grpc 1.61.0.pre2 → 1.62.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +218 -196
- data/include/grpc/event_engine/event_engine.h +5 -43
- data/include/grpc/event_engine/extensible.h +68 -0
- data/include/grpc/impl/slice_type.h +1 -1
- data/include/grpc/support/port_platform.h +12 -20
- data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/channel_connectivity.cc +11 -11
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.h +4 -4
- data/src/core/{ext/filters/client_channel/client_channel.cc → client_channel/client_channel_filter.cc} +247 -231
- data/src/core/{ext/filters/client_channel/client_channel.h → client_channel/client_channel_filter.h} +42 -42
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_internal.h +6 -6
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_plugin.cc +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/config_selector.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/config_selector.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/connector.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.cc +8 -8
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.h +8 -8
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.cc +12 -9
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.h +11 -10
- data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/service_config_channel_arg_filter.cc +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel.h +6 -6
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_interface_internal.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h +1 -1
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +2 -2
- data/src/core/ext/filters/http/server/http_server_filter.cc +1 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +3 -3
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/rbac/rbac_filter.cc +1 -1
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +1 -1
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +2 -2
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +2 -2
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +1 -1
- data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +1 -1
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +4 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +5 -5
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +5 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -1
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/ext/transport/inproc/inproc_transport.h +8 -0
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb.h +351 -164
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.c +89 -50
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +47 -3
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +15 -7
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb.h +32 -3
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.c +8 -5
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb.h +28 -0
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.c +6 -4
- data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb.h +29 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.c +7 -4
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +17 -1
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb.h +166 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.c +55 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +7 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb.h +99 -19
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.c +29 -12
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.h +1 -0
- data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb.h +31 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.c +22 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +91 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +11 -8
- data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.c +7 -4
- data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb.h +1 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.c +1 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb.h +125 -3
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.c +17 -4
- data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb.h +19 -1
- data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb.h +1 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.c +1 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.c +5 -2
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +42 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +11 -8
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb.h +23 -8
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.c +9 -4
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +58 -16
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +14 -11
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.c +7 -2
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb.h +129 -0
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.c +27 -6
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.h +1 -0
- data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb.h +15 -0
- data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.c +5 -2
- data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.c +60 -60
- data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +278 -256
- data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +483 -475
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.c +27 -20
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.c +17 -12
- data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.c +157 -161
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.c +105 -97
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +106 -102
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.c +14 -13
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +228 -224
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.c +32 -26
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.c +31 -28
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.c +22 -19
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +818 -813
- data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.c +158 -151
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.c +27 -23
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +59 -53
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.c +40 -18
- data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.c +106 -103
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.c +16 -12
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +22 -21
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +265 -261
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +127 -125
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +188 -182
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +57 -56
- data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.c +27 -20
- data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.c +10 -8
- data/src/core/ext/xds/xds_api.cc +63 -150
- data/src/core/ext/xds/xds_api.h +2 -7
- data/src/core/ext/xds/xds_bootstrap.h +3 -4
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +4 -15
- data/src/core/ext/xds/xds_bootstrap_grpc.h +2 -1
- data/src/core/ext/xds/xds_client.cc +111 -59
- data/src/core/ext/xds/xds_client.h +20 -15
- data/src/core/ext/xds/xds_client_grpc.cc +53 -15
- data/src/core/ext/xds/xds_client_grpc.h +4 -1
- data/src/core/ext/xds/xds_client_stats.cc +11 -11
- data/src/core/ext/xds/xds_client_stats.h +8 -13
- data/src/core/ext/xds/xds_cluster.cc +1 -1
- data/src/core/ext/xds/xds_cluster.h +1 -1
- data/src/core/ext/xds/xds_endpoint.h +1 -1
- data/src/core/ext/xds/xds_health_status.h +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +1 -1
- data/src/core/ext/xds/xds_route_config.cc +1 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +5 -5
- data/src/core/lib/channel/channel_args.h +15 -1
- data/src/core/lib/channel/connected_channel.cc +13 -12
- data/src/core/lib/channel/promise_based_filter.cc +4 -4
