_getrandom)
308
+ #if defined(USE_NR_getrandom) || defined(FREEBSD_GETRANDOM)
295
309
  int getrandom_flags = 0;
296
310
  if (!block) {
297
311
  getrandom_flags |= GRND_NONBLOCK;
298
312
  }
313
+ #endif
314
+
315
+ #if defined (USE_NR_getrandom)
299
316
  if (seed) {
300
317
  getrandom_flags |= *extra_getrandom_flags_for_seed_bss_get();
301
318
  }
@@ -315,6 +332,8 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
315
332
  if (*urandom_fd_bss_get() == kHaveGetrandom) {
316
333
  #if defined(USE_NR_getrandom)
317
334
  r = boringssl_getrandom(out, len, getrandom_flags);
335
+ #elif defined(FREEBSD_GETRANDOM)
336
+ r = getrandom(out, len, getrandom_flags);
318
337
  #elif defined(OPENSSL_MACOS)
319
338
  if (__builtin_available(macos 10.12, *)) {
320
339
  // |getentropy| can only request 256 bytes at a time.
@@ -458,18 +458,18 @@ static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = {
458
458
  };
459
459
 
460
460
  int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
461
- int *is_alloced, int hash_nid, const uint8_t *msg,
462
- size_t msg_len) {
461
+ int *is_alloced, int hash_nid, const uint8_t *digest,
462
+ size_t digest_len) {
463
463
  unsigned i;
464
464
 
465
465
  if (hash_nid == NID_md5_sha1) {
466
466
  // Special case: SSL signature, just check the length.
467
- if (msg_len != SSL_SIG_LENGTH) {
467
+ if (digest_len != SSL_SIG_LENGTH) {
468
468
  OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH);
469
469
  return 0;
470
470
  }
471
471
 
472
- *out_msg = (uint8_t*) msg;
472
+ *out_msg = (uint8_t *)digest;
473
473
  *out_msg_len = SSL_SIG_LENGTH;
474
474
  *is_alloced = 0;
475
475
  return 1;
@@ -481,7 +481,7 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
481
481
  continue;
482
482
  }
483
483
 
484
- if (msg_len != sig_prefix->hash_len) {
484
+ if (digest_len != sig_prefix->hash_len) {
485
485
  OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH);
486
486
  return 0;
487
487
  }
@@ -491,7 +491,7 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
491
491
  unsigned signed_msg_len;
492
492
  uint8_t *signed_msg;
493
493
 
494
- signed_msg_len = prefix_len + msg_len;
494
+ signed_msg_len = prefix_len + digest_len;
495
495
  if (signed_msg_len < prefix_len) {
496
496
  OPENSSL_PUT_ERROR(RSA, RSA_R_TOO_LONG);
497
497
  return 0;
@@ -504,7 +504,7 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
504
504
  }
505
505
 
506
506
  OPENSSL_memcpy(signed_msg, prefix, prefix_len);
507
- OPENSSL_memcpy(signed_msg + prefix_len, msg, msg_len);
507
+ OPENSSL_memcpy(signed_msg + prefix_len, digest, digest_len);
508
508
 
509
509
  *out_msg = signed_msg;
510
510
  *out_msg_len = signed_msg_len;
@@ -517,8 +517,8 @@ int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
517
517
  return 0;
518
518
  }
519
519
 
520
- int RSA_sign(int hash_nid, const uint8_t *in, unsigned in_len, uint8_t *out,
521
- unsigned *out_len, RSA *rsa) {
520
+ int RSA_sign(int hash_nid, const uint8_t *digest, unsigned digest_len,
521
+ uint8_t *out, unsigned *out_len, RSA *rsa) {
522
522
  const unsigned rsa_size = RSA_size(rsa);
523
523
  int ret = 0;
524
524
  uint8_t *signed_msg = NULL;
@@ -527,11 +527,12 @@ int RSA_sign(int hash_nid, const uint8_t *in, unsigned in_len, uint8_t *out,
527
527
  size_t size_t_out_len;
528
528
 
529
529
  if (rsa->meth->sign) {
530
- return rsa->meth->sign(hash_nid, in, in_len, out, out_len, rsa);
530
+ return rsa->meth->sign(hash_nid, digest, digest_len, out, out_len, rsa);
531
531
  }
532
532
 
533
533
  if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
534
- &signed_msg_is_alloced, hash_nid, in, in_len) ||
534
+ &signed_msg_is_alloced, hash_nid, digest,
535
+ digest_len) ||
535
536
  !RSA_sign_raw(rsa, &size_t_out_len, out, rsa_size, signed_msg,
536
537
  signed_msg_len, RSA_PKCS1_PADDING)) {
537
538
  goto err;
@@ -548,9 +549,9 @@ err:
548
549
  }
549
550
 
