grpc 1.53.0 → 1.54.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +80 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/impl/grpc_types.h +11 -2
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +137 -0
- data/src/core/ext/gcp/metadata_query.h +87 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +5 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +149 -60
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +118 -222
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +295 -113
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +466 -273
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +7 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +14 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +9 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +18 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.h → lib/backoff/random_early_detection.cc} +14 -12
- data/src/core/lib/backoff/random_early_detection.h +59 -0
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/endpoint_pair.h +2 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/validate_metadata.cc +43 -42
- data/src/core/lib/surface/validate_metadata.h +9 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +9 -6
- data/src/core/lib/transport/metadata_batch.h +168 -18
- data/src/core/lib/transport/parsed_metadata.h +19 -9
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +105 -70
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
@@ -38,7 +38,6 @@
|
|
38
38
|
#include "absl/types/span.h"
|
39
39
|
#include "absl/types/variant.h"
|
40
40
|
|
41
|
-
#include <grpc/status.h>
|
42
41
|
#include <grpc/support/log.h>
|
43
42
|
|
44
43
|
#include "src/core/ext/transport/chttp2/transport/decode_huff.h"
|
@@ -46,9 +45,11 @@
|
|
46
45
|
#include "src/core/lib/debug/stats.h"
|
47
46
|
#include "src/core/lib/debug/stats_data.h"
|
48
47
|
#include "src/core/lib/debug/trace.h"
|
48
|
+
#include "src/core/lib/gprpp/crash.h"
|
49
49
|
#include "src/core/lib/gprpp/status_helper.h"
|
50
50
|
#include "src/core/lib/slice/slice.h"
|
51
51
|
#include "src/core/lib/slice/slice_refcount.h"
|
52
|
+
#include "src/core/lib/surface/validate_metadata.h"
|
52
53
|
#include "src/core/lib/transport/parsed_metadata.h"
|
53
54
|
|
54
55
|
// IWYU pragma: no_include <type_traits>
|
@@ -80,6 +81,40 @@ struct Base64InverseTable {
|
|
80
81
|
};
|
81
82
|
|
82
83
|
constexpr Base64InverseTable kBase64InverseTable;
|
84
|
+
|
85
|
+
absl::Status EnsureStreamError(absl::Status error) {
|
86
|
+
if (error.ok()) return error;
|
87
|
+
return grpc_error_set_int(std::move(error), StatusIntProperty::kStreamId, 0);
|
88
|
+
}
|
89
|
+
|
90
|
+
bool IsStreamError(const absl::Status& status) {
|
91
|
+
intptr_t stream_id;
|
92
|
+
return grpc_error_get_int(status, StatusIntProperty::kStreamId, &stream_id);
|
93
|
+
}
|
94
|
+
|
95
|
+
class MetadataSizeLimitExceededEncoder {
|
96
|
+
public:
|
97
|
+
explicit MetadataSizeLimitExceededEncoder(std::string& summary)
|
98
|
+
: summary_(summary) {}
|
99
|
+
|
100
|
+
void Encode(const Slice& key, const Slice& value) {
|
101
|
+
AddToSummary(key.as_string_view(), value.size());
|
102
|
+
}
|
103
|
+
|
104
|
+
template <typename Key, typename Value>
|
105
|
+
void Encode(Key, const Value& value) {
|
106
|
+
AddToSummary(Key::key(), EncodedSizeOfKey(Key(), value));
|
107
|
+
}
|
108
|
+
|
109
|
+
private:
|
110
|
+
void AddToSummary(absl::string_view key,
|
111
|
+
size_t value_length) GPR_ATTRIBUTE_NOINLINE {
|
112
|
+
absl::StrAppend(&summary_, " ", key, ":",
|
113
|
+
hpack_constants::SizeForEntry(key.size(), value_length),
|
114
|
+
"B");
|
115
|
+
}
|
116
|
+
std::string& summary_;
|
117
|
+
};
|
83
118
|
} // namespace
|
84
119
|
|
85
120
|
// Input tracks the current byte through the input data and provides it
|
@@ -121,7 +156,8 @@ class HPackParser::Input {
|
|
121
156
|
// of stream
|
122
157
|
absl::optional<uint8_t> Next() {
|
123
158
|
if (end_of_stream()) {
|
124
|
-
|
159
|
+
UnexpectedEOF();
|
160
|
+
return absl::optional<uint8_t>();
|
125
161
|
}
|
126
162
|
return *begin_++;
|
127
163
|
}
|
@@ -187,7 +223,10 @@ class HPackParser::Input {
|
|
187
223
|
// Parse a string prefix
|
188
224
|
absl::optional<StringPrefix> ParseStringPrefix() {
|
189
225
|
auto cur = Next();
|
190
|
-
if (!cur.has_value())
|
226
|
+
if (!cur.has_value()) {
|
227
|
+
GPR_DEBUG_ASSERT(eof_error());
|
228
|
+
return {};
|
229
|
+
}
|
191
230
|
// Huffman if the top bit is 1
|
192
231
|
const bool huff = (*cur & 0x80) != 0;
|
193
232
|
// String length
|
@@ -195,14 +234,19 @@ class HPackParser::Input {
|
|
195
234
|
if (strlen == 0x7f) {
|
196
235
|
// all ones ==> varint string length
|
197
236
|
auto v = ParseVarint(0x7f);
|
198
|
-
if (!v.has_value())
|
237
|
+
if (!v.has_value()) {
|
238
|
+
GPR_DEBUG_ASSERT(eof_error());
|
239
|
+
return {};
|
240
|
+
}
|
199
241
|
strlen = *v;
|
200
242
|
}
|
201
243
|
return StringPrefix{strlen, huff};
|
202
244
|
}
|
203
245
|
|
204
246
|
// Check if we saw an EOF.. must be verified before looking at TakeError
|
205
|
-
bool eof_error() const {
|
247
|
+
bool eof_error() const {
|
248
|
+
return eof_error_ || (!error_.ok() && !IsStreamError(error_));
|
249
|
+
}
|
206
250
|
|
207
251
|
// Extract the parse error, leaving the current error as NONE.
|
208
252
|
grpc_error_handle TakeError() {
|
@@ -211,34 +255,33 @@ class HPackParser::Input {
|
|
211
255
|
return out;
|
212
256
|
}
|
213
257
|
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
258
|
+
bool has_error() const { return !error_.ok(); }
|
259
|
+
|
260
|
+
// Set the current error - tweaks the error to include a stream id so that
|
261
|
+
// chttp2 does not close the connection.
