grpc 1.55.0 → 1.56.0.pre3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (374) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +100 -68
  3. data/include/grpc/event_engine/event_engine.h +4 -3
  4. data/include/grpc/grpc_audit_logging.h +96 -0
  5. data/include/grpc/module.modulemap +2 -0
  6. data/include/grpc/support/json.h +218 -0
  7. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
  9. data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
  11. data/src/core/ext/filters/client_channel/client_channel.h +6 -0
  12. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
  13. data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
  14. data/src/core/ext/filters/client_channel/config_selector.h +9 -24
  15. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
  16. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
  17. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  20. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
  21. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +52 -20
  22. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
  23. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
  24. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
  25. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
  26. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
  28. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
  29. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
  30. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
  31. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +32 -39
  32. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
  38. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
  40. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
  41. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
  42. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
  43. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
  44. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
  45. data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
  46. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
  47. data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
  48. data/src/core/ext/filters/client_channel/subchannel.h +3 -43
  49. data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
  50. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
  51. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
  52. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
  53. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
  54. data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
  55. data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
  56. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
  57. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
  58. data/src/core/ext/xds/certificate_provider_store.cc +4 -9
  59. data/src/core/ext/xds/certificate_provider_store.h +1 -1
  60. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
  61. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
  62. data/src/core/ext/xds/xds_api.cc +9 -6
  63. data/src/core/ext/xds/xds_api.h +3 -2
  64. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  65. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  66. data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
  67. data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
  68. data/src/core/ext/xds/xds_client.cc +5 -4
  69. data/src/core/ext/xds/xds_client_stats.h +1 -1
  70. data/src/core/ext/xds/xds_cluster.cc +20 -19
  71. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
  72. data/src/core/ext/xds/xds_common_types.cc +3 -1
  73. data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
  74. data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
  75. data/src/core/ext/xds/xds_http_filters.h +4 -2
  76. data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
  77. data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
  78. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
  79. data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
  80. data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
  81. data/src/core/ext/xds/xds_listener.cc +1 -0
  82. data/src/core/ext/xds/xds_route_config.cc +40 -3
  83. data/src/core/ext/xds/xds_routing.cc +2 -2
  84. data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
  85. data/src/core/lib/avl/avl.h +5 -0
  86. data/src/core/lib/channel/channel_args.cc +80 -22
  87. data/src/core/lib/channel/channel_args.h +34 -1
  88. data/src/core/lib/channel/channel_trace.cc +16 -12
  89. data/src/core/lib/channel/channelz.cc +159 -132
  90. data/src/core/lib/channel/channelz.h +42 -35
  91. data/src/core/lib/channel/channelz_registry.cc +23 -20
  92. data/src/core/lib/channel/connected_channel.cc +17 -6
  93. data/src/core/lib/channel/promise_based_filter.cc +0 -4
  94. data/src/core/lib/channel/promise_based_filter.h +2 -0
  95. data/src/core/lib/compression/compression_internal.cc +2 -5
  96. data/src/core/lib/config/config_vars.cc +20 -18
  97. data/src/core/lib/config/config_vars.h +4 -4
  98. data/src/core/lib/config/load_config.cc +13 -0
  99. data/src/core/lib/config/load_config.h +6 -0
  100. data/src/core/lib/debug/event_log.h +1 -1
  101. data/src/core/lib/debug/stats_data.h +1 -1
  102. data/src/core/lib/debug/trace.cc +24 -55
  103. data/src/core/lib/debug/trace.h +3 -1
  104. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  105. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  106. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  107. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  108. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  109. data/src/core/lib/event_engine/default_event_engine.cc +13 -1
  110. data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
  111. data/src/core/lib/event_engine/poller.h +2 -2
  112. data/src/core/lib/event_engine/posix.h +4 -0
  113. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  114. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
  115. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
  116. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
  117. data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -1
  118. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +4 -4
  119. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -8
  120. data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
  121. data/src/core/lib/event_engine/shim.cc +7 -1
  122. data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
  123. data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
  124. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  125. data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
  126. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  127. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  128. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  129. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
  130. data/src/core/lib/event_engine/windows/iocp.cc +4 -3
  131. data/src/core/lib/event_engine/windows/iocp.h +3 -3
  132. data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
  133. data/src/core/lib/event_engine/windows/win_socket.h +4 -4
  134. data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
  135. data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
  136. data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
  137. data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
  138. data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
  139. data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
  140. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  141. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  142. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  143. data/src/core/lib/experiments/config.cc +38 -7
  144. data/src/core/lib/experiments/config.h +16 -0
  145. data/src/core/lib/experiments/experiments.cc +67 -20
  146. data/src/core/lib/experiments/experiments.h +27 -21
  147. data/src/core/lib/gpr/log_internal.h +55 -0
  148. data/src/core/lib/gprpp/crash.cc +10 -0
  149. data/src/core/lib/gprpp/crash.h +3 -0
  150. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  151. data/src/core/lib/gprpp/per_cpu.h +29 -6
  152. data/src/core/lib/gprpp/time.cc +1 -0
  153. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  154. data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
  155. data/src/core/lib/iomgr/ev_apple.cc +12 -12
  156. data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
  157. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
  158. data/src/core/lib/iomgr/iocp_windows.cc +24 -3
  159. data/src/core/lib/iomgr/iocp_windows.h +11 -0
  160. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
  161. data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
  162. data/src/core/lib/iomgr/socket_windows.cc +61 -7
  163. data/src/core/lib/iomgr/socket_windows.h +9 -2
  164. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
  165. data/src/core/lib/iomgr/tcp_server_posix.cc +148 -107
  166. data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
  167. data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
  168. data/src/core/lib/json/json.h +2 -166
  169. data/src/core/lib/json/json_object_loader.cc +8 -9
  170. data/src/core/lib/json/json_object_loader.h +25 -18
  171. data/src/core/lib/json/json_reader.cc +13 -6
  172. data/src/core/lib/json/json_util.cc +6 -11
  173. data/src/core/lib/json/json_writer.cc +7 -8
  174. data/src/core/lib/load_balancing/lb_policy.h +13 -0
  175. data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
  176. data/src/core/lib/matchers/matchers.cc +3 -4
  177. data/src/core/lib/matchers/matchers.h +2 -1
  178. data/src/core/lib/promise/activity.cc +5 -0
  179. data/src/core/lib/promise/activity.h +10 -0
  180. data/src/core/lib/promise/detail/promise_factory.h +1 -1
  181. data/src/core/lib/promise/party.cc +31 -13
  182. data/src/core/lib/promise/party.h +11 -2
  183. data/src/core/lib/promise/pipe.h +9 -2
  184. data/src/core/lib/promise/prioritized_race.h +95 -0
  185. data/src/core/lib/promise/sleep.cc +2 -1
  186. data/src/core/lib/resolver/server_address.cc +0 -8
  187. data/src/core/lib/resolver/server_address.h +0 -6
  188. data/src/core/lib/resource_quota/memory_quota.cc +7 -7
  189. data/src/core/lib/resource_quota/memory_quota.h +1 -2
  190. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  191. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  192. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
  193. data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
  194. data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
  195. data/src/core/lib/security/authorization/rbac_policy.h +19 -2
  196. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  197. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  198. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
  199. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
  200. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
  201. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