- data/src/core/lib/channel/promise_based_filter.h +1 -2
- data/src/core/lib/config/core_configuration.h +3 -3
- data/src/core/lib/event_engine/ares_resolver.cc +106 -59
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +4 -0
- data/src/core/lib/event_engine/extensions/can_track_errors.h +40 -0
- data/src/core/lib/event_engine/extensions/supports_fd.h +160 -0
- data/src/core/lib/event_engine/forkable.cc +7 -5
- data/src/core/lib/event_engine/posix.h +11 -122
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +1 -5
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +31 -7
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +3 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -3
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +14 -6
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +10 -0
- data/src/core/lib/event_engine/query_extensions.h +85 -0
- data/src/core/lib/event_engine/shim.cc +3 -17
- data/src/core/lib/event_engine/shim.h +0 -2
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +28 -7
- data/src/core/lib/event_engine/thread_pool/thread_count.h +6 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +109 -5
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +9 -0
- data/src/core/lib/event_engine/utils.cc +2 -1
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +1 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +1 -0
- data/src/core/lib/experiments/config.cc +10 -2
- data/src/core/lib/experiments/config.h +6 -0
- data/src/core/lib/experiments/experiments.cc +57 -18
- data/src/core/lib/experiments/experiments.h +16 -8
- data/src/core/lib/gpr/posix/sync.cc +2 -2
- data/src/core/lib/gpr/posix/time.cc +0 -5
- data/src/core/lib/gpr/windows/sync.cc +2 -2
- data/src/core/lib/gprpp/debug_location.h +2 -0
- data/src/core/lib/gprpp/down_cast.h +49 -0
- data/src/core/lib/gprpp/linux/env.cc +1 -19
- data/src/core/lib/gprpp/load_file.cc +2 -1
- data/src/core/lib/gprpp/load_file.h +2 -1
- data/src/core/lib/gprpp/posix/thd.cc +27 -2
- data/src/core/lib/gprpp/thd.h +8 -0
- data/src/core/lib/gprpp/time.h +4 -3
- data/src/core/lib/gprpp/windows/directory_reader.cc +1 -0
- data/src/core/lib/gprpp/windows/thd.cc +10 -1
- data/src/core/lib/iomgr/combiner.cc +1 -1
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +20 -14
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
- data/src/core/lib/iomgr/tcp_server_posix.cc +65 -50
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -0
- data/src/core/lib/json/json_writer.cc +1 -1
- data/src/core/lib/promise/activity.h +8 -2
- data/src/core/lib/promise/context.h +45 -7
- data/src/core/lib/promise/for_each.h +6 -9
- data/src/core/lib/promise/interceptor_list.h +13 -5
- data/src/core/lib/promise/latch.h +3 -3
- data/src/core/lib/promise/party.cc +12 -0
- data/src/core/lib/promise/party.h +37 -6
- data/src/core/lib/promise/pipe.h +2 -7
- data/src/core/lib/promise/sleep.cc +1 -1
- data/src/core/lib/promise/status_flag.h +32 -2
- data/src/core/lib/resource_quota/memory_quota.cc +4 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -11
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +11 -10
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -7
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +16 -24
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +3 -7
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/ssl_utils.cc +26 -17
- data/src/core/lib/security/transport/legacy_server_auth_filter.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +0 -8
- data/src/core/lib/security/transport/security_handshaker.h +0 -6
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -2
- data/src/core/lib/slice/slice_buffer.h +3 -1
- data/src/core/lib/surface/call.cc +162 -76
- data/src/core/lib/surface/call_trace.cc +9 -9
- data/src/core/lib/surface/channel.cc +15 -24
- data/src/core/lib/surface/channel.h +4 -20
- data/src/core/lib/surface/channel_init.cc +81 -7
- data/src/core/lib/surface/channel_init.h +104 -6
- data/src/core/lib/surface/init.cc +1 -1
- data/src/core/lib/surface/server.cc +4 -7
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/surface/wait_for_cq_end_op.cc +75 -0
- data/src/core/lib/surface/wait_for_cq_end_op.h +4 -26
- data/src/core/lib/transport/batch_builder.cc +2 -3
- data/src/core/lib/transport/batch_builder.h +1 -1
- data/src/core/lib/transport/call_factory.cc +41 -0
- data/src/core/lib/transport/call_factory.h +56 -0
- data/src/core/lib/transport/call_filters.cc +371 -0
- data/src/core/lib/transport/call_filters.h +1500 -0
- data/src/core/lib/transport/call_size_estimator.cc +41 -0
- data/src/core/lib/transport/call_size_estimator.h +52 -0
- data/src/core/lib/transport/call_spine.cc +107 -0
- data/src/core/lib/transport/call_spine.h +429 -0
- data/src/core/lib/transport/handshaker.cc +0 -8
- data/src/core/lib/transport/handshaker.h +0 -7
- data/src/core/lib/transport/message.cc +45 -0
- data/src/core/lib/transport/message.h +61 -0
- data/src/core/lib/transport/metadata.cc +37 -0
- data/src/core/lib/transport/metadata.h +78 -0
- data/src/core/lib/transport/metadata_batch.cc +4 -2
- data/src/core/lib/transport/metadata_batch.h +2 -2
- data/src/core/lib/transport/transport.cc +0 -105
- data/src/core/lib/transport/transport.h +3 -452
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/backend_metric_data.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.cc +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.h +4 -4
- data/src/core/{lib/load_balancing → load_balancing}/delegating_helper.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.h +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.cc +2 -2
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.cc +19 -19
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client_internal.h +7 -7
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy.cc +1 -1
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy.h +6 -6
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_factory.h +4 -4
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.cc +2 -2
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric_internal.h +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.cc +10 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/priority/priority.cc +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.cc +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/rls/rls.cc +13 -13
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/round_robin/round_robin.cc +7 -7
- data/src/core/{lib/load_balancing → load_balancing}/subchannel_interface.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/subchannel_list.h +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/weighted_round_robin.cc +10 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_target/weighted_target.cc +7 -7
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/cds.cc +26 -23
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_channel_args.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_impl.cc +11 -11
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_manager.cc +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.cc +10 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_wrr_locality.cc +6 -6
- data/src/core/{ext/filters/client_channel/resolver → resolver}/binder/binder_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.cc +9 -9
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.cc +7 -5
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.cc +9 -9
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.h +5 -5
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.cc +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.h +3 -3
- data/src/core/{lib/resolver → resolver}/endpoint_addresses.cc +1 -1
- data/src/core/{lib/resolver → resolver}/endpoint_addresses.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/google_c2p/google_c2p_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.h +5 -5
- data/src/core/{lib/resolver → resolver}/resolver.cc +1 -1