|
262
|
+
// Intended for errors that are specific to a stream and recoverable.
|
263
|
+
// Callers should ensure that any hpack table updates happen.
|
264
|
+
GPR_ATTRIBUTE_NOINLINE void SetErrorAndContinueParsing(
|
265
|
+
grpc_error_handle error) {
|
266
|
+
GPR_ASSERT(!error.ok());
|
267
|
+
// StreamId is used as a signal to skip this stream but keep the connection
|
268
|
+
// alive
|
269
|
+
SetError(EnsureStreamError(std::move(error)));
|
222
270
|
}
|
223
271
|
|
224
|
-
//
|
225
|
-
//
|
226
|
-
|
227
|
-
GPR_ATTRIBUTE_NOINLINE
|
228
|
-
|
229
|
-
|
230
|
-
error_ = error_factory();
|
272
|
+
// Set the current error, and skip past remaining bytes.
|
273
|
+
// Intended for unrecoverable errors, with the expectation that they will
|
274
|
+
// close the connection on return to chttp2.
|
275
|
+
GPR_ATTRIBUTE_NOINLINE void SetErrorAndStopParsing(grpc_error_handle error) {
|
276
|
+
GPR_ASSERT(!error.ok());
|
277
|
+
SetError(std::move(error));
|
231
278
|
begin_ = end_;
|
232
|
-
return return_value;
|
233
279
|
}
|
234
280
|
|
235
|
-
// Set the error to an unexpected eof
|
236
|
-
|
237
|
-
|
238
|
-
T UnexpectedEOF(T return_value) {
|
239
|
-
if (!error_.ok()) return return_value;
|
281
|
+
// Set the error to an unexpected eof
|
282
|
+
void UnexpectedEOF() {
|
283
|
+
if (!error_.ok() && !IsStreamError(error_)) return;
|
240
284
|
eof_error_ = true;
|
241
|
-
return return_value;
|
242
285
|
}
|
243
286
|
|
244
287
|
// Update the frontier - signifies we've successfully parsed another element
|
@@ -251,14 +294,24 @@ class HPackParser::Input {
|
|
251
294
|
// Helper to set the error to out of range for ParseVarint
|
252
295
|
absl::optional<uint32_t> ParseVarintOutOfRange(uint32_t value,
|
253
296
|
uint8_t last_byte) {
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
297
|
+
SetErrorAndStopParsing(absl::InternalError(absl::StrFormat(
|
298
|
+
"integer overflow in hpack integer decoding: have 0x%08x, "
|
299
|
+
"got byte 0x%02x on byte 5",
|
300
|
+
value, last_byte)));
|
301
|
+
return absl::optional<uint32_t>();
|
302
|
+
}
|
303
|
+
|
304
|
+
// If no error is set, set it to the given error (i.e. first error wins)
|
305
|
+
// Do not use this directly, instead use SetErrorAndContinueParsing or
|
306
|
+
// SetErrorAndStopParsing.
|
307
|
+
void SetError(grpc_error_handle error) {
|
308
|
+
if (!error_.ok() || eof_error_) {
|
309
|
+
if (!IsStreamError(error) && IsStreamError(error_)) {
|
310
|
+
error_ = std::move(error); // connection errors dominate
|
311
|
+
}
|
312
|
+
return;
|
313
|
+
}
|
314
|
+
error_ = std::move(error);
|
262
315
|
}
|
263
316
|
|
264
317
|
// Refcount if we are backed by a slice
|
@@ -279,6 +332,21 @@ class HPackParser::Input {
|
|
279
332
|
// management characteristics
|
280
333
|
class HPackParser::String {
|
281
334
|
public:
|
335
|
+
// ParseResult carries both a ParseStatus and the parsed string
|
336
|
+
struct ParseResult;
|
337
|
+
// Result of parsing a string
|
338
|
+
enum class ParseStatus {
|
339
|
+
// Parsed OK
|
340
|
+
kOk,
|
341
|
+
// Parse reached end of the current frame
|
342
|
+
kEof,
|
343
|
+
// Parse failed due to a huffman decode error
|
344
|
+
kParseHuffFailed,
|
345
|
+
// Parse failed due to a base64 decode error
|
346
|
+
kUnbase64Failed,
|
347
|
+
};
|
348
|
+
|
349
|
+
String() : value_(absl::Span<const uint8_t>()) {}
|
282
350
|
String(const String&) = delete;
|
283
351
|
String& operator=(const String&) = delete;
|
284
352
|
String(String&& other) noexcept : value_(std::move(other.value_)) {
|
@@ -308,72 +376,10 @@ class HPackParser::String {
|
|
308
376
|
}
|
309
377
|
|
310
378
|
// Parse a non-binary string
|
311
|
-
static
|
312
|
-
auto pfx = input->ParseStringPrefix();
|
313
|
-
if (!pfx.has_value()) return {};
|
314
|
-
if (pfx->huff) {
|
315
|
-
// Huffman coded
|
316
|
-
std::vector<uint8_t> output;
|
317
|
-
auto v = ParseHuff(input, pfx->length,
|
318
|
-
[&output](uint8_t c) { output.push_back(c); });
|
319
|
-
if (!v) return {};
|
320
|
-
return String(std::move(output));
|
321
|
-
}
|
322
|
-
return ParseUncompressed(input, pfx->length);
|
323
|
-
}
|
379
|
+
static ParseResult Parse(Input* input);
|
324
380
|
|
325
381
|
// Parse a binary string
|
326
|
-
static
|
327
|
-
auto pfx = input->ParseStringPrefix();
|
328
|
-
if (!pfx.has_value()) return {};
|
329
|
-
if (!pfx->huff) {
|
330
|
-
if (pfx->length > 0 && input->peek() == 0) {
|
331
|
-
// 'true-binary'
|
332
|
-
input->Advance(1);
|
333
|
-
return ParseUncompressed(input, pfx->length - 1);
|
334
|
-
}
|
335
|
-
// Base64 encoded... pull out the string, then unbase64 it
|
336
|
-
auto base64 = ParseUncompressed(input, pfx->length);
|
337
|
-
if (!base64.has_value()) return {};
|
338
|
-
return Unbase64(input, std::move(*base64));
|
339
|
-
} else {
|
340
|
-
// Huffman encoded...
|
341
|
-
std::vector<uint8_t> decompressed;
|
342
|
-
// State here says either we don't know if it's base64 or binary, or we do
|
343
|
-
// and what is it.