  202. data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
  203. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
  204. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
  205. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
  206. data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
  207. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
  208. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
  209. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
  210. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
  211. data/src/core/lib/security/util/json_util.cc +1 -0
  212. data/src/core/lib/service_config/service_config_call_data.h +49 -20
  213. data/src/core/lib/service_config/service_config_impl.cc +2 -1
  214. data/src/core/lib/surface/call.cc +38 -23
  215. data/src/core/lib/surface/completion_queue.cc +6 -2
  216. data/src/core/lib/surface/version.cc +2 -2
  217. data/src/core/lib/transport/batch_builder.cc +15 -12
  218. data/src/core/lib/transport/batch_builder.h +39 -35
  219. data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
  220. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
  221. data/src/ruby/ext/grpc/extconf.rb +8 -9
  222. data/src/ruby/lib/grpc/version.rb +1 -1
  223. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
  224. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
  225. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
  226. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
  227. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
  228. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
  229. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
  230. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
  231. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
  232. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
  233. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
  234. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
  235. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  236. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  237. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
  238. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
  239. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  240. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  241. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
  242. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
  243. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
  244. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  245. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
  246. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
  250. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
  251. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
  252. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
  253. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
  254. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
  255. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
  256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
  258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
  259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
  260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
  261. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
  262. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  263. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
  264. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
  265. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
  266. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  267. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
  268. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
  269. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  270. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
  271. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
  272. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
  273. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
  274. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
  275. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
  276. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  277. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
  278. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
  279. data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
  280. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
  281. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
  282. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
  283. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
  284. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
  286. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  287. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
  288. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
  289. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
  290. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
  291. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
  292. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
  293. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
  294. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
  295. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
  296. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
  297. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
  298. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  299. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  300. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
  301. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
  302. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
  303. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
  304. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
  305. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
  306. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
  307. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
  308. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
  309. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
  310. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
  311. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
  312. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  313. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
  314. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
  315. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
  316. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
  317. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
  318. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
  319. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
  320. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
  321. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
  322. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
  323. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
  324. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
  325. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
  326. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
  327. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
  328. data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
  329. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
  330. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
  331. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
  332. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
  333. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
  334. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  335. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
  336. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
  337. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
  338. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  339. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  340. data/third_party/cares/cares/include/ares.h +23 -1
  341. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  342. data/third_party/cares/cares/include/ares_rules.h +2 -2
  343. data/third_party/cares/cares/include/ares_version.h +3 -3
  344. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  345. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  346. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  347. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  348. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  349. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  350. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  351. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  352. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  353. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  354. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  355. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  356. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  357. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  358. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  359. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  360. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  361. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  362. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  363. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  364. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  365. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  366. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  367. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  368. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  369. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  370. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  371. metadata +50 -14
  372. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
  373. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  374. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -693,15 +693,18 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *out_omit,
693
693
  case V_ASN1_SET:
694
694
  // This is not a valid |ASN1_ITEM| type, but it appears in |ASN1_TYPE|.
695
695
  case V_ASN1_OTHER:
696
+ // TODO(crbug.com/boringssl/412): This default case should be removed, now
697
+ // that we've resolved https://crbug.com/boringssl/561. However, it is still
698
+ // needed to support some edge cases in |ASN1_PRINTABLE|. |ASN1_PRINTABLE|
699
+ // broadly doesn't tolerate unrecognized universal tags, but except for
700
+ // eight values that map to |B_ASN1_UNKNOWN| instead of zero. See the
701
+ // X509Test.NameAttributeValues test.
702
+ default:
696
703
  // All based on ASN1_STRING and handled the same
697
704
  strtmp = (ASN1_STRING *)*pval;
698
705
  cont = strtmp->data;
699
706
  len = strtmp->length;
700
707
  break;
701
-
702
- default:
703
- OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
704
- return -1;
705
708
  }
706
709
  if (cout && len) {
707
710
  OPENSSL_memcpy(cout, cont, len);
@@ -423,7 +423,7 @@ int BIO_indent(BIO *bio, unsigned indent, unsigned max_indent) {
423
423
  }
424
424
 