- data/src/core/{lib/resolver → resolver}/resolver.h +6 -6
- data/src/core/{lib/resolver → resolver}/resolver_factory.h +4 -4
- data/src/core/{lib/resolver → resolver}/resolver_registry.cc +1 -1
- data/src/core/{lib/resolver → resolver}/resolver_registry.h +5 -5
- data/src/core/{lib/resolver → resolver}/server_address.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/sockaddr/sockaddr_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.cc +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver.cc +11 -11
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_attributes.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.h +3 -3
- data/src/core/{lib/service_config → service_config}/service_config.h +4 -4
- data/src/core/{lib/service_config → service_config}/service_config_call_data.h +5 -5
- data/src/core/{lib/service_config → service_config}/service_config_impl.cc +2 -2
- data/src/core/{lib/service_config → service_config}/service_config_impl.h +5 -5
- data/src/core/{lib/service_config → service_config}/service_config_parser.cc +1 -1
- data/src/core/{lib/service_config → service_config}/service_config_parser.h +3 -3
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/ruby/ext/grpc/extconf.rb +0 -1
- data/src/ruby/ext/grpc/rb_channel.c +11 -5
- data/src/ruby/ext/grpc/rb_event_thread.c +9 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/algorithm.h +8 -103
- data/third_party/abseil-cpp/absl/algorithm/container.h +57 -71
- data/third_party/abseil-cpp/absl/base/attributes.h +51 -12
- data/third_party/abseil-cpp/absl/base/call_once.h +15 -9
- data/third_party/abseil-cpp/absl/base/casts.h +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +91 -24
- data/third_party/abseil-cpp/absl/base/internal/endian.h +13 -12
- data/third_party/abseil-cpp/absl/base/internal/identity.h +4 -2
- data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +19 -18
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/nullability_impl.h +106 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -11
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -4
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +20 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +10 -4
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +13 -6
- data/third_party/abseil-cpp/absl/base/log_severity.cc +1 -0
- data/third_party/abseil-cpp/absl/base/log_severity.h +23 -10
- data/third_party/abseil-cpp/absl/base/no_destructor.h +217 -0
- data/third_party/abseil-cpp/absl/base/nullability.h +224 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +1 -0
- data/third_party/abseil-cpp/absl/base/options.h +27 -1
- data/third_party/abseil-cpp/absl/base/prefetch.h +25 -14
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -2
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +3 -3
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +4 -2
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -9
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -12
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +12 -1
- data/third_party/abseil-cpp/absl/container/internal/layout.h +6 -21
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +11 -2
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +148 -31
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +717 -278
- data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +26 -2
- data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +6 -0
- data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +34 -5
- data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +6 -3
- data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +4 -2
- data/third_party/abseil-cpp/absl/crc/internal/{crc_memcpy_x86_64.cc → crc_memcpy_x86_arm_combined.cc} +65 -47
- data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +4 -2
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +24 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +35 -33
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +41 -17
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +108 -44
- data/third_party/abseil-cpp/absl/flags/declare.h +0 -5
- data/third_party/abseil-cpp/absl/flags/flag.h +1 -10
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +0 -5
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +10 -1
- data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -1
- data/third_party/abseil-cpp/absl/functional/function_ref.h +8 -0
- data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +49 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +37 -18
- data/third_party/abseil-cpp/absl/random/distributions.h +1 -1
- data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +248 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +55 -14
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +53 -2
- data/third_party/abseil-cpp/absl/status/status.cc +36 -238
- data/third_party/abseil-cpp/absl/status/status.h +95 -53
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +1 -3
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +3 -2
- data/third_party/abseil-cpp/absl/status/statusor.cc +5 -2
- data/third_party/abseil-cpp/absl/status/statusor.h +43 -3
- data/third_party/abseil-cpp/absl/strings/ascii.cc +84 -12
- data/third_party/abseil-cpp/absl/strings/ascii.h +8 -6
- data/third_party/abseil-cpp/absl/strings/charconv.cc +19 -12
- data/third_party/abseil-cpp/absl/strings/charconv.h +6 -3
- data/third_party/abseil-cpp/absl/strings/charset.h +164 -0
- data/third_party/abseil-cpp/absl/strings/cord.cc +266 -69
- data/third_party/abseil-cpp/absl/strings/cord.h +138 -92
- data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +19 -33
- data/third_party/abseil-cpp/absl/strings/cord_analysis.h +4 -3
- data/third_party/abseil-cpp/absl/strings/escaping.cc +5 -4
- data/third_party/abseil-cpp/absl/strings/has_absl_stringify.h +63 -0
- data/third_party/abseil-cpp/absl/strings/has_ostream_operator.h +42 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +19 -45
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +23 -28
- data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +15 -26
- data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +12 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +145 -8
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +72 -24
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +17 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +7 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +8 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +10 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +5 -4
- data/third_party/abseil-cpp/absl/strings/match.cc +3 -0
- data/third_party/abseil-cpp/absl/strings/numbers.cc +396 -153
- data/third_party/abseil-cpp/absl/strings/numbers.h +193 -35
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +151 -21
- data/third_party/abseil-cpp/absl/strings/str_cat.h +127 -25
- data/third_party/abseil-cpp/absl/strings/str_format.h +30 -20
- data/third_party/abseil-cpp/absl/strings/str_join.h +16 -16
- data/third_party/abseil-cpp/absl/strings/str_replace.cc +12 -3
- data/third_party/abseil-cpp/absl/strings/str_replace.h +8 -5
- data/third_party/abseil-cpp/absl/strings/str_split.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/str_split.h +18 -0
- data/third_party/abseil-cpp/absl/strings/string_view.cc +26 -5
- data/third_party/abseil-cpp/absl/strings/string_view.h +91 -26
- data/third_party/abseil-cpp/absl/strings/strip.h +5 -2
- data/third_party/abseil-cpp/absl/strings/substitute.cc +12 -4
- data/third_party/abseil-cpp/absl/strings/substitute.h +103 -91
- data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.h +4 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +296 -332
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +89 -34
- data/third_party/abseil-cpp/absl/time/civil_time.h +26 -0
- data/third_party/abseil-cpp/absl/time/clock.h +5 -1
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -3
