grpc 1.37.1 → 1.39.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (636) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +96 -59
  3. data/include/grpc/event_engine/README.md +38 -0
  4. data/include/grpc/event_engine/endpoint_config.h +48 -0
  5. data/include/grpc/event_engine/event_engine.h +334 -0
  6. data/include/grpc/event_engine/port.h +41 -0
  7. data/include/grpc/event_engine/slice_allocator.h +91 -0
  8. data/include/grpc/grpc.h +11 -4
  9. data/include/grpc/grpc_security.h +32 -0
  10. data/include/grpc/grpc_security_constants.h +15 -0
  11. data/include/grpc/impl/codegen/grpc_types.h +28 -13
  12. data/include/grpc/impl/codegen/port_platform.h +22 -0
  13. data/include/grpc/module.modulemap +14 -14
  14. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
  15. data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
  16. data/src/core/ext/filters/client_channel/client_channel.cc +630 -3103
  17. data/src/core/ext/filters/client_channel/client_channel.h +489 -55
  18. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
  19. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
  20. data/src/core/ext/filters/client_channel/config_selector.h +1 -1
  21. data/src/core/ext/filters/client_channel/connector.h +1 -1
  22. data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
  23. data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
  24. data/src/core/ext/filters/client_channel/health/health_check_client.cc +28 -27
  25. data/src/core/ext/filters/client_channel/health/health_check_client.h +30 -29
  26. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
  27. data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +46 -43
  30. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
  31. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
  32. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
  33. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -12
  34. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +755 -0
  35. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
  36. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
  37. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
  38. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
  39. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +46 -54
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +23 -23
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +31 -46
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +146 -155
  43. data/src/core/ext/filters/client_channel/lb_policy.cc +1 -1
  44. data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
  45. data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
  46. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
  47. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -18
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
  53. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
  54. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
  55. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  56. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
  57. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  59. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +18 -12
  60. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
  61. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
  62. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +20 -13
  63. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
  64. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -32
  65. data/src/core/ext/filters/client_channel/resolver.h +2 -2
  66. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
  67. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
  68. data/src/core/ext/filters/client_channel/retry_filter.cc +2449 -0
  69. data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
  70. data/src/core/ext/filters/client_channel/retry_service_config.cc +306 -0
  71. data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
  72. data/src/core/ext/filters/client_channel/server_address.cc +1 -1
  73. data/src/core/ext/filters/client_channel/service_config.cc +15 -14
  74. data/src/core/ext/filters/client_channel/service_config.h +7 -6
  75. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
  76. data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
  77. data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
  78. data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
  79. data/src/core/ext/filters/client_channel/subchannel.h +7 -6
  80. data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
  81. data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
  82. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +25 -18
  83. data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
  84. data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
  85. data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
  86. data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
  87. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
  88. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
  89. data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
  90. data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
  91. data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
  92. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  93. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
  94. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
  95. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
  96. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
  97. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +3 -2
  98. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
  99. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +44 -45
  100. data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
  101. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
  102. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +5 -4
  103. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
  104. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +139 -120
  105. data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
  106. data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
  107. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  108. data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
  109. data/src/core/ext/transport/chttp2/transport/frame_data.cc +8 -8
  110. data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
  111. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
  112. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
  113. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
  114. data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
  115. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
  116. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
  117. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
  118. data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
  119. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
  120. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
  121. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
  122. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
  123. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
  124. data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
  125. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  126. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
  127. data/src/core/ext/transport/chttp2/transport/internal.h +32 -27
  128. data/src/core/ext/transport/chttp2/transport/parsing.cc +65 -58
  129. data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
  130. data/src/core/ext/transport/inproc/inproc_transport.cc +72 -60
  131. data/src/core/ext/xds/certificate_provider_factory.h +1 -1
  132. data/src/core/ext/xds/certificate_provider_store.h +3 -3
  133. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
  134. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
  135. data/src/core/ext/xds/xds_api.cc +348 -199
  136. data/src/core/ext/xds/xds_api.h +21 -12
  137. data/src/core/ext/xds/xds_bootstrap.cc +97 -159
  138. data/src/core/ext/xds/xds_bootstrap.h +19 -24
  139. data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
  140. data/src/core/ext/xds/xds_certificate_provider.h +4 -4
  141. data/src/core/ext/xds/xds_channel_args.h +5 -2
  142. data/src/core/ext/xds/xds_client.cc +310 -178
  143. data/src/core/ext/xds/xds_client.h +41 -27
  144. data/src/core/ext/xds/xds_client_stats.h +3 -2
  145. data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
  146. data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
  147. data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
  148. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +16 -20
  149. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +16 -11
  150. data/src/core/lib/channel/channel_stack.cc +10 -9
  151. data/src/core/lib/channel/channel_stack.h +10 -9
  152. data/src/core/lib/channel/channel_stack_builder.cc +2 -2
  153. data/src/core/lib/channel/channel_stack_builder.h +1 -1
  154. data/src/core/lib/channel/channelz.cc +21 -13
  155. data/src/core/lib/channel/channelz.h +3 -0
  156. data/src/core/lib/channel/connected_channel.cc +4 -4
  157. data/src/core/lib/channel/handshaker.cc +7 -6
  158. data/src/core/lib/channel/handshaker.h +5 -5
  159. data/src/core/lib/event_engine/endpoint_config.cc +46 -0
  160. data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
  161. data/src/core/lib/event_engine/event_engine.cc +50 -0
  162. data/src/core/lib/event_engine/slice_allocator.cc +89 -0
  163. data/src/core/lib/event_engine/sockaddr.cc +40 -0
  164. data/src/core/lib/event_engine/sockaddr.h +44 -0
  165. data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
  166. data/src/core/lib/gprpp/ref_counted.h +28 -14
  167. data/src/core/lib/gprpp/status_helper.cc +407 -0
  168. data/src/core/lib/gprpp/status_helper.h +183 -0
  169. data/src/core/lib/http/httpcli.cc +11 -11
  170. data/src/core/lib/http/httpcli_security_connector.cc +11 -7
  171. data/src/core/lib/http/parser.cc +16 -16
  172. data/src/core/lib/http/parser.h +4 -4
  173. data/src/core/lib/iomgr/buffer_list.cc +7 -9
  174. data/src/core/lib/iomgr/buffer_list.h +4 -5
  175. data/src/core/lib/iomgr/call_combiner.cc +15 -12
  176. data/src/core/lib/iomgr/call_combiner.h +12 -14
  177. data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
  178. data/src/core/lib/iomgr/cfstream_handle.h +1 -1
  179. data/src/core/lib/iomgr/closure.h +7 -6
  180. data/src/core/lib/iomgr/combiner.cc +14 -12
  181. data/src/core/lib/iomgr/combiner.h +2 -2
  182. data/src/core/lib/iomgr/endpoint.cc +1 -1
  183. data/src/core/lib/iomgr/endpoint.h +2 -2
  184. data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
  185. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
  186. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  187. data/src/core/lib/iomgr/error.cc +168 -61
  188. data/src/core/lib/iomgr/error.h +217 -106
  189. data/src/core/lib/iomgr/error_cfstream.cc +3 -2
  190. data/src/core/lib/iomgr/error_cfstream.h +2 -2
  191. data/src/core/lib/iomgr/error_internal.h +5 -1
  192. data/src/core/lib/iomgr/ev_apple.cc +5 -5
  193. data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
  194. data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
  195. data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
  196. data/src/core/lib/iomgr/ev_posix.cc +9 -8
  197. data/src/core/lib/iomgr/ev_posix.h +9 -9
  198. data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
  199. data/src/core/lib/iomgr/event_engine/closure.h +33 -0
  200. data/src/core/lib/iomgr/event_engine/endpoint.cc +194 -0
  201. data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
  202. data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
  203. data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
  204. data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
  205. data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
  206. data/src/core/lib/iomgr/event_engine/promise.h +51 -0
  207. data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
  208. data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
  209. data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
  210. data/src/core/lib/iomgr/event_engine/tcp.cc +243 -0
  211. data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
  212. data/src/core/lib/iomgr/exec_ctx.cc +12 -4
  213. data/src/core/lib/iomgr/exec_ctx.h +4 -5
  214. data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
  215. data/src/core/lib/iomgr/executor/threadpool.h +2 -2
  216. data/src/core/lib/iomgr/executor.cc +8 -8
  217. data/src/core/lib/iomgr/executor.h +2 -2
  218. data/src/core/lib/iomgr/iomgr.cc +2 -2
  219. data/src/core/lib/iomgr/iomgr.h +1 -1