550
551
  int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
551
- const uint8_t *in, size_t in_len, const EVP_MD *md,
552
- const EVP_MD *mgf1_md, int salt_len) {
553
- if (in_len != EVP_MD_size(md)) {
552
+ const uint8_t *digest, size_t digest_len,
553
+ const EVP_MD *md, const EVP_MD *mgf1_md, int salt_len) {
554
+ if (digest_len != EVP_MD_size(md)) {
554
555
  OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH);
555
556
  return 0;
556
557
  }
@@ -562,15 +563,15 @@ int RSA_sign_pss_mgf1(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
562
563
  return 0;
563
564
  }
564
565
 
565
- int ret =
566
- RSA_padding_add_PKCS1_PSS_mgf1(rsa, padded, in, md, mgf1_md, salt_len) &&
567
- RSA_sign_raw(rsa, out_len, out, max_out, padded, padded_len,
568
- RSA_NO_PADDING);
566
+ int ret = RSA_padding_add_PKCS1_PSS_mgf1(rsa, padded, digest, md, mgf1_md,
567
+ salt_len) &&
568
+ RSA_sign_raw(rsa, out_len, out, max_out, padded, padded_len,
569
+ RSA_NO_PADDING);
569
570
  OPENSSL_free(padded);
570
571
  return ret;
571
572
  }
572
573
 
573
- int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len,
574
+ int RSA_verify(int hash_nid, const uint8_t *digest, size_t digest_len,
574
575
  const uint8_t *sig, size_t sig_len, RSA *rsa) {
575
576
  if (rsa->n == NULL || rsa->e == NULL) {
576
577
  OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);
@@ -584,7 +585,7 @@ int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len,
584
585
  size_t signed_msg_len = 0, len;
585
586
  int signed_msg_is_alloced = 0;
586
587
 
587
- if (hash_nid == NID_md5_sha1 && msg_len != SSL_SIG_LENGTH) {
588
+ if (hash_nid == NID_md5_sha1 && digest_len != SSL_SIG_LENGTH) {
588
589
  OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH);
589
590
  return 0;
590
591
  }
@@ -601,7 +602,8 @@ int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len,
601
602
  }
602
603
 
603
604
  if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
604
- &signed_msg_is_alloced, hash_nid, msg, msg_len)) {
605
+ &signed_msg_is_alloced, hash_nid, digest,
606
+ digest_len)) {
605
607
  goto out;
606
608
  }
607
609
 
@@ -622,10 +624,10 @@ out:
622
624
  return ret;
623
625
  }
624
626
 
625
- int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, size_t msg_len,
627
+ int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *digest, size_t digest_len,
626
628
  const EVP_MD *md, const EVP_MD *mgf1_md, int salt_len,
627
629
  const uint8_t *sig, size_t sig_len) {
628
- if (msg_len != EVP_MD_size(md)) {
630
+ if (digest_len != EVP_MD_size(md)) {
629
631
  OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH);
630
632
  return 0;
631
633
  }
@@ -647,7 +649,7 @@ int RSA_verify_pss_mgf1(RSA *rsa, const uint8_t *msg, size_t msg_len,
647
649
  goto err;
648
650
  }
649
651
 
650
- ret = RSA_verify_PKCS1_PSS_mgf1(rsa, msg, md, mgf1_md, em, salt_len);
652
+ ret = RSA_verify_PKCS1_PSS_mgf1(rsa, digest, md, mgf1_md, em, salt_len);
651
653
 
652
654
  err:
653
655
  OPENSSL_free(em);
@@ -79,9 +79,8 @@ int rsa_check_public_key(const RSA *rsa) {
79
79
  return 0;
80
80
  }
81
81
 
82
- unsigned rsa_bits = BN_num_bits(rsa->n);
83
-
84
- if (rsa_bits > 16 * 1024) {
82
+ unsigned n_bits = BN_num_bits(rsa->n);
83
+ if (n_bits > 16 * 1024) {
85
84
  OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE);
86
85
  return 0;
87
86
  }
@@ -96,17 +95,21 @@ int rsa_check_public_key(const RSA *rsa) {
96
95
  // [2] https://www.imperialviolet.org/2012/03/17/rsados.html
97
96
  // [3] https://msdn.microsoft.com/en-us/library/aa387685(VS.85).aspx
98
97
  static const unsigned kMaxExponentBits = 33;
99
-
100
- if (BN_num_bits(rsa->e) > kMaxExponentBits) {
98
+ unsigned e_bits = BN_num_bits(rsa->e);
99
+ if (e_bits > kMaxExponentBits ||
100
+ // Additionally reject e = 1 or even e. e must be odd to be relatively
101
+ // prime with phi(n).
102
+ e_bits < 2 ||
103
+ !BN_is_odd(rsa->e)) {
101
104
  OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);
102
105
  return 0;
103
106
  }
104
107
 