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +2 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +9 -14
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -8
- data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +18 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +18 -0
- data/third_party/abseil-cpp/absl/types/internal/variant.h +3 -3
- data/third_party/abseil-cpp/absl/types/optional.h +3 -2
- data/third_party/abseil-cpp/absl/types/span.h +9 -4
- data/third_party/abseil-cpp/absl/utility/utility.h +11 -93
- data/third_party/boringssl-with-bazel/err_data.c +278 -276
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +8 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +4 -13
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +27 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +1 -11
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +42 -12
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +34 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +49 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +30 -42
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +87 -96
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/des/des.c +105 -31
- data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +10 -81
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +2 -15
- data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +1 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +26 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +26 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +10 -41
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +49 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +26 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +27 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +11 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c +43 -50
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +16 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +51 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +153 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +87 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +39 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +32 -5
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +254 -54
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/{kyber → keccak}/keccak.c +124 -49
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +8 -39
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +39 -29
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +17 -33
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +36 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +9 -13
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +101 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +133 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +54 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/internal.h +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +150 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +139 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +53 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +44 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +136 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +135 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +45 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +4 -9
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +10 -22
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +12 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +23 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -51
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akeya.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_alt.c +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bcons.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bitst.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_conf.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_cpols.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_crld.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_enum.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_extku.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_genn.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ia5.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_info.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_lib.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ncons.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ocsp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pcons.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pmaps.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_prn.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_purp.c +92 -335
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_skey.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_utl.c +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +35 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +44 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +107 -255
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +32 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +25 -152
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +330 -944
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +93 -215
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -129
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +46 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -13
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +33 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +5 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +26 -18
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +19 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +45 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +20 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +76 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +31 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +3 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2806 -941
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +38 -1025
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +124 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +82 -9
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +42 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +9 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +5 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +21 -0
- data/third_party/cares/config_linux/ares_config.h +2 -38
- metadata +214 -179
- data/src/core/lib/iomgr/load_file.cc +0 -78
- data/src/core/lib/iomgr/load_file.h +0 -35
- data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -137
- data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -280
- data/third_party/abseil-cpp/absl/flags/flag.cc +0 -38
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +0 -116
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -158
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -100
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -111
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -197
- /data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/ext_dat.h +0 -0
@@ -55,6 +55,7 @@
|
|
55
55
|
#include <openssl/mem.h>
|
56
56
|
|
57
57
|
#include "../delocate.h"
|
58
|
+
#include "../modes/internal.h"
|
58
59
|
#include "../service_indicator/internal.h"
|
59
60
|
#include "internal.h"
|
60
61
|
|
@@ -66,10 +67,8 @@ struct ccm128_context {
|
|
66
67
|
};
|
67
68
|
|
68
69
|
struct ccm128_state {
|
69
|
-
|
70
|
-
|
71
|
-
uint8_t c[16];
|
72
|
-
} nonce, cmac;
|
70
|
+
alignas(16) uint8_t nonce[16];
|
71
|
+
alignas(16) uint8_t cmac[16];
|
73
72
|
};
|
74
73
|
|
75
74
|
static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key,
|
@@ -86,7 +85,7 @@ static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key,
|
|
86
85
|
}
|
87
86
|
|
88
87
|
static size_t CRYPTO_ccm128_max_input(const struct ccm128_context *ctx) {
|
89
|
-
return ctx->L >= sizeof(size_t) ?