  220. data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
  221. data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
  222. data/src/core/lib/iomgr/iomgr_internal.h +3 -3
  223. data/src/core/lib/iomgr/iomgr_posix.cc +3 -1
  224. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -12
  225. data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
  226. data/src/core/lib/iomgr/load_file.cc +4 -4
  227. data/src/core/lib/iomgr/load_file.h +2 -2
  228. data/src/core/lib/iomgr/lockfree_event.cc +5 -5
  229. data/src/core/lib/iomgr/lockfree_event.h +1 -1
  230. data/src/core/lib/iomgr/pollset.cc +5 -5
  231. data/src/core/lib/iomgr/pollset.h +9 -9
  232. data/src/core/lib/iomgr/pollset_custom.cc +7 -7
  233. data/src/core/lib/iomgr/pollset_custom.h +3 -1
  234. data/src/core/lib/iomgr/pollset_uv.cc +3 -1
  235. data/src/core/lib/iomgr/pollset_uv.h +5 -1
  236. data/src/core/lib/iomgr/pollset_windows.cc +5 -5
  237. data/src/core/lib/iomgr/port.h +7 -5
  238. data/src/core/lib/iomgr/python_util.h +1 -1
  239. data/src/core/lib/iomgr/resolve_address.cc +8 -4
  240. data/src/core/lib/iomgr/resolve_address.h +12 -6
  241. data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
  242. data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
  243. data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
  244. data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
  245. data/src/core/lib/iomgr/resource_quota.cc +11 -10
  246. data/src/core/lib/iomgr/sockaddr.h +1 -0
  247. data/src/core/lib/iomgr/socket_mutator.cc +15 -2
  248. data/src/core/lib/iomgr/socket_mutator.h +26 -2
  249. data/src/core/lib/iomgr/socket_utils_common_posix.cc +24 -22
  250. data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
  251. data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
  252. data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
  253. data/src/core/lib/iomgr/tcp_client_posix.cc +22 -19
  254. data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
  255. data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
  256. data/src/core/lib/iomgr/tcp_custom.cc +14 -16
  257. data/src/core/lib/iomgr/tcp_custom.h +13 -12
  258. data/src/core/lib/iomgr/tcp_posix.cc +78 -73
  259. data/src/core/lib/iomgr/tcp_posix.h +8 -0
  260. data/src/core/lib/iomgr/tcp_server.cc +6 -6
  261. data/src/core/lib/iomgr/tcp_server.h +12 -11
  262. data/src/core/lib/iomgr/tcp_server_custom.cc +26 -25
  263. data/src/core/lib/iomgr/tcp_server_posix.cc +28 -21
  264. data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
  265. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -18
  266. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
  267. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  268. data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
  269. data/src/core/lib/iomgr/tcp_uv.cc +25 -23
  270. data/src/core/lib/iomgr/tcp_windows.cc +13 -13
  271. data/src/core/lib/iomgr/tcp_windows.h +2 -2
  272. data/src/core/lib/iomgr/timer.h +6 -1
  273. data/src/core/lib/iomgr/timer_custom.cc +2 -1
  274. data/src/core/lib/iomgr/timer_custom.h +1 -1
  275. data/src/core/lib/iomgr/timer_generic.cc +6 -6
  276. data/src/core/lib/iomgr/udp_server.cc +21 -20
  277. data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
  278. data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
  279. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
  280. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
  281. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
  282. data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
  283. data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
  284. data/src/core/lib/iomgr/work_serializer.h +17 -1
  285. data/src/core/lib/json/json.h +1 -1
  286. data/src/core/lib/json/json_reader.cc +4 -4
  287. data/src/core/lib/matchers/matchers.cc +39 -39
  288. data/src/core/lib/matchers/matchers.h +28 -28
  289. data/src/core/lib/security/authorization/authorization_engine.h +44 -0
  290. data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
  291. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
  292. data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
  293. data/src/core/lib/security/authorization/evaluate_args.h +91 -0
  294. data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
  295. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
  296. data/src/core/lib/security/credentials/credentials.h +2 -2
  297. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
  298. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
  299. data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
  300. data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
  301. data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
  302. data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
  303. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
  304. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
  305. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
  306. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
  307. data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
  308. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
  309. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -10
  310. data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
  311. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  312. data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
  313. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
  314. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
  315. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
  316. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
  317. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
  318. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
  319. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
  320. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
  321. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
  322. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
  323. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
  324. data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
  325. data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
  326. data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
  327. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
  328. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
  329. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
  330. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
  331. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
  332. data/src/core/lib/security/security_connector/local/local_security_connector.cc +22 -9
  333. data/src/core/lib/security/security_connector/security_connector.h +9 -4
  334. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
  335. data/src/core/lib/security/security_connector/ssl_utils.cc +27 -4
  336. data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
  337. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +56 -60
  338. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
  339. data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
  340. data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
  341. data/src/core/lib/security/transport/security_handshaker.cc +33 -32
  342. data/src/core/lib/security/transport/server_auth_filter.cc +19 -13
  343. data/src/core/lib/security/transport/tsi_error.cc +2 -1
  344. data/src/core/lib/security/transport/tsi_error.h +2 -1
  345. data/src/core/lib/security/util/json_util.cc +2 -2
  346. data/src/core/lib/security/util/json_util.h +1 -1
  347. data/src/core/lib/surface/call.cc +67 -46
  348. data/src/core/lib/surface/call.h +13 -2
  349. data/src/core/lib/surface/channel.cc +6 -6
  350. data/src/core/lib/surface/channel.h +3 -2
  351. data/src/core/lib/surface/channel_ping.cc +1 -1
  352. data/src/core/lib/surface/completion_queue.cc +68 -69
  353. data/src/core/lib/surface/completion_queue.h +3 -2
  354. data/src/core/lib/surface/completion_queue_factory.cc +1 -2
  355. data/src/core/lib/surface/init.cc +1 -3
  356. data/src/core/lib/surface/init.h +10 -1
  357. data/src/core/lib/surface/lame_client.cc +11 -11
  358. data/src/core/lib/surface/lame_client.h +1 -1
  359. data/src/core/lib/surface/server.cc +28 -22
  360. data/src/core/lib/surface/server.h +16 -15
  361. data/src/core/lib/surface/validate_metadata.cc +7 -7
  362. data/src/core/lib/surface/validate_metadata.h +3 -2
  363. data/src/core/lib/surface/version.cc +4 -2
  364. data/src/core/lib/transport/byte_stream.cc +5 -5
  365. data/src/core/lib/transport/byte_stream.h +8 -8
  366. data/src/core/lib/transport/connectivity_state.cc +1 -1
  367. data/src/core/lib/transport/error_utils.cc +21 -10
  368. data/src/core/lib/transport/error_utils.h +11 -5
  369. data/src/core/lib/transport/metadata_batch.cc +37 -37
  370. data/src/core/lib/transport/metadata_batch.h +19 -18
  371. data/src/core/lib/transport/transport.cc +4 -3
  372. data/src/core/lib/transport/transport.h +6 -4
  373. data/src/core/lib/transport/transport_op_string.cc +6 -6
  374. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
  375. data/src/core/tsi/alts/crypt/gsec.h +6 -0
  376. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
  377. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
  378. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
  379. data/src/core/tsi/ssl_transport_security.cc +32 -14
  380. data/src/core/tsi/ssl_transport_security.h +3 -4
  381. data/src/ruby/bin/math_services_pb.rb +1 -1
  382. data/src/ruby/ext/grpc/extconf.rb +2 -0
  383. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
  384. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +11 -2
  385. data/src/ruby/lib/grpc/version.rb +1 -1
  386. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
  387. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
  388. data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
  389. data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
  390. data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
  391. data/third_party/abseil-cpp/absl/base/config.h +37 -9
  392. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
  393. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
  394. data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
  395. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
  396. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
  397. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
  398. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
  399. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
  400. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
  401. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
  402. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
  403. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
  404. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
  405. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
  406. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
  407. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
  408. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
  409. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
  410. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
  411. data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
  412. data/third_party/abseil-cpp/absl/base/macros.h +11 -0
  413. data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
  414. data/third_party/abseil-cpp/absl/base/options.h +1 -1
  415. data/third_party/abseil-cpp/absl/base/port.h +0 -1
  416. data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
  417. data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
  418. data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
  419. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
  420. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
  421. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
  422. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
  423. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
  424. data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
  425. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
  426. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
  427. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
  428. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
  429. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
  430. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
  431. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
  432. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
  433. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
  434. data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