425
425
  static int print_bio(const char *str, size_t len, void *bio) {
426
- return BIO_write((BIO *)bio, str, len);
426
+ return BIO_write_all((BIO *)bio, str, len);
427
427
  }
428
428
 
429
429
  void ERR_print_errors(BIO *bio) {
@@ -462,9 +462,11 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len,
462
462
  OPENSSL_free(*out);
463
463
  return 0;
464
464
  }
465
- const size_t todo = len - done;
466
- assert(todo < INT_MAX);
467
- const int n = BIO_read(bio, *out + done, todo);
465
+ size_t todo = len - done;
466
+ if (todo > INT_MAX) {
467
+ todo = INT_MAX;
468
+ }
469
+ const int n = BIO_read(bio, *out + done, (int)todo);
468
470
  if (n == 0) {
469
471
  *out_len = done;
470
472
  return 1;
@@ -257,7 +257,8 @@ static int fd_gets(BIO *bp, char *buf, int size) {
257
257
 
258
258
  ptr[0] = '\0';
259
259
 
260
- return ptr - buf;
260
+ // The output length is bounded by |size|.
261
+ return (int)(ptr - buf);
261
262
  }
262
263
 
263
264
  static const BIO_METHOD methods_fdp = {
@@ -157,13 +157,11 @@ static int file_read(BIO *b, char *out, int outl) {
157
157
  }
158
158
 
159
159
  static int file_write(BIO *b, const char *in, int inl) {
160
- int ret = 0;
161
-
162
160
  if (!b->init) {
163
161
  return 0;
164
162
  }
165
163
 
166
- ret = fwrite(in, inl, 1, (FILE *)b->ptr);
164
+ int ret = (int)fwrite(in, inl, 1, (FILE *)b->ptr);
167
165
  if (ret > 0) {
168
166
  ret = inl;
169
167
  }
@@ -253,20 +251,18 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
253
251
  }
254
252
 
255
253
  static int file_gets(BIO *bp, char *buf, int size) {
256
- int ret = 0;
257
-
258
254
  if (size == 0) {
259
255
  return 0;
260
256
  }
261
257
 
262
258
  if (!fgets(buf, size, (FILE *)bp->ptr)) {
263
259
  buf[0] = 0;
264
- goto err;
260
+ // TODO(davidben): This doesn't distinguish error and EOF. This should check
261
+ // |ferror| as in |file_read|.
262
+ return 0;
265
263
  }
266
- ret = strlen(buf);
267
264
 
268
- err:
269
- return ret;
265
+ return (int)strlen(buf);
270
266
  }
271
267
 
272
268
  static const BIO_METHOD methods_filep = {
@@ -221,7 +221,8 @@ static int bio_read(BIO *bio, char *buf, int size_) {
221
221
  rest -= chunk;
222
222
  } while (rest);
223
223
 
224
- return size;
224
+ // |size| is bounded by the buffer size, which fits in |int|.
225
+ return (int)size;
225
226
  }
226
227
 
227
228
  static int bio_write(BIO *bio, const char *buf, int num_) {
@@ -293,7 +294,8 @@ static int bio_write(BIO *bio, const char *buf, int num_) {
293
294
  buf += chunk;
294
295
  } while (rest);
295
296
 
296
- return num;
297
+ // |num| is bounded by the buffer size, which fits in |int|.
298
+ return (int)num;
297
299
  }
298
300
 
299
301
  static int bio_make_pair(BIO *bio1, BIO *bio2, size_t writebuf1_len,
@@ -55,10 +55,13 @@ static void blake2b_mix(uint64_t v[16], int a, int b, int c, int d, uint64_t x,
55
55
  v[b] = CRYPTO_rotr_u64(v[b] ^ v[c], 63);
56
56
  }
57
57
 
58
- static void blake2b_transform(
59
- BLAKE2B_CTX *b2b,
60
- const uint64_t block_words[BLAKE2B_CBLOCK / sizeof(uint64_t)],
61
- size_t num_bytes, int is_final_block) {
58
+ static uint64_t blake2b_load(const uint8_t block[BLAKE2B_CBLOCK], size_t i) {
59
+ return CRYPTO_load_u64_le(block + 8 * i);
60
+ }
61
+
62
+ static void blake2b_transform(BLAKE2B_CTX *b2b,
63
+ const uint8_t block[BLAKE2B_CBLOCK],
64
+ size_t num_bytes, int is_final_block) {
62
65
  // https://tools.ietf.org/html/rfc7693#section-3.2
63
66
  uint64_t v[16];
64
67
  static_assert(sizeof(v) == sizeof(b2b->h) + sizeof(kIV), "");
@@ -78,14 +81,22 @@ static void blake2b_transform(
78
81
 