|
344
|
-
enum class State { kUnsure, kBinary, kBase64 };
|
345
|
-
State state = State::kUnsure;
|
346
|
-
auto decompressed_ok =
|
347
|
-
ParseHuff(input, pfx->length, [&state, &decompressed](uint8_t c) {
|
348
|
-
if (state == State::kUnsure) {
|
349
|
-
// First byte... if it's zero it's binary
|
350
|
-
if (c == 0) {
|
351
|
-
// Save the type, and skip the zero
|
352
|
-
state = State::kBinary;
|
353
|
-
return;
|
354
|
-
} else {
|
355
|
-
// Flag base64, store this value
|
356
|
-
state = State::kBase64;
|
357
|
-
}
|
358
|
-
}
|
359
|
-
// Non-first byte, or base64 first byte
|
360
|
-
decompressed.push_back(c);
|
361
|
-
});
|
362
|
-
if (!decompressed_ok) return {};
|
363
|
-
switch (state) {
|
364
|
-
case State::kUnsure:
|
365
|
-
// No bytes, empty span
|
366
|
-
return String(absl::Span<const uint8_t>());
|
367
|
-
case State::kBinary:
|
368
|
-
// Binary, we're done
|
369
|
-
return String(std::move(decompressed));
|
370
|
-
case State::kBase64:
|
371
|
-
// Base64 - unpack it
|
372
|
-
return Unbase64(input, String(std::move(decompressed)));
|
373
|
-
}
|
374
|
-
GPR_UNREACHABLE_CODE(abort(););
|
375
|
-
}
|
376
|
-
}
|
382
|
+
static ParseResult ParseBinary(Input* input);
|
377
383
|
|
378
384
|
private:
|
379
385
|
void AppendBytes(const uint8_t* data, size_t length);
|
@@ -385,54 +391,27 @@ class HPackParser::String {
|
|
385
391
|
// Parse some huffman encoded bytes, using output(uint8_t b) to emit each
|
386
392
|
// decoded byte.
|
387
393
|
template <typename Out>
|
388
|
-
static
|
394
|
+
static ParseStatus ParseHuff(Input* input, uint32_t length, Out output) {
|
389
395
|
// If there's insufficient bytes remaining, return now.
|
390
396
|
if (input->remaining() < length) {
|
391
|
-
|
397
|
+
input->UnexpectedEOF();
|
398
|
+
GPR_DEBUG_ASSERT(input->eof_error());
|
399
|
+
return ParseStatus::kEof;
|
392
400
|
}
|
393
401
|
// Grab the byte range, and iterate through it.
|
394
402
|
const uint8_t* p = input->cur_ptr();
|
395
403
|
input->Advance(length);
|
396
|
-
return HuffDecoder<Out>(output, p, p + length).Run()
|
404
|
+
return HuffDecoder<Out>(output, p, p + length).Run()
|
405
|
+
? ParseStatus::kOk
|
406
|
+
: ParseStatus::kParseHuffFailed;
|
397
407
|
}
|
398
408
|
|
399
409
|
// Parse some uncompressed string bytes.
|
400
|
-
static
|
401
|
-
|
402
|
-
// Check there's enough bytes
|
403
|
-
if (input->remaining() < length) {
|
404
|
-
return input->UnexpectedEOF(absl::optional<String>());
|
405
|
-
}
|
406
|
-
auto* refcount = input->slice_refcount();
|
407
|
-
auto* p = input->cur_ptr();
|
408
|
-
input->Advance(length);
|
409
|
-
if (refcount != nullptr) {
|
410
|
-
return String(refcount, p, p + length);
|
411
|
-
} else {
|
412
|
-
return String(absl::Span<const uint8_t>(p, length));
|
413
|
-
}
|
414
|
-
}
|
410
|
+
static ParseResult ParseUncompressed(Input* input, uint32_t length,
|
411
|
+
uint32_t wire_size);
|
415
412
|
|
416
413
|
// Turn base64 encoded bytes into not base64 encoded bytes.
|
417
|
-
|
418
|
-
static absl::optional<String> Unbase64(Input* input, String s) {
|
419
|
-
absl::optional<std::vector<uint8_t>> result;
|
420
|
-
if (auto* p = absl::get_if<Slice>(&s.value_)) {
|
421
|
-
result = Unbase64Loop(p->begin(), p->end());
|
422
|
-
}
|
423
|
-
if (auto* p = absl::get_if<absl::Span<const uint8_t>>(&s.value_)) {
|
424
|
-
result = Unbase64Loop(p->begin(), p->end());
|
425
|
-
}
|
426
|
-
if (auto* p = absl::get_if<std::vector<uint8_t>>(&s.value_)) {
|
427
|
-
result = Unbase64Loop(p->data(), p->data() + p->size());
|
428
|
-
}
|
429
|
-
if (!result.has_value()) {
|
430
|
-
return input->MaybeSetErrorAndReturn(
|
431
|
-
[] { return GRPC_ERROR_CREATE("illegal base64 encoding"); },
|
432
|
-
absl::optional<String>());
|
433
|
-
}
|
434
|
-
return String(std::move(*result));
|
435
|
-
}
|
414
|
+
static ParseResult Unbase64(String s);
|
436
415
|
|
437
416
|
// Main loop for Unbase64
|
438
417
|
static absl::optional<std::vector<uint8_t>> Unbase64Loop(const uint8_t* cur,
|
@@ -519,24 +498,154 @@ class HPackParser::String {
|
|
519
498
|
absl::variant<Slice, absl::Span<const uint8_t>, std::vector<uint8_t>> value_;
|
520
499
|
};
|
521
500
|
|
501
|
+
struct HPackParser::String::ParseResult {
|
502
|
+
ParseResult() = delete;
|
503
|
+
ParseResult(ParseStatus status, size_t wire_size, String value)
|
504
|
+
: status(status), wire_size(wire_size), value(std::move(value)) {}
|
505
|
+
ParseStatus status;
|
506
|
+
size_t wire_size;
|
507
|
+
String value;
|
508
|
+
};
|
509
|
+
|
510
|
+
HPackParser::String::ParseResult HPackParser::String::ParseUncompressed(
|
511
|
+
Input* input, uint32_t length, uint32_t wire_size) {
|
512
|
+