105
- // Verify |n > e|. Comparing |rsa_bits| to |kMaxExponentBits| is a small
108
+ // Verify |n > e|. Comparing |n_bits| to |kMaxExponentBits| is a small
106
109
  // shortcut to comparing |n| and |e| directly. In reality, |kMaxExponentBits|
107
110
  // is much smaller than the minimum RSA key size that any application should
108
111
  // accept.
109
- if (rsa_bits <= kMaxExponentBits) {
112
+ if (n_bits <= kMaxExponentBits) {
110
113
  OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
111
114
  return 0;
112
115
  }
@@ -0,0 +1,79 @@
1
+ /* Copyright (c) 2017, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #include <openssl/crypto.h>
16
+
17
+ #include "../../internal.h"
18
+ #include "../delocate.h"
19
+
20
+
21
+ int FIPS_mode(void) {
22
+ #if defined(BORINGSSL_FIPS) && !defined(OPENSSL_ASAN)
23
+ return 1;
24
+ #else
25
+ return 0;
26
+ #endif
27
+ }
28
+
29
+ int FIPS_mode_set(int on) { return on == FIPS_mode(); }
30
+
31
+ #if defined(BORINGSSL_FIPS_COUNTERS)
32
+
33
+ size_t FIPS_read_counter(enum fips_counter_t counter) {
34
+ if (counter < 0 || counter > fips_counter_max) {
35
+ abort();
36
+ }
37
+
38
+ const size_t *array =
39
+ CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
40
+ if (!array) {
41
+ return 0;
42
+ }
43
+
44
+ return array[counter];
45
+ }
46
+
47
+ void boringssl_fips_inc_counter(enum fips_counter_t counter) {
48
+ if (counter < 0 || counter > fips_counter_max) {
49
+ abort();
50
+ }
51
+
52
+ size_t *array =
53
+ CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
54
+ if (!array) {
55
+ const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1);
56
+ array = OPENSSL_malloc(num_bytes);
57
+ if (!array) {
58
+ return;
59
+ }
60
+
61
+ OPENSSL_memset(array, 0, num_bytes);
62
+ if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS, array,
63
+ OPENSSL_free)) {
64
+ // |OPENSSL_free| has already been called by |CRYPTO_set_thread_local|.
65
+ return;
66
+ }
67
+ }
68
+
69
+ array[counter]++;
70
+ }
71
+
72
+ #else
73
+
74
+ size_t FIPS_read_counter(enum fips_counter_t counter) { return 0; }
75
+
76
+ // boringssl_fips_inc_counter is a no-op, inline function in internal.h in this
77
+ // case. That should let the compiler optimise away the callsites.
78
+
79
+ #endif
@@ -32,13 +32,20 @@
32
32
 
33
33
  #include "../../internal.h"
34
34
  #include "../ec/internal.h"
35
+ #include "../ecdsa/internal.h"
35
36
  #include "../rand/internal.h"
36
37
  #include "../tls/internal.h"
37
38
 
38
39
 
39
40
  // MSVC wants to put a NUL byte at the end of non-char arrays and so cannot
40
- // compile this.
41
- #if !defined(_MSC_VER)
41
+ // compile the real logic.
42
+ #if defined(_MSC_VER)
43
+
44
+ int BORINGSSL_self_test(void) {
45
+ return 0;
46
+ }
47
+
48
+ #else
42
49
 
43
50
  #if defined(BORINGSSL_FIPS) && defined(OPENSSL_ANDROID)
44
51
  // FIPS builds on Android will test for flag files, named after the module hash,
@@ -727,14 +734,12 @@ int boringssl_fips_self_test(
727
734
  // ECDSA Sign/Verify KAT
728
735
 
729
736
  // The 'k' value for ECDSA is fixed to avoid an entropy draw.
730
- ec_key->fixed_k = BN_new();
731
- if (ec_key->fixed_k == NULL ||
732
- !BN_set_word(ec_key->fixed_k, 42)) {
733
- fprintf(stderr, "Out of memory\n");
734
- goto err;
735
- }
737
+ uint8_t ecdsa_k[32] = {0};
738
+ ecdsa_k[31] = 42;
736
739
 