|
88
|
+
return ctx->L >= sizeof(size_t) ? SIZE_MAX
|
90
89
|
: (((size_t)1) << (ctx->L * 8)) - 1;
|
91
90
|
}
|
92
91
|
|
@@ -107,16 +106,16 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
|
|
107
106
|
|
108
107
|
// Assemble the first block for computing the MAC.
|
109
108
|
OPENSSL_memset(state, 0, sizeof(*state));
|
110
|
-
state->nonce
|
109
|
+
state->nonce[0] = (uint8_t)((L - 1) | ((M - 2) / 2) << 3);
|
111
110
|
if (aad_len != 0) {
|
112
|
-
state->nonce
|
111
|
+
state->nonce[0] |= 0x40; // Set AAD Flag
|
113
112
|
}
|
114
|
-
OPENSSL_memcpy(&state->nonce
|
113
|
+
OPENSSL_memcpy(&state->nonce[1], nonce, nonce_len);
|
115
114
|
for (unsigned i = 0; i < L; i++) {
|
116
|
-
state->nonce
|
115
|
+
state->nonce[15 - i] = (uint8_t)(plaintext_len >> (8 * i));
|
117
116
|
}
|
118
117
|
|
119
|
-
(*block)(state->nonce
|
118
|
+
(*block)(state->nonce, state->cmac, key);
|
120
119
|
size_t blocks = 1;
|
121
120
|
|
122
121
|
if (aad_len != 0) {
|
@@ -124,38 +123,38 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
|
|
124
123
|
// Cast to u64 to avoid the compiler complaining about invalid shifts.
|
125
124
|
uint64_t aad_len_u64 = aad_len;
|
126
125
|
if (aad_len_u64 < 0x10000 - 0x100) {
|
127
|
-
state->cmac
|
128
|
-
state->cmac
|
126
|
+
state->cmac[0] ^= (uint8_t)(aad_len_u64 >> 8);
|
127
|
+
state->cmac[1] ^= (uint8_t)aad_len_u64;
|
129
128
|
i = 2;
|
130
129
|
} else if (aad_len_u64 <= 0xffffffff) {
|
131
|
-
state->cmac
|
132
|
-
state->cmac
|
133
|
-
state->cmac
|
134
|
-
state->cmac
|
135
|
-
state->cmac
|
136
|
-
state->cmac
|
130
|
+
state->cmac[0] ^= 0xff;
|
131
|
+
state->cmac[1] ^= 0xfe;
|
132
|
+
state->cmac[2] ^= (uint8_t)(aad_len_u64 >> 24);
|
133
|
+
state->cmac[3] ^= (uint8_t)(aad_len_u64 >> 16);
|
134
|
+
state->cmac[4] ^= (uint8_t)(aad_len_u64 >> 8);
|
135
|
+
state->cmac[5] ^= (uint8_t)aad_len_u64;
|
137
136
|
i = 6;
|
138
137
|
} else {
|
139
|
-
state->cmac
|
140
|
-
state->cmac
|
141
|
-
state->cmac
|
142
|
-
state->cmac
|
143
|
-
state->cmac
|
144
|
-
state->cmac
|
145
|
-
state->cmac
|
146
|
-
state->cmac
|
147
|
-
state->cmac
|
148
|
-
state->cmac
|
138
|
+
state->cmac[0] ^= 0xff;
|
139
|
+
state->cmac[1] ^= 0xff;
|
140
|
+
state->cmac[2] ^= (uint8_t)(aad_len_u64 >> 56);
|
141
|
+
state->cmac[3] ^= (uint8_t)(aad_len_u64 >> 48);
|
142
|
+
state->cmac[4] ^= (uint8_t)(aad_len_u64 >> 40);
|
143
|
+
state->cmac[5] ^= (uint8_t)(aad_len_u64 >> 32);
|
144
|
+
state->cmac[6] ^= (uint8_t)(aad_len_u64 >> 24);
|
145
|
+
state->cmac[7] ^= (uint8_t)(aad_len_u64 >> 16);
|
146
|
+
state->cmac[8] ^= (uint8_t)(aad_len_u64 >> 8);
|
147
|
+
state->cmac[9] ^= (uint8_t)aad_len_u64;
|
149
148
|
i = 10;
|
150
149
|
}
|
151
150
|
|
152
151
|
do {
|
153
152
|
for (; i < 16 && aad_len != 0; i++) {
|
154
|
-
state->cmac
|
153
|
+
state->cmac[i] ^= *aad;
|
155
154
|
aad++;
|
156
155
|
aad_len--;
|
157
156
|
}
|
158
|
-
(*block)(state->cmac
|
157
|
+
(*block)(state->cmac, state->cmac, key);
|
159
158
|
blocks++;
|
160
159
|
i = 0;
|
161
160
|
} while (aad_len != 0);
|
@@ -174,7 +173,7 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
|
|
174
173
|
// Assemble the first block for encrypting and decrypting. The bottom |L|
|
175
174
|
// bytes are replaced with a counter and all bit the encoding of |L| is
|
176
175
|
// cleared in the first byte.