// Check there's enough bytes
|
513
|
+
if (input->remaining() < length) {
|
514
|
+
input->UnexpectedEOF();
|
515
|
+
GPR_DEBUG_ASSERT(input->eof_error());
|
516
|
+
return ParseResult{ParseStatus::kEof, wire_size, String{}};
|
517
|
+
}
|
518
|
+
auto* refcount = input->slice_refcount();
|
519
|
+
auto* p = input->cur_ptr();
|
520
|
+
input->Advance(length);
|
521
|
+
if (refcount != nullptr) {
|
522
|
+
return ParseResult{ParseStatus::kOk, wire_size,
|
523
|
+
String(refcount, p, p + length)};
|
524
|
+
} else {
|
525
|
+
return ParseResult{ParseStatus::kOk, wire_size,
|
526
|
+
String(absl::Span<const uint8_t>(p, length))};
|
527
|
+
}
|
528
|
+
}
|
529
|
+
|
530
|
+
HPackParser::String::ParseResult HPackParser::String::Unbase64(String s) {
|
531
|
+
absl::optional<std::vector<uint8_t>> result;
|
532
|
+
if (auto* p = absl::get_if<Slice>(&s.value_)) {
|
533
|
+
result = Unbase64Loop(p->begin(), p->end());
|
534
|
+
}
|
535
|
+
if (auto* p = absl::get_if<absl::Span<const uint8_t>>(&s.value_)) {
|
536
|
+
result = Unbase64Loop(p->begin(), p->end());
|
537
|
+
}
|
538
|
+
if (auto* p = absl::get_if<std::vector<uint8_t>>(&s.value_)) {
|
539
|
+
result = Unbase64Loop(p->data(), p->data() + p->size());
|
540
|
+
}
|
541
|
+
if (!result.has_value()) {
|
542
|
+
return ParseResult{ParseStatus::kUnbase64Failed, s.string_view().length(),
|
543
|
+
String{}};
|
544
|
+
}
|
545
|
+
return ParseResult{ParseStatus::kOk, s.string_view().length(),
|
546
|
+
String(std::move(*result))};
|
547
|
+
}
|
548
|
+
|
549
|
+
HPackParser::String::ParseResult HPackParser::String::Parse(Input* input) {
|
550
|
+
auto pfx = input->ParseStringPrefix();
|
551
|
+
if (!pfx.has_value()) {
|
552
|
+
GPR_DEBUG_ASSERT(input->eof_error());
|
553
|
+
return ParseResult{ParseStatus::kEof, 0, String{}};
|
554
|
+
}
|
555
|
+
if (pfx->huff) {
|
556
|
+
// Huffman coded
|
557
|
+
std::vector<uint8_t> output;
|
558
|
+
ParseStatus sts = ParseHuff(input, pfx->length,
|
559
|
+
[&output](uint8_t c) { output.push_back(c); });
|
560
|
+
size_t wire_len = output.size();
|
561
|
+
return ParseResult{sts, wire_len, String(std::move(output))};
|
562
|
+
}
|
563
|
+
return ParseUncompressed(input, pfx->length, pfx->length);
|
564
|
+
}
|
565
|
+
|
566
|
+
HPackParser::String::ParseResult HPackParser::String::ParseBinary(
|
567
|
+
Input* input) {
|
568
|
+
auto pfx = input->ParseStringPrefix();
|
569
|
+
if (!pfx.has_value()) {
|
570
|
+
GPR_DEBUG_ASSERT(input->eof_error());
|
571
|
+
return ParseResult{ParseStatus::kEof, 0, String{}};
|
572
|
+
}
|
573
|
+
if (!pfx->huff) {
|
574
|
+
if (pfx->length > 0 && input->peek() == 0) {
|
575
|
+
// 'true-binary'
|
576
|
+
input->Advance(1);
|
577
|
+
return ParseUncompressed(input, pfx->length - 1, pfx->length);
|
578
|
+
}
|
579
|
+
// Base64 encoded... pull out the string, then unbase64 it
|
580
|
+
auto base64 = ParseUncompressed(input, pfx->length, pfx->length);
|
581
|
+
if (base64.status != ParseStatus::kOk) return base64;
|
582
|
+
return Unbase64(std::move(base64.value));
|
583
|
+
} else {
|
584
|
+
// Huffman encoded...
|
585
|
+
std::vector<uint8_t> decompressed;
|
586
|
+
// State here says either we don't know if it's base64 or binary, or we do
|
587
|
+
// and what is it.
|
588
|
+
enum class State { kUnsure, kBinary, kBase64 };
|
589
|
+
State state = State::kUnsure;
|
590
|
+
auto sts =
|
591
|
+
ParseHuff(input, pfx->length, [&state, &decompressed](uint8_t c) {
|
592
|
+
if (state == State::kUnsure) {
|
593
|
+
// First byte... if it's zero it's binary
|
594
|
+
if (c == 0) {
|
595
|
+
// Save the type, and skip the zero
|
596
|
+
state = State::kBinary;
|
597
|
+
return;
|
598
|
+
} else {
|
599
|
+
// Flag base64, store this value
|
600
|
+
state = State::kBase64;
|
601
|
+
}
|
602
|
+
}
|
603
|
+
// Non-first byte, or base64 first byte
|
604
|
+
decompressed.push_back(c);
|
605
|
+
});
|
606
|
+
if (sts != ParseStatus::kOk) {
|
607
|
+
return ParseResult{sts, 0, String{}};
|
608
|
+
}
|
609
|
+
switch (state) {
|
610
|
+
case State::kUnsure:
|
611
|
+
// No bytes, empty span
|
612
|
+
return ParseResult{ParseStatus::kOk, 0,
|
613
|
+
String(absl::Span<const uint8_t>())};
|
614
|
+
case State::kBinary:
|
615
|
+
// Binary, we're done
|
616
|
+
{
|
617
|
+
size_t wire_len = decompressed.size();
|
618
|
+
return ParseResult{ParseStatus::kOk, wire_len,
|
619
|
+
String(std::move(decompressed))};
|
620
|
+
}
|
621
|
+
case State::kBase64:
|
622
|
+
// Base64 - unpack it
|
623
|
+
return Unbase64(String(std::move(decompressed)));
|
624
|
+
}
|
625
|
+
GPR_UNREACHABLE_CODE(abort(););
|
626
|
+
}
|
627
|
+
}
|
628
|
+
|
522
629
|
// Parser parses one key/value pair from a byte stream.