737
- sig = ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
740
+ sig = ecdsa_sign_with_nonce_for_known_answer_test(
741
+ kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key, ecdsa_k,
742
+ sizeof(ecdsa_k));
738
743
 
739
744
  uint8_t ecdsa_r_bytes[sizeof(kECDSASigR)];
740
745
  uint8_t ecdsa_s_bytes[sizeof(kECDSASigS)];
@@ -60,8 +60,9 @@
60
60
 
61
61
  #include <openssl/mem.h>
62
62
 
63
- #include "internal.h"
64
63
  #include "../../internal.h"
64
+ #include "../digest/md32_common.h"
65
+ #include "internal.h"
65
66
 
66
67
 
67
68
  int SHA1_Init(SHA_CTX *sha) {
@@ -83,30 +84,33 @@ uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t out[SHA_DIGEST_LENGTH]) {
83
84
  return out;
84
85
  }
85
86
 
86
- #define DATA_ORDER_IS_BIG_ENDIAN
87
-
88
- #define HASH_CTX SHA_CTX
89
- #define HASH_CBLOCK 64
90
- #define HASH_DIGEST_LENGTH 20
91
- #define HASH_MAKE_STRING(c, s) \
92
- do { \
93
- uint32_t ll; \
94
- ll = (c)->h[0]; \
95
- HOST_l2c(ll, (s)); \
96
- ll = (c)->h[1]; \
97
- HOST_l2c(ll, (s)); \
98
- ll = (c)->h[2]; \
99
- HOST_l2c(ll, (s)); \
100
- ll = (c)->h[3]; \
101
- HOST_l2c(ll, (s)); \
102
- ll = (c)->h[4]; \
103
- HOST_l2c(ll, (s)); \
104
- } while (0)
87
+ #if !defined(SHA1_ASM)
88
+ static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
89
+ size_t num);
90
+ #endif
91
+
92
+ void SHA1_Transform(SHA_CTX *c, const uint8_t data[SHA_CBLOCK]) {
93
+ sha1_block_data_order(c->h, data, 1);
94
+ }
95
+
96
+ int SHA1_Update(SHA_CTX *c, const void *data, size_t len) {
97
+ crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num,
98
+ &c->Nh, &c->Nl, data, len);
99
+ return 1;
100
+ }
101
+
102
+ int SHA1_Final(uint8_t out[SHA_DIGEST_LENGTH], SHA_CTX *c) {
103
+ crypto_md32_final(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num,
104
+ c->Nh, c->Nl, /*is_big_endian=*/1);
105
+
106
+ CRYPTO_store_u32_be(out, c->h[0]);
107
+ CRYPTO_store_u32_be(out + 4, c->h[1]);
108
+ CRYPTO_store_u32_be(out + 8, c->h[2]);
109
+ CRYPTO_store_u32_be(out + 12, c->h[3]);
110
+ CRYPTO_store_u32_be(out + 16, c->h[4]);
111
+ return 1;
112
+ }
105
113
 
106
- #define HASH_UPDATE SHA1_Update
107
- #define HASH_TRANSFORM SHA1_Transform
108
- #define HASH_FINAL SHA1_Final
109
- #define HASH_BLOCK_DATA_ORDER sha1_block_data_order
110
114
  #define ROTATE(a, n) (((a) << (n)) | ((a) >> (32 - (n))))
111
115
  #define Xupdate(a, ix, ia, ib, ic, id) \
112
116
  do { \
@@ -114,13 +118,6 @@ uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t out[SHA_DIGEST_LENGTH]) {
114
118
  (ix) = (a) = ROTATE((a), 1); \
115
119
  } while (0)
116
120
 
117
- #if !defined(SHA1_ASM)
118
- static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
119
- size_t num);
120
- #endif
121
-
122
- #include "../digest/md32_common.h"
123
-
124
121
  #define K_00_19 0x5a827999UL
125
122
  #define K_20_39 0x6ed9eba1UL
126
123
  #define K_40_59 0x8f1bbcdcUL
@@ -193,7 +190,7 @@ static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
193
190
  #if !defined(SHA1_ASM)
194
191
  static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
195
192
  size_t num) {
196
- register uint32_t A, B, C, D, E, T, l;
193
+ register uint32_t A, B, C, D, E, T;
197
194
  uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10,
198
195
  XX11, XX12, XX13, XX14, XX15;
199
196
 
@@ -204,52 +201,52 @@ static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
204
201
  E = state[4];
205
202
 