79
82
  for (int round = 0; round < 12; round++) {
80
83
  const uint8_t *const s = &kSigma[16 * (round % 10)];
81
- blake2b_mix(v, 0, 4, 8, 12, block_words[s[0]], block_words[s[1]]);
82
- blake2b_mix(v, 1, 5, 9, 13, block_words[s[2]], block_words[s[3]]);
83
- blake2b_mix(v, 2, 6, 10, 14, block_words[s[4]], block_words[s[5]]);
84
- blake2b_mix(v, 3, 7, 11, 15, block_words[s[6]], block_words[s[7]]);
85
- blake2b_mix(v, 0, 5, 10, 15, block_words[s[8]], block_words[s[9]]);
86
- blake2b_mix(v, 1, 6, 11, 12, block_words[s[10]], block_words[s[11]]);
87
- blake2b_mix(v, 2, 7, 8, 13, block_words[s[12]], block_words[s[13]]);
88
- blake2b_mix(v, 3, 4, 9, 14, block_words[s[14]], block_words[s[15]]);
84
+ blake2b_mix(v, 0, 4, 8, 12, blake2b_load(block, s[0]),
85
+ blake2b_load(block, s[1]));
86
+ blake2b_mix(v, 1, 5, 9, 13, blake2b_load(block, s[2]),
87
+ blake2b_load(block, s[3]));
88
+ blake2b_mix(v, 2, 6, 10, 14, blake2b_load(block, s[4]),
89
+ blake2b_load(block, s[5]));
90
+ blake2b_mix(v, 3, 7, 11, 15, blake2b_load(block, s[6]),
91
+ blake2b_load(block, s[7]));
92
+ blake2b_mix(v, 0, 5, 10, 15, blake2b_load(block, s[8]),
93
+ blake2b_load(block, s[9]));
94
+ blake2b_mix(v, 1, 6, 11, 12, blake2b_load(block, s[10]),
95
+ blake2b_load(block, s[11]));
96
+ blake2b_mix(v, 2, 7, 8, 13, blake2b_load(block, s[12]),
97
+ blake2b_load(block, s[13]));
98
+ blake2b_mix(v, 3, 4, 9, 14, blake2b_load(block, s[14]),
99
+ blake2b_load(block, s[15]));
89
100
  }
90
101
 
91
102
  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(b2b->h); i++) {
@@ -111,11 +122,11 @@ void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) {
111
122
  }
112
123
 
113
124
  const uint8_t *data = in_data;
114
- size_t todo = sizeof(b2b->block.bytes) - b2b->block_used;
125
+ size_t todo = sizeof(b2b->block) - b2b->block_used;
115
126
  if (todo > len) {
116
127
  todo = len;
117
128
  }
118
- OPENSSL_memcpy(&b2b->block.bytes[b2b->block_used], data, todo);
129
+ OPENSSL_memcpy(&b2b->block[b2b->block_used], data, todo);
119
130
  b2b->block_used += todo;
120
131
  data += todo;
121
132
  len -= todo;
@@ -126,26 +137,24 @@ void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) {
126
137
 
127
138
  // More input remains therefore we must have filled |b2b->block|.
128
139
  assert(b2b->block_used == BLAKE2B_CBLOCK);
129
- blake2b_transform(b2b, b2b->block.words, BLAKE2B_CBLOCK,
140
+ blake2b_transform(b2b, b2b->block, BLAKE2B_CBLOCK,
130
141
  /*is_final_block=*/0);
131
142
  b2b->block_used = 0;
132
143
 
133
144
  while (len > BLAKE2B_CBLOCK) {
134
- uint64_t block_words[BLAKE2B_CBLOCK / sizeof(uint64_t)];
135
- OPENSSL_memcpy(block_words, data, sizeof(block_words));
136
- blake2b_transform(b2b, block_words, BLAKE2B_CBLOCK, /*is_final_block=*/0);
145
+ blake2b_transform(b2b, data, BLAKE2B_CBLOCK, /*is_final_block=*/0);
137
146
  data += BLAKE2B_CBLOCK;
138
147
  len -= BLAKE2B_CBLOCK;
139
148
  }
140
149
 
141
- OPENSSL_memcpy(b2b->block.bytes, data, len);
150
+ OPENSSL_memcpy(b2b->block, data, len);
142
151
  b2b->block_used = len;
143
152
  }
144
153
 
145
154
  void BLAKE2B256_Final(uint8_t out[BLAKE2B256_DIGEST_LENGTH], BLAKE2B_CTX *b2b) {
146
- OPENSSL_memset(&b2b->block.bytes[b2b->block_used], 0,
147
- sizeof(b2b->block.bytes) - b2b->block_used);
148
- blake2b_transform(b2b, b2b->block.words, b2b->block_used,
155
+ OPENSSL_memset(&b2b->block[b2b->block_used], 0,
156
+ sizeof(b2b->block) - b2b->block_used);
157
+ blake2b_transform(b2b, b2b->block, b2b->block_used,
149
158
  /*is_final_block=*/1);
150
159
  static_assert(BLAKE2B256_DIGEST_LENGTH <= sizeof(b2b->h), "");
151
160
  memcpy(out, b2b->h, BLAKE2B256_DIGEST_LENGTH);
@@ -400,6 +400,14 @@ static int aead_aes_128_cbc_sha1_tls_implicit_iv_init(
400
400
  EVP_sha1(), 1);
401
401
  }
402
402
 