  435. data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
  436. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
  437. data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
  438. data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
  439. data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
  440. data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
  441. data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
  442. data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
  443. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
  444. data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
  445. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
  446. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
  447. data/third_party/abseil-cpp/absl/status/status.cc +29 -22
  448. data/third_party/abseil-cpp/absl/status/status.h +81 -20
  449. data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
  450. data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
  451. data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
  452. data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
  453. data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
  454. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
  455. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
  456. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
  457. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
  458. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
  459. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
  460. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
  461. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
  462. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
  463. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
  464. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
  465. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
  466. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
  467. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
  468. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
  469. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
  470. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
  471. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
  472. data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
  473. data/third_party/abseil-cpp/absl/strings/match.h +16 -6
  474. data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
  475. data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
  476. data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
  477. data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
  478. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
  479. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
  480. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
  481. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
  482. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
  483. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
  484. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
  485. data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
  486. data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
  487. data/third_party/abseil-cpp/absl/time/clock.h +2 -2
  488. data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
  489. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
  490. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
  491. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
  492. data/third_party/abseil-cpp/absl/time/time.cc +4 -3
  493. data/third_party/abseil-cpp/absl/time/time.h +26 -24
  494. data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
  495. data/third_party/abseil-cpp/absl/types/variant.h +9 -4
  496. data/third_party/boringssl-with-bazel/err_data.c +483 -461
  497. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
  498. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +9 -7
  499. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
  500. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
  501. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
  502. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
  503. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
  504. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
  505. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
  506. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
  507. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
  508. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
  509. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
  510. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
  511. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
  512. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
  513. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
  514. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
  515. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
  516. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
  517. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
  518. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
  519. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
  520. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
  521. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
  522. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
  523. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
  524. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
  525. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +52 -65
  526. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +52 -66
  527. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
  528. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
  529. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
  530. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
  531. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
  532. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
  533. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
  534. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
  535. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
  536. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
  537. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
  538. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
  539. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
  540. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +61 -75
  541. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +80 -103
  542. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +40 -49
  543. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +367 -315
  544. data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
  545. data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
  546. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
  547. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +5 -3
  548. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
  549. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
  550. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
  551. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
  552. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
  553. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +120 -11
  554. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
  555. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
  556. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
  557. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
  558. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
  559. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
  560. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
  561. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
  562. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
  563. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
  564. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
  565. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
  566. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
  567. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
  568. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
  569. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
  570. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
  571. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
  572. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
  573. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
  574. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
  575. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
  576. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
  577. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
  578. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
  579. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
  580. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
  581. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
  582. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +47 -7
  583. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
  584. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
  585. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
  586. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
  587. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
  588. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
  589. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
  591. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +20 -49
  592. data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
  593. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
  594. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
  595. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +25 -7
  596. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
  597. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
  598. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
  599. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +283 -85
  600. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +13 -19
  601. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +445 -152
  602. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
  603. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -1
  604. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +7 -2
  605. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
  606. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1133 -0
  607. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
  608. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +66 -30
  609. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
  610. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +154 -24
  611. data/third_party/boringssl-with-bazel/src/ssl/internal.h +414 -135
  612. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
  613. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  614. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
  615. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
  616. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
  617. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +51 -60
  618. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
  619. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
  620. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
  621. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
  622. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
  623. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +664 -702
  624. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +65 -7
  625. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
  626. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
  627. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +213 -118
  628. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
  629. metadata +94 -46
  630. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
  631. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
  632. data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
  633. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
  634. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
  635. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -246
  636. data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
@@ -105,6 +105,10 @@ extern "C" {
105
105
  #elif defined(__MIPSEL__) && defined(__LP64__)
106
106
  #define OPENSSL_64_BIT
107
107
  #define OPENSSL_MIPS64
108
+ #elif defined(__riscv) && __SIZEOF_POINTER__ == 8
109
+ #define OPENSSL_64_BIT
110
+ #elif defined(__riscv) && __SIZEOF_POINTER__ == 4
111
+ #define OPENSSL_32_BIT
108
112
  #elif defined(__pnacl__)
109
113
  #define OPENSSL_32_BIT
110
114
  #define OPENSSL_PNACL
@@ -156,10 +160,10 @@ extern "C" {
156
160
 