|
523
630
|
class HPackParser::Parser {
|
524
631
|
public:
|
525
|
-
Parser(Input* input, grpc_metadata_batch* metadata_buffer,
|
526
|
-
uint32_t metadata_size_limit, HPackTable* table,
|
632
|
+
Parser(Input* input, grpc_metadata_batch* metadata_buffer, HPackTable* table,
|
527
633
|
uint8_t* dynamic_table_updates_allowed, uint32_t* frame_length,
|
528
|
-
LogInfo log_info)
|
634
|
+
RandomEarlyDetection* metadata_early_detection, LogInfo log_info)
|
529
635
|
: input_(input),
|
530
636
|
metadata_buffer_(metadata_buffer),
|
531
637
|
table_(table),
|
532
638
|
dynamic_table_updates_allowed_(dynamic_table_updates_allowed),
|
533
639
|
frame_length_(frame_length),
|
534
|
-
|
640
|
+
metadata_early_detection_(metadata_early_detection),
|
535
641
|
log_info_(log_info) {}
|
536
642
|
|
537
643
|
// Skip any priority bits, or return false on failure
|
538
644
|
bool SkipPriority() {
|
539
|
-
if (input_->remaining() < 5)
|
645
|
+
if (input_->remaining() < 5) {
|
646
|
+
input_->UnexpectedEOF();
|
647
|
+
return false;
|
648
|
+
}
|
540
649
|
input_->Advance(5);
|
541
650
|
return true;
|
542
651
|
}
|
@@ -609,8 +718,9 @@ class HPackParser::Parser {
|
|
609
718
|
case 8:
|
610
719
|
if (cur == 0x80) {
|
611
720
|
// illegal value.
|
612
|
-
|
613
|
-
|
721
|
+
input_->SetErrorAndStopParsing(
|
722
|
+
absl::InternalError("Illegal hpack op code"));
|
723
|
+
return false;
|
614
724
|
}
|
615
725
|
ABSL_FALLTHROUGH_INTENDED;
|
616
726
|
case 9:
|
@@ -647,20 +757,31 @@ class HPackParser::Parser {
|
|
647
757
|
type = "???";
|
648
758
|
break;
|
649
759
|
}
|
650
|
-
gpr_log(GPR_DEBUG, "HTTP:%d:%s:%s: %s", log_info_.stream_id, type,
|
651
|
-
log_info_.is_client ? "CLI" : "SVR",
|
760
|
+
gpr_log(GPR_DEBUG, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
|
761
|
+
log_info_.is_client ? "CLI" : "SVR",
|
762
|
+
memento.md.DebugString().c_str(),
|
763
|
+
memento.parse_status.ok()
|
764
|
+
? ""
|
765
|
+
: absl::StrCat(
|
766
|
+
" (parse error: ", memento.parse_status.ToString(), ")")
|
767
|
+
.c_str());
|
652
768
|
}
|
653
769
|
|
654
|
-
|
770
|
+
void EmitHeader(const HPackTable::Memento& md) {
|
655
771
|
// Pass up to the transport
|
656
|
-
|
657
|
-
|
658
|
-
|
659
|
-
|
772
|
+
*frame_length_ += md.md.transport_size();
|
773
|
+
if (!input_->has_error() &&
|
774
|
+
metadata_early_detection_->MustReject(*frame_length_)) {
|
775
|
+
// Reject any requests above hard metadata limit.
|
776
|
+
HandleMetadataHardSizeLimitExceeded(md);
|
777
|
+
}
|
778
|
+
if (!md.parse_status.ok()) {
|
779
|
+
// Reject any requests with invalid metadata.
|
780
|
+
HandleMetadataParseError(md.parse_status);
|
781
|
+
}
|
782
|
+
if (GPR_LIKELY(metadata_buffer_ != nullptr)) {
|
783
|
+
metadata_buffer_->Set(md.md);
|
660
784
|
}
|
661
|
-
|
662
|
-
metadata_buffer_->Set(md);
|
663
|
-
return true;
|
664
785
|
}
|
665
786
|
|
666
787
|
bool FinishHeaderAndAddToTable(absl::optional<HPackTable::Memento> md) {
|
@@ -671,73 +792,149 @@ class HPackParser::Parser {
|
|
671
792
|
LogHeader(*md);
|
672
793
|
}
|
673
794
|
// Emit whilst we own the metadata.
|
674
|
-
|
795
|
+
EmitHeader(*md);
|
675
796
|
// Add to the hpack table
|
676
797
|
grpc_error_handle err = table_->Add(std::move(*md));
|
677
798
|
if (GPR_UNLIKELY(!err.ok())) {
|
678
|
-
input_->
|
799
|
+
input_->SetErrorAndStopParsing(std::move(err));
|
679
800
|
return false;
|
680
801
|
};
|
681
|
-
return
|
802
|
+
return true;
|
682
803
|
}
|
683
804
|
|
684
805
|
bool FinishHeaderOmitFromTable(absl::optional<HPackTable::Memento> md) {
|
685
806
|
// Allow higher code to just pass in failures ... simplifies things a bit.
|
686
807
|
if (!md.has_value()) return false;
|
687
|
-
|
808
|
+
FinishHeaderOmitFromTable(*md);
|
809
|
+
return true;
|
688
810
|
}
|
689
811
|
|
690
|
-
|
812
|
+
void FinishHeaderOmitFromTable(const HPackTable::Memento& md) {
|
691
813
|
// Log if desired
|
692
814
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_trace_chttp2_hpack_parser)) {
|
693
815
|
LogHeader(md);
|
694
816
|
}
|
695
|
-
|
817
|
+
EmitHeader(md);
|
696
818
|
}
|
697
819
|
|
820
|
+
// Helper type to build a memento from a key & value, and to consolidate some
|
821
|
+
// tricky error path code.
|
822
|
+
class MementoBuilder {
|
823
|
+
public:
|
824
|
+
explicit MementoBuilder(Input* input, absl::string_view key_string,
|
825
|
+
absl::Status status = absl::OkStatus())
|
826
|
+
: input_(input), key_string_(key_string), status_(std::move(status)) {}
|
827
|
+
|
828
|
+
auto ErrorHandler() {
|
829
|
+
return [this](absl::string_view error, const Slice&) {
|
830
|
+
auto message =
|
831
|
+
absl::StrCat("Error parsing '", key_string_,
|
832
|
+
"' metadata: error=", error, " key=", key_string_);
|
833
|
+
gpr_log(GPR_ERROR, "%s", message.c_str());
|
834
|
+
if (status_.ok()) {
|
835
|
+
status_ = absl::InternalError(message);
|
836
|
+
}
|
837
|
+
};
|
838
|
+
}
|
839
|
+
|
840
|
+
HPackTable::Memento Build(ParsedMetadata<grpc_metadata_batch> memento) {
|
841
|
+
return HPackTable::Memento{std::move(memento), std::move(status_)};
|
842
|
+
}
|
843
|
+
|
844
|
+
// Handle the result of parsing a value.