403
+ static int aead_aes_128_cbc_sha256_tls_init(EVP_AEAD_CTX *ctx,
404
+ const uint8_t *key, size_t key_len,
405
+ size_t tag_len,
406
+ enum evp_aead_direction_t dir) {
407
+ return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_aes_128_cbc(),
408
+ EVP_sha256(), 0);
409
+ }
410
+
403
411
  static int aead_aes_256_cbc_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
404
412
  size_t key_len, size_t tag_len,
405
413
  enum evp_aead_direction_t dir) {
@@ -442,13 +450,6 @@ static int aead_tls_get_iv(const EVP_AEAD_CTX *ctx, const uint8_t **out_iv,
442
450
  return 1;
443
451
  }
444
452
 
445
- static int aead_null_sha1_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
446
- size_t key_len, size_t tag_len,
447
- enum evp_aead_direction_t dir) {
448
- return aead_tls_init(ctx, key, key_len, tag_len, dir, EVP_enc_null(),
449
- EVP_sha1(), 1 /* implicit iv */);
450
- }
451
-
452
453
  static const EVP_AEAD aead_aes_128_cbc_sha1_tls = {
453
454
  SHA_DIGEST_LENGTH + 16, // key len (SHA1 + AES128)
454
455
  16, // nonce len (IV)
@@ -483,6 +484,23 @@ static const EVP_AEAD aead_aes_128_cbc_sha1_tls_implicit_iv = {
483
484
  aead_tls_tag_len,
484
485
  };
485
486
 
487
+ static const EVP_AEAD aead_aes_128_cbc_sha256_tls = {
488
+ SHA256_DIGEST_LENGTH + 16, // key len (SHA256 + AES128)
489
+ 16, // nonce len (IV)
490
+ 16 + SHA256_DIGEST_LENGTH, // overhead (padding + SHA256)
491
+ SHA256_DIGEST_LENGTH, // max tag length
492
+ 0, // seal_scatter_supports_extra_in
493
+
494
+ NULL, // init
495
+ aead_aes_128_cbc_sha256_tls_init,
496
+ aead_tls_cleanup,
497
+ aead_tls_open,
498
+ aead_tls_seal_scatter,
499
+ NULL, // open_gather
500
+ NULL, // get_iv
501
+ aead_tls_tag_len,
502
+ };
503
+
486
504
  static const EVP_AEAD aead_aes_256_cbc_sha1_tls = {
487
505
  SHA_DIGEST_LENGTH + 32, // key len (SHA1 + AES256)
488
506
  16, // nonce len (IV)
@@ -551,23 +569,6 @@ static const EVP_AEAD aead_des_ede3_cbc_sha1_tls_implicit_iv = {
551
569
  aead_tls_tag_len,
552
570
  };
553
571
 
554
- static const EVP_AEAD aead_null_sha1_tls = {
555
- SHA_DIGEST_LENGTH, // key len
556
- 0, // nonce len
557
- SHA_DIGEST_LENGTH, // overhead (SHA1)
558
- SHA_DIGEST_LENGTH, // max tag length
559
- 0, // seal_scatter_supports_extra_in
560
-
561
- NULL, // init
562
- aead_null_sha1_tls_init,
563
- aead_tls_cleanup,
564
- aead_tls_open,
565
- aead_tls_seal_scatter,
566
- NULL, // open_gather
567
- NULL, // get_iv
568
- aead_tls_tag_len,
569
- };
570
-
571
572
  const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls(void) {
572
573
  return &aead_aes_128_cbc_sha1_tls;
573
574
  }
@@ -576,6 +577,10 @@ const EVP_AEAD *EVP_aead_aes_128_cbc_sha1_tls_implicit_iv(void) {
576
577
  return &aead_aes_128_cbc_sha1_tls_implicit_iv;
577
578
  }
578
579
 
580
+ const EVP_AEAD *EVP_aead_aes_128_cbc_sha256_tls(void) {
581
+ return &aead_aes_128_cbc_sha256_tls;
582
+ }
583
+
579
584
  const EVP_AEAD *EVP_aead_aes_256_cbc_sha1_tls(void) {
580
585
  return &aead_aes_256_cbc_sha1_tls;
581
586
  }
@@ -591,5 +596,3 @@ const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls(void) {
591
596
  const EVP_AEAD *EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv(void) {
592
597
  return &aead_des_ede3_cbc_sha1_tls_implicit_iv;
593
598
  }
594
-
595
- const EVP_AEAD *EVP_aead_null_sha1_tls(void) { return &aead_null_sha1_tls; }
@@ -109,6 +109,14 @@ OPENSSL_EXPORT int EVP_sha1_final_with_secret_suffix(
109
109
  SHA_CTX *ctx, uint8_t out[SHA_DIGEST_LENGTH], const uint8_t *in, size_t len,
110
110
  size_t max_len);
111
111
 