157
161
  #if defined(__ANDROID_API__)
158
162
  #define OPENSSL_ANDROID
159
- #if defined(BORINGSSL_FIPS)
160
- // The FIPS module on Android passively receives entropy.
161
- #define BORINGSSL_FIPS_PASSIVE_ENTROPY
162
163
  #endif
164
+
165
+ #if defined(__FreeBSD__)
166
+ #define OPENSSL_FREEBSD
163
167
  #endif
164
168
 
165
169
  // BoringSSL requires platform's locking APIs to make internal global state
@@ -191,7 +195,7 @@ extern "C" {
191
195
  // A consumer may use this symbol in the preprocessor to temporarily build
192
196
  // against multiple revisions of BoringSSL at the same time. It is not
193
197
  // recommended to do so for longer than is necessary.
194
- #define BORINGSSL_API_VERSION 14
198
+ #define BORINGSSL_API_VERSION 16
195
199
 
196
200
  #if defined(BORINGSSL_SHARED_LIBRARY)
197
201
 
@@ -368,7 +372,6 @@ typedef struct X509_info_st X509_INFO;
368
372
  typedef struct X509_name_entry_st X509_NAME_ENTRY;
369
373
  typedef struct X509_name_st X509_NAME;
370
374
  typedef struct X509_pubkey_st X509_PUBKEY;
371
- typedef struct X509_req_info_st X509_REQ_INFO;
372
375
  typedef struct X509_req_st X509_REQ;
373
376
  typedef struct X509_sig_st X509_SIG;
374
377
  typedef struct X509_val_st X509_VAL;
@@ -401,6 +404,11 @@ typedef struct evp_aead_st EVP_AEAD;
401
404
  typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
402
405
  typedef struct evp_cipher_st EVP_CIPHER;
403
406
  typedef struct evp_encode_ctx_st EVP_ENCODE_CTX;
407
+ typedef struct evp_hpke_aead_st EVP_HPKE_AEAD;
408
+ typedef struct evp_hpke_ctx_st EVP_HPKE_CTX;
409
+ typedef struct evp_hpke_kdf_st EVP_HPKE_KDF;
410
+ typedef struct evp_hpke_kem_st EVP_HPKE_KEM;
411
+ typedef struct evp_hpke_key_st EVP_HPKE_KEY;
404
412
  typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
405
413
  typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
406
414
  typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
@@ -423,6 +431,7 @@ typedef struct spake2_ctx_st SPAKE2_CTX;
423
431
  typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
424
432
  typedef struct ssl_cipher_st SSL_CIPHER;
425
433
  typedef struct ssl_ctx_st SSL_CTX;
434
+ typedef struct ssl_ech_keys_st SSL_ECH_KEYS;
426
435
  typedef struct ssl_method_st SSL_METHOD;
427
436
  typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
428
437
  typedef struct ssl_quic_method_st SSL_QUIC_METHOD;
@@ -528,8 +537,39 @@ class StackAllocated {
528
537
  StackAllocated() { init(&ctx_); }
529
538
  ~StackAllocated() { cleanup(&ctx_); }
530
539
 