|
845
|
+
// Returns true if parsing should continue, false if it should stop.
|
846
|
+
// Stores an error on the input if necessary.
|
847
|
+
bool HandleParseResult(String::ParseStatus status) {
|
848
|
+
auto continuable = [this](absl::string_view error) {
|
849
|
+
auto this_error = absl::InternalError(absl::StrCat(
|
850
|
+
"Error parsing '", key_string_, "' metadata: error=", error));
|
851
|
+
if (status_.ok()) status_ = this_error;
|
852
|
+
input_->SetErrorAndContinueParsing(std::move(this_error));
|
853
|
+
};
|
854
|
+
switch (status) {
|
855
|
+
case String::ParseStatus::kOk:
|
856
|
+
return true;
|
857
|
+
case String::ParseStatus::kParseHuffFailed:
|
858
|
+
input_->SetErrorAndStopParsing(
|
859
|
+
absl::InternalError("Huffman decoding failed"));
|
860
|
+
return false;
|
861
|
+
case String::ParseStatus::kUnbase64Failed:
|
862
|
+
continuable("illegal base64 encoding");
|
863
|
+
return true;
|
864
|
+
case String::ParseStatus::kEof:
|
865
|
+
GPR_DEBUG_ASSERT(input_->eof_error());
|
866
|
+
return false;
|
867
|
+
}
|
868
|
+
GPR_UNREACHABLE_CODE(return false);
|
869
|
+
}
|
870
|
+
|
871
|
+
private:
|
872
|
+
Input* input_;
|
873
|
+
absl::string_view key_string_;
|
874
|
+
absl::Status status_;
|
875
|
+
};
|
876
|
+
|
698
877
|
// Parse a string encoded key and a string encoded value
|
699
878
|
absl::optional<HPackTable::Memento> ParseLiteralKey() {
|
700
879
|
auto key = String::Parse(input_);
|
701
|
-
|
702
|
-
|
703
|
-
|
704
|
-
|
880
|
+
switch (key.status) {
|
881
|
+
case String::ParseStatus::kOk:
|
882
|
+
break;
|
883
|
+
case String::ParseStatus::kParseHuffFailed:
|
884
|
+
input_->SetErrorAndStopParsing(
|
885
|
+
absl::InternalError("Huffman decoding failed"));
|
886
|
+
return absl::nullopt;
|
887
|
+
case String::ParseStatus::kUnbase64Failed:
|
888
|
+
Crash("unreachable");
|
889
|
+
case String::ParseStatus::kEof:
|
890
|
+
GPR_DEBUG_ASSERT(input_->eof_error());
|
891
|
+
return absl::nullopt;
|
705
892
|
}
|
706
|
-
auto key_string = key
|
707
|
-
auto
|
708
|
-
|
709
|
-
|
710
|
-
return
|
711
|
-
|
712
|
-
|
713
|
-
|
714
|
-
|
893
|
+
auto key_string = key.value.string_view();
|
894
|
+
auto value = ParseValueString(absl::EndsWith(key_string, "-bin"));
|
895
|
+
MementoBuilder builder(input_, key_string,
|
896
|
+
EnsureStreamError(ValidateKey(key_string)));
|
897
|
+
if (!builder.HandleParseResult(value.status)) return absl::nullopt;
|
898
|
+
auto value_slice = value.value.Take();
|
899
|
+
const auto transport_size =
|
900
|
+
key_string.size() + value.wire_size + hpack_constants::kEntryOverhead;
|
901
|
+
return builder.Build(
|
902
|
+
grpc_metadata_batch::Parse(key_string, std::move(value_slice),
|
903
|
+
transport_size, builder.ErrorHandler()));
|
904
|
+
}
|
905
|
+
|
906
|
+
absl::Status ValidateKey(absl::string_view key) {
|
907
|
+
if (key == HttpSchemeMetadata::key() || key == HttpMethodMetadata::key() ||
|
908
|
+
key == HttpAuthorityMetadata::key() || key == HttpPathMetadata::key() ||
|
909
|
+
key == HttpStatusMetadata::key()) {
|
910
|
+
return absl::OkStatus();
|
911
|
+
}
|
912
|
+
return ValidateHeaderKeyIsLegal(key);
|
715
913
|
}
|
716
914
|
|
717
915
|
// Parse an index encoded key and a string encoded value
|
718
916
|
absl::optional<HPackTable::Memento> ParseIdxKey(uint32_t index) {
|
719
917
|
const auto* elem = table_->Lookup(index);
|
720
918
|
if (GPR_UNLIKELY(elem == nullptr)) {
|
721
|
-
|
722
|
-
|
723
|
-
}
|
724
|
-
|
725
|
-
|
726
|
-
return
|
727
|
-
|
728
|
-
|
729
|
-
|
730
|
-
}
|
919
|
+
InvalidHPackIndexError(index);
|
920
|
+
return absl::optional<HPackTable::Memento>();
|
921
|
+
}
|
922
|
+
MementoBuilder builder(input_, elem->md.key(), elem->parse_status);
|
923
|
+
auto value = ParseValueString(elem->md.is_binary_header());
|
924
|
+
if (!builder.HandleParseResult(value.status)) return absl::nullopt;
|
925
|
+
return builder.Build(elem->md.WithNewValue(
|
926
|
+
value.value.Take(), value.wire_size, builder.ErrorHandler()));
|
927
|
+
};
|
731
928
|
|
732
929
|
// Parse a varint index encoded key and a string encoded value
|
733
930
|
absl::optional<HPackTable::Memento> ParseVarIdxKey(uint32_t offset) {
|
734
931
|
auto index = input_->ParseVarint(offset);
|
735
|
-
if (GPR_UNLIKELY(!index.has_value())) return
|
932
|
+
if (GPR_UNLIKELY(!index.has_value())) return absl::nullopt;
|
736
933
|
return ParseIdxKey(*index);
|
737
934
|
}
|
738
935
|
|
739
936
|
// Parse a string, figuring out if it's binary or not by the key name.