|
177
|
-
state->nonce
|
176
|
+
state->nonce[0] &= 7;
|
178
177
|
return 1;
|
179
178
|
}
|
180
179
|
|
@@ -183,17 +182,17 @@ static int ccm128_encrypt(const struct ccm128_context *ctx,
|
|
183
182
|
uint8_t *out, const uint8_t *in, size_t len) {
|
184
183
|
// The counter for encryption begins at one.
|
185
184
|
for (unsigned i = 0; i < ctx->L; i++) {
|
186
|
-
state->nonce
|
185
|
+
state->nonce[15 - i] = 0;
|
187
186
|
}
|
188
|
-
state->nonce
|
187
|
+
state->nonce[15] = 1;
|
189
188
|
|
190
189
|
uint8_t partial_buf[16];
|
191
190
|
unsigned num = 0;
|
192
191
|
if (ctx->ctr != NULL) {
|
193
|
-
CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, state->nonce
|
192
|
+
CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, state->nonce, partial_buf,
|
194
193
|
&num, ctx->ctr);
|
195
194
|
} else {
|
196
|
-
CRYPTO_ctr128_encrypt(in, out, len, key, state->nonce
|
195
|
+
CRYPTO_ctr128_encrypt(in, out, len, key, state->nonce, partial_buf, &num,
|
197
196
|
ctx->block);
|
198
197
|
}
|
199
198
|
return 1;
|
@@ -209,34 +208,28 @@ static int ccm128_compute_mac(const struct ccm128_context *ctx,
|
|
209
208
|
}
|
210
209
|
|
211
210
|
// Incorporate |in| into the MAC.
|
212
|
-
union {
|
213
|
-
uint64_t u[2];
|
214
|
-
uint8_t c[16];
|
215
|
-
} tmp;
|
216
211
|
while (len >= 16) {
|
217
|
-
|
218
|
-
state->cmac
|
219
|
-
state->cmac.u[1] ^= tmp.u[1];
|
220
|
-
(*block)(state->cmac.c, state->cmac.c, key);
|
212
|
+
CRYPTO_xor16(state->cmac, state->cmac, in);
|
213
|
+
(*block)(state->cmac, state->cmac, key);
|
221
214
|
in += 16;
|
222
215
|
len -= 16;
|
223
216
|
}
|
224
217
|
if (len > 0) {
|
225
218
|
for (size_t i = 0; i < len; i++) {
|
226
|
-
state->cmac
|
219
|
+
state->cmac[i] ^= in[i];
|
227
220
|
}
|
228
|
-
(*block)(state->cmac
|
221
|
+
(*block)(state->cmac, state->cmac, key);
|
229
222
|
}
|
230
223
|
|
231
224
|
// Encrypt the MAC with counter zero.
|
232
225
|
for (unsigned i = 0; i < ctx->L; i++) {
|
233
|
-
state->nonce
|
226
|
+
state->nonce[15 - i] = 0;
|
234
227
|
}
|
235
|
-
(
|
236
|
-
state->
|
237
|
-
state->cmac
|
228
|
+
alignas(16) uint8_t tmp[16];
|
229
|
+
(*block)(state->nonce, tmp, key);
|
230
|
+
CRYPTO_xor16(state->cmac, state->cmac, tmp);
|
238
231
|
|
239
|
-
OPENSSL_memcpy(out_tag, state->cmac
|
232
|
+
OPENSSL_memcpy(out_tag, state->cmac, tag_len);
|
240
233
|
return 1;
|
241
234
|
}
|
242
235
|
|
@@ -71,17 +71,13 @@
|
|
71
71
|
|
72
72
|
|
73
73
|
DH *DH_new(void) {
|
74
|
-
DH *dh =
|
74
|
+
DH *dh = OPENSSL_zalloc(sizeof(DH));
|
75
75
|
if (dh == NULL) {
|
76
76
|
return NULL;
|
77
77
|
}
|
78
78
|
|
79
|
-
OPENSSL_memset(dh, 0, sizeof(DH));
|
80
|
-
|
81
79
|
CRYPTO_MUTEX_init(&dh->method_mont_p_lock);
|
82
|
-
|
83
80
|
dh->references = 1;
|
84
|
-
|
85
81
|
return dh;
|
86
82
|
}
|
87
83
|
|
@@ -398,7 +394,7 @@ int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) {
|
|
398
394
|
int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len,
|
399
395
|
size_t max_out_len, const BIGNUM *peers_key,
|
400
396
|
const EVP_MD *digest) {
|
401
|
-
*out_len =
|
397
|
+
*out_len = SIZE_MAX;
|
402
398
|
|
403
399
|
const size_t digest_len = EVP_MD_size(digest);
|
404
400
|
if (digest_len > max_out_len) {
|
@@ -185,6 +185,10 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
|
|
185
185
|
void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in) {
|
186
186
|
EVP_MD_CTX_cleanup(out);
|
187
187
|
// While not guaranteed, |EVP_MD_CTX| is currently safe to move with |memcpy|.
|
188
|
+
// bssl-crypto currently relies on this, however, so if we change this, we
|
189
|
+
// need to box the |HMAC_CTX|. (Relying on this is only fine because we assume
|
190
|
+
// BoringSSL and bssl-crypto will always be updated atomically. We do not
|
191
|
+
// allow any version skew between the two.)