531
- StackAllocated(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
532
- T& operator=(const StackAllocated<T, CleanupRet, init, cleanup> &) = delete;
540
+ StackAllocated(const StackAllocated &) = delete;
541
+ StackAllocated& operator=(const StackAllocated &) = delete;
542
+
543
+ T *get() { return &ctx_; }
544
+ const T *get() const { return &ctx_; }
545
+
546
+ T *operator->() { return &ctx_; }
547
+ const T *operator->() const { return &ctx_; }
548
+
549
+ void Reset() {
550
+ cleanup(&ctx_);
551
+ init(&ctx_);
552
+ }
553
+
554
+ private:
555
+ T ctx_;
556
+ };
557
+
558
+ template <typename T, typename CleanupRet, void (*init)(T *),
559
+ CleanupRet (*cleanup)(T *), void (*move)(T *, T *)>
560
+ class StackAllocatedMovable {
561
+ public:
562
+ StackAllocatedMovable() { init(&ctx_); }
563
+ ~StackAllocatedMovable() { cleanup(&ctx_); }
564
+
565
+ StackAllocatedMovable(StackAllocatedMovable &&other) {
566
+ init(&ctx_);
567
+ move(&ctx_, &other.ctx_);
568
+ }
569
+ StackAllocatedMovable &operator=(StackAllocatedMovable &&other) {
570
+ move(&ctx_, &other.ctx_);
571
+ return *this;
572
+ }
533
573
 
534
574
  T *get() { return &ctx_; }
535
575
  const T *get() const { return &ctx_; }
@@ -51,6 +51,7 @@ struct cbs_st {
51
51
  // Defining any constructors requires we explicitly default the others.
52
52
  cbs_st() = default;
53
53
  cbs_st(const cbs_st &) = default;
54
+ cbs_st &operator=(const cbs_st &) = default;
54
55
  #endif
55
56
  };
56
57
 
@@ -23,7 +23,7 @@ extern "C" {
23
23
 
24
24
  // ChaCha20.
25
25
  //
26
- // ChaCha20 is a stream cipher. See https://tools.ietf.org/html/rfc7539.
26
+ // ChaCha20 is a stream cipher. See https://tools.ietf.org/html/rfc8439.
27
27
 
28
28
 
29
29
  // CRYPTO_chacha_20 encrypts |in_len| bytes from |in| with the given key and
@@ -556,14 +556,6 @@ struct evp_cipher_ctx_st {
556
556
  // final_used is non-zero if the |final| buffer contains plaintext.
557
557
  int final_used;
558
558
 
559
- // block_mask contains |cipher->block_size| minus one. (The block size
560
- // assumed to be a power of two.)
561
- //
562
- // TODO(davidben): This is redundant with |cipher->block_size| and constant
563
- // for the whole |EVP_CIPHER|. Move it there, or possibly even remove it and
564
- // do the subtraction on demand.
565
- int block_mask;
566
-
567
559
  uint8_t final[EVP_MAX_BLOCK_LENGTH]; // possible final block
568
560
  } /* EVP_CIPHER_CTX */;
569
561
 
@@ -55,10 +55,6 @@ OPENSSL_EXPORT int CRYPTO_is_confidential_build(void);
55
55
  // in which case it returns zero.
56
56
  OPENSSL_EXPORT int CRYPTO_has_asm(void);
57
57
 
58
- // FIPS_mode returns zero unless BoringSSL is built with BORINGSSL_FIPS, in
59
- // which case it returns one.
60
- OPENSSL_EXPORT int FIPS_mode(void);
61
-
62
58
  // BORINGSSL_self_test triggers the FIPS KAT-based self tests. It returns one on
63
59
  // success and zero on error.
64
60
  OPENSSL_EXPORT int BORINGSSL_self_test(void);
@@ -72,6 +68,30 @@ OPENSSL_EXPORT int BORINGSSL_self_test(void);
72
68
  OPENSSL_EXPORT void CRYPTO_pre_sandbox_init(void);
73
69
 
74
70
 
71
+ // FIPS monitoring
72
+
73
+ // FIPS_mode returns zero unless BoringSSL is built with BORINGSSL_FIPS, in
74
+ // which case it returns one.
75
+ OPENSSL_EXPORT int FIPS_mode(void);
76
+
77
+ // fips_counter_t denotes specific APIs/algorithms. A counter is maintained for
78
+ // each in FIPS mode so that tests can be written to assert that the expected,
79
+ // FIPS functions are being called by a certain peice of code.
80
+ enum fips_counter_t {
81
+ fips_counter_evp_aes_128_gcm = 0,
82
+ fips_counter_evp_aes_256_gcm = 1,
83
+ fips_counter_evp_aes_128_ctr = 2,
84
+ fips_counter_evp_aes_256_ctr = 3,
85
+
86
+ fips_counter_max = 3,
87
+ };
88
+
89
+ // FIPS_read_counter returns a counter of the number of times the specific
90
+ // function denoted by |counter| has been used. This always returns zero unless
91
+ // BoringSSL was built with BORINGSSL_FIPS_COUNTERS defined.
92
+ OPENSSL_EXPORT size_t FIPS_read_counter(enum fips_counter_t counter);
93
+
94
+
75
95
  // Deprecated functions.
76
96
 