|
740
|
-
|
937
|
+
String::ParseResult ParseValueString(bool is_binary) {
|
741
938
|
if (is_binary) {
|
742
939
|
return String::ParseBinary(input_);
|
743
940
|
} else {
|
@@ -751,26 +948,25 @@ class HPackParser::Parser {
|
|
751
948
|
if (!index.has_value()) return false;
|
752
949
|
const auto* elem = table_->Lookup(*index);
|
753
950
|
if (GPR_UNLIKELY(elem == nullptr)) {
|
754
|
-
|
951
|
+
InvalidHPackIndexError(*index);
|
952
|
+
return false;
|
755
953
|
}
|
756
|
-
|
954
|
+
FinishHeaderOmitFromTable(*elem);
|
955
|
+
return true;
|
757
956
|
}
|
758
957
|
|
759
958
|
// finish parsing a max table size change
|
760
959
|
bool FinishMaxTableSize(absl::optional<uint32_t> size) {
|
761
960
|
if (!size.has_value()) return false;
|
762
961
|
if (*dynamic_table_updates_allowed_ == 0) {
|
763
|
-
|
764
|
-
|
765
|
-
|
766
|
-
"More than two max table size changes in a single frame");
|
767
|
-
},
|
768
|
-
false);
|
962
|
+
input_->SetErrorAndStopParsing(absl::InternalError(
|
963
|
+
"More than two max table size changes in a single frame"));
|
964
|
+
return false;
|
769
965
|
}
|
770
966
|
(*dynamic_table_updates_allowed_)--;
|
771
967
|
grpc_error_handle err = table_->SetCurrentTableSize(*size);
|
772
968
|
if (!err.ok()) {
|
773
|
-
input_->
|
969
|
+
input_->SetErrorAndStopParsing(std::move(err));
|
774
970
|
return false;
|
775
971
|
}
|
776
972
|
return true;
|
@@ -778,88 +974,52 @@ class HPackParser::Parser {
|
|
778
974
|
|
779
975
|
// Set an invalid hpack index error if no error has been set. Returns result
|
780
976
|
// unmodified.
|
781
|
-
|
782
|
-
|
783
|
-
|
784
|
-
|
785
|
-
|
786
|
-
|
787
|
-
|
788
|
-
|
789
|
-
StatusIntProperty::kSize,
|
790
|
-
static_cast<intptr_t>(this->table_->num_entries()));
|
791
|
-
},
|
792
|
-
std::move(result));
|
793
|
-
}
|
794
|
-
|
795
|
-
class MetadataSizeLimitExceededEncoder {
|
796
|
-
public:
|
797
|
-
explicit MetadataSizeLimitExceededEncoder(std::string& summary)
|
798
|
-
: summary_(summary) {}
|
799
|
-
|
800
|
-
void Encode(const Slice& key, const Slice& value) {
|
801
|
-
AddToSummary(key.as_string_view(), value.size());
|
802
|
-
}
|
803
|
-
|
804
|
-
template <typename Key, typename Value>
|
805
|
-
void Encode(Key, const Value& value) {
|
806
|
-
AddToSummary(Key::key(), EncodedSizeOfKey(Key(), value));
|
807
|
-
}
|
977
|
+
void InvalidHPackIndexError(uint32_t index) {
|
978
|
+
input_->SetErrorAndStopParsing(grpc_error_set_int(
|
979
|
+
grpc_error_set_int(absl::InternalError("Invalid HPACK index received"),
|
980
|
+
StatusIntProperty::kIndex,
|
981
|
+
static_cast<intptr_t>(index)),
|
982
|
+
StatusIntProperty::kSize,
|
983
|
+
static_cast<intptr_t>(this->table_->num_entries())));
|
984
|
+
}
|
808
985
|
|
809
|
-
|
810
|
-
|
811
|
-
|
812
|
-
|
813
|
-
|
814
|
-
"B");
|
986
|
+
GPR_ATTRIBUTE_NOINLINE
|
987
|
+
void HandleMetadataParseError(const absl::Status& status) {
|
988
|
+
if (metadata_buffer_ != nullptr) {
|
989
|
+
metadata_buffer_->Clear();
|
990
|
+
metadata_buffer_ = nullptr;
|
815
991
|
}
|
816
|
-
|
817
|
-
|
992
|
+
// StreamId is used as a signal to skip this stream but keep the connection
|
993
|
+
// alive
|
994
|
+
input_->SetErrorAndContinueParsing(status);
|
995
|
+
}
|
818
996
|
|
819
997
|
GPR_ATTRIBUTE_NOINLINE
|
820
|
-
|
998
|
+
void HandleMetadataHardSizeLimitExceeded(const HPackTable::Memento& md) {
|
821
999
|
// Collect a summary of sizes so far for debugging
|
822
1000
|
// Do not collect contents, for fear of exposing PII.
|
823
1001
|
std::string summary;
|
1002
|
+
std::string error_message;
|
824
1003
|
if (metadata_buffer_ != nullptr) {
|
825
1004
|
MetadataSizeLimitExceededEncoder encoder(summary);
|
826
1005
|
metadata_buffer_->Encode(&encoder);
|
827
1006
|
}
|
828
|
-
summary =
|
829
|
-
|
830
|
-
|
831
|
-
|
832
|
-
|
833
|
-
|
834
|
-
|
835
|
-
[this, summary = std::move(summary)] {
|
836
|
-
return grpc_error_set_int(
|
837
|
-
grpc_error_set_int(
|
838
|
-
GRPC_ERROR_CREATE(absl::StrCat(
|
839
|
-
"received initial metadata size exceeds limit (",
|
840
|
-
*frame_length_, " vs. ", metadata_size_limit_, ")",
|
841
|
-
summary)),
|
842
|
-
StatusIntProperty::kRpcStatus,
|
843
|
-
GRPC_STATUS_RESOURCE_EXHAUSTED),
|
844
|
-
StatusIntProperty::kStreamId, 0);
|
845
|
-
},
|
846
|
-
false);
|
847
|
-
}
|
848
|
-
|
849
|
-
static void ReportMetadataParseError(absl::string_view key,
|
850
|
-
absl::string_view error,
|
851
|
-
absl::string_view value) {
|
852
|
-
gpr_log(
|
853
|
-
GPR_ERROR, "Error parsing metadata: %s",
|
854
|
-
absl::StrCat("error=", error, " key=", key, " value=", value).c_str());
|
1007
|
+
summary = absl::StrCat("; adding ", md.md.key(), " (length ",
|
1008
|
+
md.md.transport_size(), "B)",
|
1009
|
+
summary.empty() ? "" : " to ", summary);
|
1010
|
+
error_message = absl::StrCat(
|
1011
|
+
"received metadata size exceeds hard limit (", *frame_length_, " vs. ",
|
1012
|
+
metadata_early_detection_->hard_limit(), ")", summary);
|
1013
|
+
HandleMetadataParseError(absl::ResourceExhaustedError(error_message));
|
855
1014
|
}
|
856
1015
|
|
857
1016
|
Input* const input_;
|
858
|
-
grpc_metadata_batch*
|
1017
|
+
grpc_metadata_batch* metadata_buffer_;
|
859
1018
|
HPackTable* const table_;
|
860
1019
|
uint8_t* const dynamic_table_updates_allowed_;
|
861
1020
|
uint32_t* const frame_length_;
|
862
|
-
|
1021
|
+
// Random early detection of metadata size limits.