112
+ // EVP_sha256_final_with_secret_suffix acts like
113
+ // |EVP_sha1_final_with_secret_suffix|, but for SHA-256.
114
+ //
115
+ // This function is exported for unit tests.
116
+ OPENSSL_EXPORT int EVP_sha256_final_with_secret_suffix(
117
+ SHA256_CTX *ctx, uint8_t out[SHA256_DIGEST_LENGTH], const uint8_t *in,
118
+ size_t len, size_t max_len);
119
+
112
120
  // EVP_tls_cbc_digest_record computes the MAC of a decrypted, padded TLS
113
121
  // record.
114
122
  //
@@ -267,24 +267,115 @@ int EVP_sha1_final_with_secret_suffix(SHA_CTX *ctx,
267
267
  return 1;
268
268
  }
269
269
 
270
- int EVP_tls_cbc_record_digest_supported(const EVP_MD *md) {
271
- return EVP_MD_type(md) == NID_sha1;
270
+ int EVP_sha256_final_with_secret_suffix(SHA256_CTX *ctx,
271
+ uint8_t out[SHA256_DIGEST_LENGTH],
272
+ const uint8_t *in, size_t len,
273
+ size_t max_len) {
274
+ // Bound the input length so |total_bits| below fits in four bytes. This is
275
+ // redundant with TLS record size limits. This also ensures |input_idx| below
276
+ // does not overflow.
277
+ size_t max_len_bits = max_len << 3;
278
+ if (ctx->Nh != 0 ||
279
+ (max_len_bits >> 3) != max_len || // Overflow
280
+ ctx->Nl + max_len_bits < max_len_bits ||
281
+ ctx->Nl + max_len_bits > UINT32_MAX) {
282
+ return 0;
283
+ }
284
+
285
+ // We need to hash the following into |ctx|:
286
+ //
287
+ // - ctx->data[:ctx->num]
288
+ // - in[:len]
289
+ // - A 0x80 byte
290
+ // - However many zero bytes are needed to pad up to a block.
291
+ // - Eight bytes of length.
292
+ size_t num_blocks = (ctx->num + len + 1 + 8 + SHA256_CBLOCK - 1) >> 6;
293
+ size_t last_block = num_blocks - 1;
294
+ size_t max_blocks = (ctx->num + max_len + 1 + 8 + SHA256_CBLOCK - 1) >> 6;
295
+
296
+ // The bounds above imply |total_bits| fits in four bytes.
297
+ size_t total_bits = ctx->Nl + (len << 3);
298
+ uint8_t length_bytes[4];
299
+ length_bytes[0] = (uint8_t)(total_bits >> 24);
300
+ length_bytes[1] = (uint8_t)(total_bits >> 16);
301
+ length_bytes[2] = (uint8_t)(total_bits >> 8);
302
+ length_bytes[3] = (uint8_t)total_bits;
303
+
304
+ // We now construct and process each expected block in constant-time.
305
+ uint8_t block[SHA256_CBLOCK] = {0};
306
+ uint32_t result[8] = {0};
307
+ // input_idx is the index into |in| corresponding to the current block.
308
+ // However, we allow this index to overflow beyond |max_len|, to simplify the
309
+ // 0x80 byte.
310
+ size_t input_idx = 0;
311
+ for (size_t i = 0; i < max_blocks; i++) {
312
+ // Fill |block| with data from the partial block in |ctx| and |in|. We copy
313
+ // as if we were hashing up to |max_len| and then zero the excess later.
314
+ size_t block_start = 0;
315
+ if (i == 0) {
316
+ OPENSSL_memcpy(block, ctx->data, ctx->num);
317
+ block_start = ctx->num;
318
+ }
319
+ if (input_idx < max_len) {
320
+ size_t to_copy = SHA256_CBLOCK - block_start;
321
+ if (to_copy > max_len - input_idx) {
322
+ to_copy = max_len - input_idx;
323
+ }
324
+ OPENSSL_memcpy(block + block_start, in + input_idx, to_copy);
325
+ }
326
+
327
+ // Zero any bytes beyond |len| and add the 0x80 byte.
328
+ for (size_t j = block_start; j < SHA256_CBLOCK; j++) {
329
+ // input[idx] corresponds to block[j].
330
+ size_t idx = input_idx + j - block_start;
331
+ // The barriers on |len| are not strictly necessary. However, without
332
+ // them, GCC compiles this code by incorporating |len| into the loop
333
+ // counter and subtracting it out later. This is still constant-time, but
334
+ // it frustrates attempts to validate this.
335
+ uint8_t is_in_bounds = constant_time_lt_8(idx, value_barrier_w(len));
336
+ uint8_t is_padding_byte = constant_time_eq_8(idx, value_barrier_w(len));
337
+ block[j] &= is_in_bounds;
338
+ block[j] |= 0x80 & is_padding_byte;
339
+ }
340
+
341
+ input_idx += SHA256_CBLOCK - block_start;
342
+
343
+ // Fill in the length if this is the last block.
344
+ crypto_word_t is_last_block = constant_time_eq_w(i, last_block);
345
+ for (size_t j = 0; j < 4; j++) {
346
+ block[SHA256_CBLOCK - 4 + j] |= is_last_block & length_bytes[j];
347
+ }
348
+
349
+ // Process the block and save the hash state if it is the final value.
350
+ SHA256_Transform(ctx, block);
351
+ for (size_t j = 0; j < 8; j++) {
352
+ result[j] |= is_last_block & ctx->h[j];
353
+ }
354
+ }
355
+
356
+ // Write the output.
357
+ for (size_t i = 0; i < 8; i++) {
358
+ CRYPTO_store_u32_be(out + 4 * i, result[i]);
359
+ }
360
+ return 1;
272
361
  }
273
362
 