77
97
  // OPENSSL_VERSION_TEXT contains a string the identifies the version of
@@ -124,6 +124,10 @@ OPENSSL_EXPORT void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
124
124
  // copy of |in|. It returns one on success and zero on allocation failure.
125
125
  OPENSSL_EXPORT int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
126
126
 
127
+ // EVP_MD_CTX_move sets |out|, which must already be initialised, to the hash
128
+ // state in |in|. |in| is mutated and left in an empty state.
129
+ OPENSSL_EXPORT void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in);
130
+
127
131
  // EVP_MD_CTX_reset calls |EVP_MD_CTX_cleanup| followed by |EVP_MD_CTX_init|. It
128
132
  // returns one.
129
133
  OPENSSL_EXPORT int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
@@ -324,8 +328,8 @@ BSSL_NAMESPACE_BEGIN
324
328
  BORINGSSL_MAKE_DELETER(EVP_MD_CTX, EVP_MD_CTX_free)
325
329
 
326
330
  using ScopedEVP_MD_CTX =
327
- internal::StackAllocated<EVP_MD_CTX, int, EVP_MD_CTX_init,
328
- EVP_MD_CTX_cleanup>;
331
+ internal::StackAllocatedMovable<EVP_MD_CTX, int, EVP_MD_CTX_init,
332
+ EVP_MD_CTX_cleanup, EVP_MD_CTX_move>;
329
333
 
330
334
  BSSL_NAMESPACE_END
331
335
 
@@ -343,11 +343,14 @@ OPENSSL_EXPORT int EC_GROUP_set_generator(EC_GROUP *group,
343
343
  OPENSSL_EXPORT int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order,
344
344
  BN_CTX *ctx);
345
345
 
346
+ #define OPENSSL_EC_EXPLICIT_CURVE 0
347
+ #define OPENSSL_EC_NAMED_CURVE 1
348
+
346
349
  // EC_GROUP_set_asn1_flag does nothing.
347
350
  OPENSSL_EXPORT void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
348
351
 
349
- #define OPENSSL_EC_NAMED_CURVE 0
350
- #define OPENSSL_EC_EXPLICIT_CURVE 1
352
+ // EC_GROUP_get_asn1_flag returns |OPENSSL_EC_NAMED_CURVE|.
353
+ OPENSSL_EXPORT int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
351
354
 
352
355
  typedef struct ec_method_st EC_METHOD;
353
356
 
@@ -73,6 +73,9 @@ extern "C" {
73
73
  // space. On successful exit, |*sig_len| is set to the actual number of bytes
74
74
  // written. The |type| argument should be zero. It returns one on success and
75
75
  // zero otherwise.
76
+ //
77
+ // WARNING: |digest| must be the output of some hash function on the data to be
78
+ // signed. Passing unhashed inputs will not result in a secure signature scheme.
76
79
  OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
77
80
  size_t digest_len, uint8_t *sig,
78
81
  unsigned int *sig_len, const EC_KEY *key);
@@ -81,6 +84,10 @@ OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest,
81
84
  // signature by |key| of |digest|. (The |type| argument should be zero.) It
82
85
  // returns one on success or zero if the signature is invalid or an error
83
86
  // occurred.
87
+ //
88
+ // WARNING: |digest| must be the output of some hash function on the data to be
89
+ // verified. Passing unhashed inputs will not result in a secure signature
90
+ // scheme.
84
91
  OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest,
85
92
  size_t digest_len, const uint8_t *sig,
86
93
  size_t sig_len, const EC_KEY *key);
@@ -124,12 +131,19 @@ OPENSSL_EXPORT int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
124
131
 
125
132
  // ECDSA_do_sign signs |digest_len| bytes from |digest| with |key| and returns
126
133
  // the resulting signature structure, or NULL on error.
134
+ //
135
+ // WARNING: |digest| must be the output of some hash function on the data to be
136
+ // signed. Passing unhashed inputs will not result in a secure signature scheme.
127
137
  OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest,
128
138
  size_t digest_len, const EC_KEY *key);
129
139
 
130
140
  // ECDSA_do_verify verifies that |sig| constitutes a valid signature by |key|
131
141
  // of |digest|. It returns one on success or zero if the signature is invalid
132
142
  // or on error.
143
+ //
144
+ // WARNING: |digest| must be the output of some hash function on the data to be
145
+ // verified. Passing unhashed inputs will not result in a secure signature
146
+ // scheme.
133
147
  OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len,
134
148
  const ECDSA_SIG *sig, const EC_KEY *key);
135
149
 
@@ -162,6 +176,25 @@ OPENSSL_EXPORT int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len,
162
176
  OPENSSL_EXPORT size_t ECDSA_SIG_max_len(size_t order_len);
163
177
 
164
178
 
179
+ // Testing-only functions.
180
+
181
+ // ECDSA_sign_with_nonce_and_leak_private_key_for_testing behaves like
182
+ // |ECDSA_do_sign| but uses |nonce| for the ECDSA nonce 'k', instead of a random
183
+ // value. |nonce| is interpreted as a big-endian integer. It must be reduced
184
+ // modulo the group order and padded with zeros up to |BN_num_bytes(order)|
185
+ // bytes.
186
+ //
187
+ // WARNING: This function is only exported for testing purposes, when using test
188
+ // vectors or fuzzing strategies. It must not be used outside tests and may leak
189
+ // any private keys it is used with.
190
+ OPENSSL_EXPORT ECDSA_SIG *
191
+ ECDSA_sign_with_nonce_and_leak_private_key_for_testing(const uint8_t *digest,
192
+ size_t digest_len,
193
+ const EC_KEY *eckey,
194
+ const uint8_t *nonce,
195
+ size_t nonce_len);
196
+
197
+
165
198
  // Deprecated functions.
166
199
 