|
1022
|
+
RandomEarlyDetection* metadata_early_detection_;
|
863
1023
|
const LogInfo log_info_;
|
864
1024
|
};
|
865
1025
|
|
@@ -881,8 +1041,10 @@ HPackParser::HPackParser() = default;
|
|
881
1041
|
HPackParser::~HPackParser() = default;
|
882
1042
|
|
883
1043
|
void HPackParser::BeginFrame(grpc_metadata_batch* metadata_buffer,
|
884
|
-
uint32_t
|
885
|
-
|
1044
|
+
uint32_t metadata_size_soft_limit,
|
1045
|
+
uint32_t metadata_size_hard_limit,
|
1046
|
+
Boundary boundary, Priority priority,
|
1047
|
+
LogInfo log_info) {
|
886
1048
|
metadata_buffer_ = metadata_buffer;
|
887
1049
|
if (metadata_buffer != nullptr) {
|
888
1050
|
metadata_buffer->Set(GrpcStatusFromWire(), true);
|
@@ -891,7 +1053,9 @@ void HPackParser::BeginFrame(grpc_metadata_batch* metadata_buffer,
|
|
891
1053
|
priority_ = priority;
|
892
1054
|
dynamic_table_updates_allowed_ = 2;
|
893
1055
|
frame_length_ = 0;
|
894
|
-
|
1056
|
+
metadata_early_detection_ = RandomEarlyDetection(
|
1057
|
+
/*soft_limit=*/metadata_size_soft_limit,
|
1058
|
+
/*hard_limit=*/metadata_size_hard_limit);
|
895
1059
|
log_info_ = log_info;
|
896
1060
|
}
|
897
1061
|
|
@@ -909,43 +1073,72 @@ grpc_error_handle HPackParser::Parse(const grpc_slice& slice, bool is_last) {
|
|
909
1073
|
}
|
910
1074
|
|
911
1075
|
grpc_error_handle HPackParser::ParseInput(Input input, bool is_last) {
|
912
|
-
|
913
|
-
if (is_last)
|
914
|
-
|
1076
|
+
ParseInputInner(&input);
|
1077
|
+
if (is_last) {
|
1078
|
+
if (metadata_early_detection_.Reject(frame_length_)) {
|
1079
|
+
HandleMetadataSoftSizeLimitExceeded(&input);
|
1080
|
+
}
|
1081
|
+
global_stats().IncrementHttp2MetadataSize(frame_length_);
|
1082
|
+
}
|
915
1083
|
if (input.eof_error()) {
|
916
1084
|
if (GPR_UNLIKELY(is_last && is_boundary())) {
|
917
|
-
|
1085
|
+
auto err = input.TakeError();
|
1086
|
+
if (!err.ok() && !IsStreamError(err)) return err;
|
1087
|
+
return absl::InternalError(
|
918
1088
|
"Incomplete header at the end of a header/continuation sequence");
|
919
1089
|
}
|
920
1090
|
unparsed_bytes_ = std::vector<uint8_t>(input.frontier(), input.end_ptr());
|
921
|
-
return
|
1091
|
+
return input.TakeError();
|
922
1092
|
}
|
923
1093
|
return input.TakeError();
|
924
1094
|
}
|
925
1095
|
|
926
|
-
|
1096
|
+
void HPackParser::ParseInputInner(Input* input) {
|
927
1097
|
switch (priority_) {
|
928
1098
|
case Priority::None:
|
929
1099
|
break;
|
930
1100
|
case Priority::Included: {
|
931
|
-
if (input->remaining() < 5)
|
1101
|
+
if (input->remaining() < 5) {
|
1102
|
+
input->UnexpectedEOF();
|
1103
|
+
return;
|
1104
|
+
}
|
932
1105
|
input->Advance(5);
|
933
1106
|
input->UpdateFrontier();
|
934
1107
|
priority_ = Priority::None;
|
935
1108
|
}
|
936
1109
|
}
|
937
1110
|
while (!input->end_of_stream()) {
|
938
|
-
if (GPR_UNLIKELY(!Parser(input, metadata_buffer_,
|
939
|
-
&
|
940
|
-
&
|
1111
|
+
if (GPR_UNLIKELY(!Parser(input, metadata_buffer_, &table_,
|
1112
|
+
&dynamic_table_updates_allowed_, &frame_length_,
|
1113
|
+
&metadata_early_detection_, log_info_)
|
941
1114
|
.Parse())) {
|
942
|
-
return
|
1115
|
+
return;
|
943
1116
|
}
|
944
1117
|
input->UpdateFrontier();
|
945
1118
|
}
|
946
|
-
return true;
|
947
1119
|
}
|
948
1120
|
|
949
1121
|
void HPackParser::FinishFrame() { metadata_buffer_ = nullptr; }
|
950
1122
|
|
1123
|
+
void HPackParser::HandleMetadataSoftSizeLimitExceeded(Input* input) {
|
1124
|
+
// Collect a summary of sizes so far for debugging
|
1125
|
+
// Do not collect contents, for fear of exposing PII.
|
1126
|
+
std::string summary;
|
1127
|
+
std::string error_message;
|
1128
|
+
if (metadata_buffer_ != nullptr) {
|
1129
|
+
MetadataSizeLimitExceededEncoder encoder(summary);
|
1130
|
+
metadata_buffer_->Encode(&encoder);
|
1131
|
+
}
|
1132
|
+
error_message = absl::StrCat(
|
1133
|
+
"received metadata size exceeds soft limit (", frame_length_, " vs. ",
|
1134
|
+
metadata_early_detection_.soft_limit(),
|
1135
|
+
"), rejecting requests with some random probability", summary);
|
1136
|
+
if (metadata_buffer_ != nullptr) {
|
1137
|
+
metadata_buffer_->Clear();
|
1138
|
+
metadata_buffer_ = nullptr;
|
1139
|
+
}
|
1140
|
+
input->SetErrorAndContinueParsing(
|
1141
|
+
absl::ResourceExhaustedError(error_message));
|
1142
|
+
}
|
1143
|
+
|
951
1144
|
} // namespace grpc_core
|