|
188
192
|
OPENSSL_memcpy(out, in, sizeof(EVP_MD_CTX));
|
189
193
|
EVP_MD_CTX_init(in);
|
190
194
|
}
|
@@ -250,11 +250,10 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
|
|
250
250
|
goto err;
|
251
251
|
}
|
252
252
|
|
253
|
-
ret =
|
253
|
+
ret = OPENSSL_zalloc(sizeof(EC_GROUP));
|
254
254
|
if (ret == NULL) {
|
255
255
|
return NULL;
|
256
256
|
}
|
257
|
-
OPENSSL_memset(ret, 0, sizeof(EC_GROUP));
|
258
257
|
ret->references = 1;
|
259
258
|
ret->meth = EC_GFp_mont_method();
|
260
259
|
bn_mont_ctx_init(&ret->field);
|
@@ -86,12 +86,11 @@
|
|
86
86
|
DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class)
|
87
87
|
|
88
88
|
static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) {
|
89
|
-
EC_WRAPPED_SCALAR *wrapped =
|
89
|
+
EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR));
|
90
90
|
if (wrapped == NULL) {
|
91
91
|
return NULL;
|
92
92
|
}
|
93
93
|
|
94
|
-
OPENSSL_memset(wrapped, 0, sizeof(EC_WRAPPED_SCALAR));
|
95
94
|
wrapped->bignum.d = wrapped->scalar.words;
|
96
95
|
wrapped->bignum.width = group->order.N.width;
|
97
96
|
wrapped->bignum.dmax = group->order.N.width;
|
@@ -106,13 +105,11 @@ static void ec_wrapped_scalar_free(EC_WRAPPED_SCALAR *scalar) {
|
|
106
105
|
EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }
|
107
106
|
|
108
107
|
EC_KEY *EC_KEY_new_method(const ENGINE *engine) {
|
109
|
-
EC_KEY *ret =
|
108
|
+
EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY));
|
110
109
|
if (ret == NULL) {
|
111
110
|
return NULL;
|
112
111
|
}
|
113
112
|
|
114
|
-
OPENSSL_memset(ret, 0, sizeof(EC_KEY));
|
115
|
-
|
116
113
|
if (engine) {
|
117
114
|
ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);
|
118
115
|
}
|
@@ -166,12 +163,12 @@ void EC_KEY_free(EC_KEY *r) {
|
|
166
163
|
METHOD_unref(r->ecdsa_meth);
|
167
164
|
}
|
168
165
|
|
166
|
+
CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
|
167
|
+
|
169
168
|
EC_GROUP_free(r->group);
|
170
169
|
EC_POINT_free(r->pub_key);
|
171
170
|
ec_wrapped_scalar_free(r->priv_key);
|
172
171
|
|
173
|
-
CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
|
174
|
-
|
175
172
|
OPENSSL_free(r);
|
176
173
|
}
|
177
174
|
|
@@ -317,8 +314,10 @@ int EC_KEY_check_key(const EC_KEY *eckey) {
|
|
317
314
|
OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
|
318
315
|
return 0;
|
319
316
|
}
|
320
|
-
|
321
|
-
|
317
|
+
// Leaking this comparison only leaks whether |eckey|'s public key was
|
318
|
+
// correct.
|
319
|
+
if (!constant_time_declassify_int(ec_GFp_simple_points_equal(
|
320
|
+
eckey->group, &point, &eckey->pub_key->raw))) {
|
322
321
|
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_PRIVATE_KEY);
|
323
322
|
return 0;
|
324
323
|
}
|
@@ -503,6 +502,14 @@ int EC_KEY_generate_key(EC_KEY *key) {
|
|
503
502
|
return 0;
|
504
503
|
}
|
505
504
|
|
505
|
+
// The public key is derived from the private key, but it is public.
|
506
|
+
//
|
507
|
+
// TODO(crbug.com/boringssl/677): This isn't quite right. While |pub_key|
|
508
|
+
// represents a public point, it is still in Jacobian form and the exact
|
509
|
+
// Jacobian representation is secret. We need to make it affine first. See
|
510
|
+
// discussion in the bug.
|
511
|
+
CONSTTIME_DECLASSIFY(&pub_key->raw, sizeof(pub_key->raw));
|
512
|
+
|
506
513
|
ec_wrapped_scalar_free(key->priv_key);
|
507
514
|
key->priv_key = priv_key;
|
508
515
|
EC_POINT_free(key->pub_key);
|
@@ -24,6 +24,7 @@
|
|
24
24
|
#include <openssl/err.h>
|
25
25
|
#include <openssl/mem.h>
|
26
26
|
|
27
|
+
#include <assert.h>
|
27
28
|
#include <string.h>
|
28
29
|
|
29
30
|
#include "internal.h"
|
@@ -836,12 +837,12 @@ static void p224_select_point(const uint64_t idx, size_t size,
|
|
836
837
|
|
837
838
|
for (size_t i = 0; i < size; i++) {
|
838
839
|
const p224_limb *inlimbs = &pre_comp[i][0][0];
|
839
|
-
uint64_t
|
840
|
-
|
841
|
-
|
842
|
-
|
843
|
-
|
844
|
-
mask
|
840
|
+
static_assert(sizeof(uint64_t) <= sizeof(crypto_word_t),
|
841
|
+
"crypto_word_t too small");
|
842
|
+
static_assert(sizeof(size_t) <= sizeof(crypto_word_t),
|
843
|
+
"crypto_word_t too small");
|
844
|
+
// Without a value barrier, Clang adds a branch here.