167
200
  // d2i_ECDSA_SIG parses an ASN.1, DER-encoded, signature from |len| bytes at
@@ -223,11 +223,12 @@ OPENSSL_EXPORT char *ERR_error_string_n(uint32_t packed_error, char *buf,
223
223
  size_t len);
224
224
 
225
225
  // ERR_lib_error_string returns a string representation of the library that
226
- // generated |packed_error|.
226
+ // generated |packed_error|, or a placeholder string is the library is
227
+ // unrecognized.
227
228
  OPENSSL_EXPORT const char *ERR_lib_error_string(uint32_t packed_error);
228
229
 
229
230
  // ERR_reason_error_string returns a string representation of the reason for
230
- // |packed_error|.
231
+ // |packed_error|, or a placeholder string if the reason is unrecognized.
231
232
  OPENSSL_EXPORT const char *ERR_reason_error_string(uint32_t packed_error);
232
233
 
233
234
  // ERR_print_errors_callback_t is the type of a function used by
@@ -59,6 +59,7 @@
59
59
 
60
60
  #include <openssl/base.h>
61
61
 
62
+ #include <openssl/evp_errors.h>
62
63
  #include <openssl/thread.h>
63
64
 
64
65
  // OpenSSL included digest and cipher functions in this header so we include
@@ -544,14 +545,15 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
544
545
  OPENSSL_EXPORT int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
545
546
 
546
547
  // EVP_PKEY_sign signs |digest_len| bytes from |digest| using |ctx|. If |sig| is
547
- // NULL, the maximum size of the signature is written to
548
- // |out_sig_len|. Otherwise, |*sig_len| must contain the number of bytes of
549
- // space available at |sig|. If sufficient, the signature will be written to
550
- // |sig| and |*sig_len| updated with the true length.
548
+ // NULL, the maximum size of the signature is written to |out_sig_len|.
549
+ // Otherwise, |*sig_len| must contain the number of bytes of space available at
550
+ // |sig|. If sufficient, the signature will be written to |sig| and |*sig_len|
551
+ // updated with the true length. This function will fail for signature
552
+ // algorithms like Ed25519 that do not support signing pre-hashed inputs.
551
553
  //
552
- // This function expects a pre-hashed input and will fail for signature
553
- // algorithms which do not support this. Use |EVP_DigestSignInit| to sign an
554
- // unhashed input.
554
+ // WARNING: |digest| must be the output of some hash function on the data to be
555
+ // signed. Passing unhashed inputs will not result in a secure signature scheme.
556
+ // Use |EVP_DigestSignInit| to sign an unhashed input.
555
557
  //
556
558
  // WARNING: Setting |sig| to NULL only gives the maximum size of the
557
559
  // signature. The actual signature may be smaller.
@@ -569,11 +571,13 @@ OPENSSL_EXPORT int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig,
569
571
  OPENSSL_EXPORT int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
570
572
 
571
573
  // EVP_PKEY_verify verifies that |sig_len| bytes from |sig| are a valid
572
- // signature for |digest|.
574
+ // signature for |digest|. This function will fail for signature
575
+ // algorithms like Ed25519 that do not support signing pre-hashed inputs.
573
576
  //
574
- // This function expects a pre-hashed input and will fail for signature
575
- // algorithms which do not support this. Use |EVP_DigestVerifyInit| to verify a
576
- // signature given the unhashed input.
577
+ // WARNING: |digest| must be the output of some hash function on the data to be
578
+ // verified. Passing unhashed inputs will not result in a secure signature
579
+ // scheme. Use |EVP_DigestVerifyInit| to verify a signature given the unhashed
580
+ // input.
577
581
  //
578
582
  // It returns one on success or zero on error.
579
583
  OPENSSL_EXPORT int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig,
@@ -832,6 +836,11 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx,
832
836
  // Ed448 and attempts to create keys will fail.
833
837
  #define EVP_PKEY_ED448 NID_ED448
834
838
 
839
+ // EVP_PKEY_get0 returns NULL. This function is provided for compatibility with
840
+ // OpenSSL but does not return anything. Use the typed |EVP_PKEY_get0_*|
841
+ // functions instead.
842
+ OPENSSL_EXPORT void *EVP_PKEY_get0(const EVP_PKEY *pkey);
843
+
835
844
  // OpenSSL_add_all_algorithms does nothing.
836
845
  OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void);
837
846
 
@@ -1091,42 +1100,4 @@ BSSL_NAMESPACE_END
1091
1100
 
1092
1101
  #endif
1093
1102
 
1094
- #define EVP_R_BUFFER_TOO_SMALL 100
1095
- #define EVP_R_COMMAND_NOT_SUPPORTED 101
1096
- #define EVP_R_DECODE_ERROR 102
1097
- #define EVP_R_DIFFERENT_KEY_TYPES 103
1098
- #define EVP_R_DIFFERENT_PARAMETERS 104
1099
- #define EVP_R_ENCODE_ERROR 105
1100
- #define EVP_R_EXPECTING_AN_EC_KEY_KEY 106
1101
- #define EVP_R_EXPECTING_AN_RSA_KEY 107
1102
- #define EVP_R_EXPECTING_A_DSA_KEY 108
1103
- #define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 109
1104
- #define EVP_R_INVALID_DIGEST_LENGTH 110
1105
- #define EVP_R_INVALID_DIGEST_TYPE 111
1106
- #define EVP_R_INVALID_KEYBITS 112
1107
- #define EVP_R_INVALID_MGF1_MD 113
1108
- #define EVP_R_INVALID_OPERATION 114
1109
- #define EVP_R_INVALID_PADDING_MODE 115
1110
- #define EVP_R_INVALID_PSS_SALTLEN 116
1111
- #define EVP_R_KEYS_NOT_SET 117
1112
- #define EVP_R_MISSING_PARAMETERS 118
1113
- #define EVP_R_NO_DEFAULT_DIGEST 119
1114
- #define EVP_R_NO_KEY_SET 120
1115
- #define EVP_R_NO_MDC2_SUPPORT 121
1116
- #define EVP_R_NO_NID_FOR_CURVE 122
1117
- #define EVP_R_NO_OPERATION_SET 123
1118
- #define EVP_R_NO_PARAMETERS_SET 124
1119
- #define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 125
1120
- #define EVP_R_OPERATON_NOT_INITIALIZED 126
1121
- #define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 127
1122
- #define EVP_R_UNSUPPORTED_ALGORITHM 128
1123
- #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 129
1124
- #define EVP_R_NOT_A_PRIVATE_KEY 130
1125
- #define EVP_R_INVALID_SIGNATURE 131
1126
- #define EVP_R_MEMORY_LIMIT_EXCEEDED 132
1127
- #define EVP_R_INVALID_PARAMETERS 133
1128
- #define EVP_R_INVALID_PEER_KEY 134
1129
- #define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135
1130
- #define EVP_R_EMPTY_PSK 136
1131
-
1132
1103
  #endif // OPENSSL_HEADER_EVP_H
@@ -54,63 +54,46 @@
54
54
  * copied and put under another distribution licence
55
55
  * [including the GNU Public Licence.] */
56
56
 