274
- int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
275
- size_t *md_out_size, const uint8_t header[13],
276
- const uint8_t *data, size_t data_size,
277
- size_t data_plus_mac_plus_padding_size,
278
- const uint8_t *mac_secret,
279
- unsigned mac_secret_length) {
280
- if (EVP_MD_type(md) != NID_sha1) {
281
- // EVP_tls_cbc_record_digest_supported should have been called first to
282
- // check that the hash function is supported.
283
- assert(0);
284
- *md_out_size = 0;
363
+ int EVP_tls_cbc_record_digest_supported(const EVP_MD *md) {
364
+ switch (EVP_MD_type(md)) {
365
+ case NID_sha1:
366
+ case NID_sha256:
367
+ return 1;
368
+ default:
285
369
  return 0;
286
370
  }
371
+ }
287
372
 
373
+ static int tls_cbc_digest_record_sha1(uint8_t *md_out, size_t *md_out_size,
374
+ const uint8_t header[13],
375
+ const uint8_t *data, size_t data_size,
376
+ size_t data_plus_mac_plus_padding_size,
377
+ const uint8_t *mac_secret,
378
+ unsigned mac_secret_length) {
288
379
  if (mac_secret_length > SHA_CBLOCK) {
289
380
  // HMAC pads small keys with zeros and hashes large keys down. This function
290
381
  // should never reach the large key case.
@@ -336,3 +427,88 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
336
427
  *md_out_size = SHA_DIGEST_LENGTH;
337
428
  return 1;
338
429
  }
430
+
431
+ static int tls_cbc_digest_record_sha256(uint8_t *md_out, size_t *md_out_size,
432
+ const uint8_t header[13],
433
+ const uint8_t *data, size_t data_size,
434
+ size_t data_plus_mac_plus_padding_size,
435
+ const uint8_t *mac_secret,
436
+ unsigned mac_secret_length) {
437
+ if (mac_secret_length > SHA256_CBLOCK) {
438
+ // HMAC pads small keys with zeros and hashes large keys down. This function
439
+ // should never reach the large key case.
440
+ assert(0);
441
+ return 0;
442
+ }
443
+
444
+ // Compute the initial HMAC block.
445
+ uint8_t hmac_pad[SHA256_CBLOCK];
446
+ OPENSSL_memset(hmac_pad, 0, sizeof(hmac_pad));
447
+ OPENSSL_memcpy(hmac_pad, mac_secret, mac_secret_length);
448
+ for (size_t i = 0; i < SHA256_CBLOCK; i++) {
449
+ hmac_pad[i] ^= 0x36;
450
+ }
451
+
452
+ SHA256_CTX ctx;
453
+ SHA256_Init(&ctx);
454
+ SHA256_Update(&ctx, hmac_pad, SHA256_CBLOCK);
455
+ SHA256_Update(&ctx, header, 13);
456
+
457
+ // There are at most 256 bytes of padding, so we can compute the public
458
+ // minimum length for |data_size|.
459
+ size_t min_data_size = 0;
460
+ if (data_plus_mac_plus_padding_size > SHA256_DIGEST_LENGTH + 256) {
461
+ min_data_size =
462
+ data_plus_mac_plus_padding_size - SHA256_DIGEST_LENGTH - 256;
463
+ }
464
+
465
+ // Hash the public minimum length directly. This reduces the number of blocks
466
+ // that must be computed in constant-time.
467
+ SHA256_Update(&ctx, data, min_data_size);
468
+
469
+ // Hash the remaining data without leaking |data_size|.
470
+ uint8_t mac_out[SHA256_DIGEST_LENGTH];
471
+ if (!EVP_sha256_final_with_secret_suffix(
472
+ &ctx, mac_out, data + min_data_size, data_size - min_data_size,
473
+ data_plus_mac_plus_padding_size - min_data_size)) {
474
+ return 0;
475
+ }
476
+
477
+ // Complete the HMAC in the standard manner.
478
+ SHA256_Init(&ctx);
479
+ for (size_t i = 0; i < SHA256_CBLOCK; i++) {
480
+ hmac_pad[i] ^= 0x6a;
481
+ }
482
+
483
+ SHA256_Update(&ctx, hmac_pad, SHA256_CBLOCK);
484
+ SHA256_Update(&ctx, mac_out, SHA256_DIGEST_LENGTH);
485
+ SHA256_Final(md_out, &ctx);
486
+ *md_out_size = SHA256_DIGEST_LENGTH;
487
+ return 1;
488
+ }
489
+
490
+ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
491
+ size_t *md_out_size, const uint8_t header[13],
492
+ const uint8_t *data, size_t data_size,
493
+ size_t data_plus_mac_plus_padding_size,
494
+ const uint8_t *mac_secret,
495
+ unsigned mac_secret_length) {
496
+ switch (EVP_MD_type(md)) {
497
+ case NID_sha1:
498
+ return tls_cbc_digest_record_sha1(
499
+ md_out, md_out_size, header, data, data_size,
500
+ data_plus_mac_plus_padding_size, mac_secret, mac_secret_length);
501
+
502
+ case NID_sha256:
503
+ return tls_cbc_digest_record_sha256(
504
+ md_out, md_out_size, header, data, data_size,
505
+ data_plus_mac_plus_padding_size, mac_secret, mac_secret_length);
506
+
507
+ default:
508
+ // EVP_tls_cbc_record_digest_supported should have been called first to
509
+ // check that the hash function is supported.
510
+ assert(0);
511
+ *md_out_size = 0;
512
+ return 0;
513
+ }
514
+ }
@@ -0,0 +1,62 @@
1
+ /* Copyright (c) 2022, Robert Nagy <robert.nagy@gmail.com>
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #include <openssl/cpu.h>
16
+
17
+ #if defined(OPENSSL_AARCH64) && defined(OPENSSL_OPENBSD) && \
18
+ !defined(OPENSSL_STATIC_ARMCAP)
19
+
20
+ #include <sys/sysctl.h>
21
+ #include <machine/cpu.h>
22
+ #include <machine/armreg.h>
23
+
24
+ #include <openssl/arm_arch.h>
25
+
26
+ #include "internal.h"
27
+
28
+ extern uint32_t OPENSSL_armcap_P;
29
+
30
+ void OPENSSL_cpuid_setup(void) {
31
+ int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 };
32
+ uint64_t cpu_id = 0;
33
+ size_t len = sizeof(cpu_id);
34
+
35
+ if (sysctl(isar0_mib, 2, &cpu_id, &len, NULL, 0) < 0) {
36
+ return;
37
+ }
38
+
39
+ OPENSSL_armcap_P |= ARMV7_NEON;
40
+
41
+ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_BASE) {
42
+ OPENSSL_armcap_P |= ARMV8_AES;
43
+ }
44
+
45
+ if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_PMULL) {
46
+ OPENSSL_armcap_P |= ARMV8_PMULL;
47
+ }
48
+
49
+ if (ID_AA64ISAR0_SHA1(cpu_id) >= ID_AA64ISAR0_SHA1_BASE) {
50
+ OPENSSL_armcap_P |= ARMV8_SHA1;
51
+ }
52
+
53
+ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_BASE) {
54
+ OPENSSL_armcap_P |= ARMV8_SHA256;
55
+ }
56
+
57
+ if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_512) {
58
+ OPENSSL_armcap_P |= ARMV8_SHA512;
59
+ }
60
+ }
61
+
62
+ #endif // OPENSSL_AARCH64 && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
@@ -0,0 +1,31 @@
1
+ /* Copyright (c) 2023, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #include "internal.h"
16
+
17
+ #if defined(OPENSSL_ARM) && defined(OPENSSL_OPENBSD) && \
18
+ !defined(OPENSSL_STATIC_ARMCAP)
19
+
20
+ #include <openssl/arm_arch.h>
21
+
22
+ extern uint32_t OPENSSL_armcap_P;
23
+
24
+ void OPENSSL_cpuid_setup(void) {
25
+ // OpenBSD does not support arm32 machines without NEON
26
+ OPENSSL_armcap_P |= ARMV7_NEON;
27
+
28
+ // OpenBSD does not support v8 features on non aarch64
29
+ }
30
+
31
+ #endif // OPENSSL_ARM && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
@@ -35,11 +35,13 @@
35
35
  // Various pre-computed constants.
36
36
  #include "./curve25519_tables.h"
37
37
 