206
203
  for (;;) {
207
- HOST_c2l(data, l);
208
- X(0) = l;
209
- HOST_c2l(data, l);
210
- X(1) = l;
204
+ X(0) = CRYPTO_load_u32_be(data);
205
+ data += 4;
206
+ X(1) = CRYPTO_load_u32_be(data);
207
+ data += 4;
211
208
  BODY_00_15(0, A, B, C, D, E, T, X(0));
212
- HOST_c2l(data, l);
213
- X(2) = l;
209
+ X(2) = CRYPTO_load_u32_be(data);
210
+ data += 4;
214
211
  BODY_00_15(1, T, A, B, C, D, E, X(1));
215
- HOST_c2l(data, l);
216
- X(3) = l;
212
+ X(3) = CRYPTO_load_u32_be(data);
213
+ data += 4;
217
214
  BODY_00_15(2, E, T, A, B, C, D, X(2));
218
- HOST_c2l(data, l);
219
- X(4) = l;
215
+ X(4) = CRYPTO_load_u32_be(data);
216
+ data += 4;
220
217
  BODY_00_15(3, D, E, T, A, B, C, X(3));
221
- HOST_c2l(data, l);
222
- X(5) = l;
218
+ X(5) = CRYPTO_load_u32_be(data);
219
+ data += 4;
223
220
  BODY_00_15(4, C, D, E, T, A, B, X(4));
224
- HOST_c2l(data, l);
225
- X(6) = l;
221
+ X(6) = CRYPTO_load_u32_be(data);
222
+ data += 4;
226
223
  BODY_00_15(5, B, C, D, E, T, A, X(5));
227
- HOST_c2l(data, l);
228
- X(7) = l;
224
+ X(7) = CRYPTO_load_u32_be(data);
225
+ data += 4;
229
226
  BODY_00_15(6, A, B, C, D, E, T, X(6));
230
- HOST_c2l(data, l);
231
- X(8) = l;
227
+ X(8) = CRYPTO_load_u32_be(data);
228
+ data += 4;
232
229
  BODY_00_15(7, T, A, B, C, D, E, X(7));
233
- HOST_c2l(data, l);
234
- X(9) = l;
230
+ X(9) = CRYPTO_load_u32_be(data);
231
+ data += 4;
235
232
  BODY_00_15(8, E, T, A, B, C, D, X(8));
236
- HOST_c2l(data, l);
237
- X(10) = l;
233
+ X(10) = CRYPTO_load_u32_be(data);
234
+ data += 4;
238
235
  BODY_00_15(9, D, E, T, A, B, C, X(9));
239
- HOST_c2l(data, l);
240
- X(11) = l;
236
+ X(11) = CRYPTO_load_u32_be(data);
237
+ data += 4;
241
238
  BODY_00_15(10, C, D, E, T, A, B, X(10));
242
- HOST_c2l(data, l);
243
- X(12) = l;
239
+ X(12) = CRYPTO_load_u32_be(data);
240
+ data += 4;
244
241
  BODY_00_15(11, B, C, D, E, T, A, X(11));
245
- HOST_c2l(data, l);
246
- X(13) = l;
242
+ X(13) = CRYPTO_load_u32_be(data);
243
+ data += 4;
247
244
  BODY_00_15(12, A, B, C, D, E, T, X(12));
248
- HOST_c2l(data, l);
249
- X(14) = l;
245
+ X(14) = CRYPTO_load_u32_be(data);
246
+ data += 4;
250
247
  BODY_00_15(13, T, A, B, C, D, E, X(13));
251
- HOST_c2l(data, l);
252
- X(15) = l;
248
+ X(15) = CRYPTO_load_u32_be(data);
249
+ data += 4;
253
250
  BODY_00_15(14, E, T, A, B, C, D, X(14));
254
251
  BODY_00_15(15, D, E, T, A, B, C, X(15));
255
252
 
@@ -341,15 +338,6 @@ static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
341
338
  }
342
339
  #endif
343
340
 
344
- #undef DATA_ORDER_IS_BIG_ENDIAN
345
- #undef HASH_CTX
346
- #undef HASH_CBLOCK
347
- #undef HASH_DIGEST_LENGTH
348
- #undef HASH_MAKE_STRING
349
- #undef HASH_UPDATE
350
- #undef HASH_TRANSFORM
351
- #undef HASH_FINAL
352
- #undef HASH_BLOCK_DATA_ORDER
353
341
  #undef ROTATE
354
342
  #undef Xupdate
355
343
  #undef K_00_19
@@ -367,5 +355,3 @@ static void sha1_block_data_order(uint32_t *state, const uint8_t *data,
367
355
  #undef BODY_40_59
368
356
  #undef BODY_60_79
369
357
  #undef X
370
- #undef HOST_c2l
371
- #undef HOST_l2c