57
- #include <openssl/asn1.h>
58
- #include <openssl/bn.h>
59
- #include <openssl/digest.h>
60
- #include <openssl/err.h>
61
- #include <openssl/evp.h>
62
- #include <openssl/obj.h>
63
- #include <openssl/x509.h>
57
+ #ifndef OPENSSL_HEADER_EVP_ERRORS_H
58
+ #define OPENSSL_HEADER_EVP_ERRORS_H
64
59
 
65
- X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
66
- {
67
- X509 *ret = NULL;
68
- X509_CINF *xi = NULL;
69
- X509_NAME *xn;
70
- EVP_PKEY *pubkey = NULL;
71
- int res;
60
+ #define EVP_R_BUFFER_TOO_SMALL 100
61
+ #define EVP_R_COMMAND_NOT_SUPPORTED 101
62
+ #define EVP_R_DECODE_ERROR 102
63
+ #define EVP_R_DIFFERENT_KEY_TYPES 103
64
+ #define EVP_R_DIFFERENT_PARAMETERS 104
65
+ #define EVP_R_ENCODE_ERROR 105
66
+ #define EVP_R_EXPECTING_AN_EC_KEY_KEY 106
67
+ #define EVP_R_EXPECTING_AN_RSA_KEY 107
68
+ #define EVP_R_EXPECTING_A_DSA_KEY 108
69
+ #define EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 109
70
+ #define EVP_R_INVALID_DIGEST_LENGTH 110
71
+ #define EVP_R_INVALID_DIGEST_TYPE 111
72
+ #define EVP_R_INVALID_KEYBITS 112
73
+ #define EVP_R_INVALID_MGF1_MD 113
74
+ #define EVP_R_INVALID_OPERATION 114
75
+ #define EVP_R_INVALID_PADDING_MODE 115
76
+ #define EVP_R_INVALID_PSS_SALTLEN 116
77
+ #define EVP_R_KEYS_NOT_SET 117
78
+ #define EVP_R_MISSING_PARAMETERS 118
79
+ #define EVP_R_NO_DEFAULT_DIGEST 119
80
+ #define EVP_R_NO_KEY_SET 120
81
+ #define EVP_R_NO_MDC2_SUPPORT 121
82
+ #define EVP_R_NO_NID_FOR_CURVE 122
83
+ #define EVP_R_NO_OPERATION_SET 123
84
+ #define EVP_R_NO_PARAMETERS_SET 124
85
+ #define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 125
86
+ #define EVP_R_OPERATON_NOT_INITIALIZED 126
87
+ #define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 127
88
+ #define EVP_R_UNSUPPORTED_ALGORITHM 128
89
+ #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 129
90
+ #define EVP_R_NOT_A_PRIVATE_KEY 130
91
+ #define EVP_R_INVALID_SIGNATURE 131
92
+ #define EVP_R_MEMORY_LIMIT_EXCEEDED 132
93
+ #define EVP_R_INVALID_PARAMETERS 133
94
+ #define EVP_R_INVALID_PEER_KEY 134
95
+ #define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135
96
+ #define EVP_R_EMPTY_PSK 136
97
+ #define EVP_R_INVALID_BUFFER_SIZE 137
72
98
 
73
- if ((ret = X509_new()) == NULL) {
74
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
75
- return NULL;
76
- }
77
-
78
- /* duplicate the request */
79
- xi = ret->cert_info;
80
-
81
- if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
82
- if ((xi->version = ASN1_INTEGER_new()) == NULL)
83
- goto err;
84
- if (!ASN1_INTEGER_set(xi->version, 2))
85
- goto err;
86
- /*
87
- * xi->extensions=ri->attributes; <- bad, should not ever be done
88
- * ri->attributes=NULL;
89
- */
90
- }
91
-
92
- xn = X509_REQ_get_subject_name(r);
93
- if (X509_set_subject_name(ret, xn) == 0)
94
- goto err;
95
- if (X509_set_issuer_name(ret, xn) == 0)
96
- goto err;
97
-
98
- if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
99
- goto err;
100
- if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) ==
101
- NULL)
102
- goto err;
103
-
104
- pubkey = X509_REQ_get_pubkey(r);
105
- res = X509_set_pubkey(ret, pubkey);
106
- EVP_PKEY_free(pubkey);
107
-
108
- if (!res || !X509_sign(ret, pkey, EVP_md5()))
109
- goto err;
110
- if (0) {
111
- err:
112
- X509_free(ret);
113
- ret = NULL;
114
- }
115
- return (ret);
116
- }
99
+ #endif // OPENSSL_HEADER_EVP_ERRORS_H