38
- #if defined(BORINGSSL_CURVE25519_64BIT)
38
+ #if defined(BORINGSSL_HAS_UINT128)
39
39
  #include "../../third_party/fiat/curve25519_64.h"
40
+ #elif defined(OPENSSL_64_BIT)
41
+ #include "../../third_party/fiat/curve25519_64_msvc.h"
40
42
  #else
41
43
  #include "../../third_party/fiat/curve25519_32.h"
42
- #endif // BORINGSSL_CURVE25519_64BIT
44
+ #endif
43
45
 
44
46
 
45
47
  // Low-level intrinsic operations
@@ -64,7 +66,7 @@ static uint64_t load_4(const uint8_t *in) {
64
66
 
65
67
  // Field operations.
66
68
 
67
- #if defined(BORINGSSL_CURVE25519_64BIT)
69
+ #if defined(OPENSSL_64_BIT)
68
70
 
69
71
  typedef uint64_t fe_limb_t;
70
72
  #define FE_NUM_LIMBS 5
@@ -144,7 +146,7 @@ typedef uint32_t fe_limb_t;
144
146
  } \
145
147
  } while (0)
146
148
 
147
- #endif // BORINGSSL_CURVE25519_64BIT
149
+ #endif // OPENSSL_64_BIT
148
150
 
149
151
  static_assert(sizeof(fe) == sizeof(fe_limb_t) * FE_NUM_LIMBS,
150
152
  "fe_limb_t[FE_NUM_LIMBS] is inconsistent with fe");