|
845
|
+
uint64_t mask = value_barrier_w(constant_time_eq_w(i, idx));
|
845
846
|
for (size_t j = 0; j < 4 * 3; j++) {
|
846
847
|
outlimbs[j] |= inlimbs[j] & mask;
|
847
848
|
}
|
@@ -197,13 +197,8 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
|
|
197
197
|
wNAF = wNAF_stack;
|
198
198
|
precomp = precomp_stack;
|
199
199
|
} else {
|
200
|
-
|
201
|
-
|
202
|
-
OPENSSL_PUT_ERROR(EC, ERR_R_OVERFLOW);
|
203
|
-
goto err;
|
204
|
-
}
|
205
|
-
wNAF_alloc = OPENSSL_malloc(num * sizeof(wNAF_alloc[0]));
|
206
|
-
precomp_alloc = OPENSSL_malloc(num * sizeof(precomp_alloc[0]));
|
200
|
+
wNAF_alloc = OPENSSL_calloc(num, sizeof(wNAF_alloc[0]));
|
201
|
+
precomp_alloc = OPENSSL_calloc(num, sizeof(precomp_alloc[0]));
|
207
202
|
if (wNAF_alloc == NULL || precomp_alloc == NULL) {
|
208
203
|
goto err;
|
209
204
|
}
|
@@ -17,31 +17,34 @@
|
|
17
17
|
#endif
|
18
18
|
|
19
19
|
#include <openssl/base.h>
|
20
|
-
|
21
20
|
#include "fork_detect.h"
|
22
21
|
|
23
|
-
#if defined(
|
24
|
-
#include <assert.h>
|
25
|
-
#include <sys/mman.h>
|
22
|
+
#if defined(OPENSSL_FORK_DETECTION_MADVISE)
|
26
23
|
#include <unistd.h>
|
27
24
|
#include <stdlib.h>
|
28
|
-
|
29
|
-
#include
|
30
|
-
#include "../../internal.h"
|
31
|
-
|
32
|
-
|
25
|
+
#include <assert.h>
|
26
|
+
#include <sys/mman.h>
|
33
27
|
#if defined(MADV_WIPEONFORK)
|
34
28
|
static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
|
35
29
|
#else
|
36
30
|
#define MADV_WIPEONFORK 18
|
37
31
|
#endif
|
32
|
+
#elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
|
33
|
+
#include <unistd.h>
|
34
|
+
#include <stdlib.h>
|
35
|
+
#include <pthread.h>
|
36
|
+
#endif // OPENSSL_FORK_DETECTION_MADVISE
|
38
37
|
|
38
|
+
#include "../delocate.h"
|
39
|
+
#include "../../internal.h"
|
40
|
+
|
41
|
+
#if defined(OPENSSL_FORK_DETECTION_MADVISE)
|
42
|
+
DEFINE_BSS_GET(int, g_force_madv_wipeonfork);
|
43
|
+
DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled);
|
39
44
|
DEFINE_STATIC_ONCE(g_fork_detect_once);
|
40
45
|
DEFINE_STATIC_MUTEX(g_fork_detect_lock);
|
41
46
|
DEFINE_BSS_GET(CRYPTO_atomic_u32 *, g_fork_detect_addr);
|
42
47
|
DEFINE_BSS_GET(uint64_t, g_fork_generation);
|
43
|
-
DEFINE_BSS_GET(int, g_force_madv_wipeonfork);
|
44
|
-
DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled);
|
45
48
|
|
46
49
|
static void init_fork_detect(void) {
|
47
50
|
if (*g_force_madv_wipeonfork_bss_get()) {
|
@@ -73,9 +76,12 @@ static void init_fork_detect(void) {
|
|
73
76
|
CRYPTO_atomic_store_u32(addr, 1);
|
74
77
|
*g_fork_detect_addr_bss_get() = addr;
|
75
78
|
*g_fork_generation_bss_get() = 1;
|
79
|
+
|
76
80
|
}
|
77
81
|
|
78
82
|
uint64_t CRYPTO_get_fork_generation(void) {
|
83
|
+
CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect);
|
84
|
+
|
79
85
|
// In a single-threaded process, there are obviously no races because there's
|
80
86
|
// only a single mutator in the address space.
|
81
87
|
//
|
@@ -87,7 +93,6 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
87
93
|
// child process is single-threaded, the child may become multi-threaded
|
88
94
|
// before it observes this. Therefore, we must synchronize the logic below.
|
89
95
|
|
90
|
-
CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect);
|
91
96
|
CRYPTO_atomic_u32 *const flag_ptr = *g_fork_detect_addr_bss_get();
|
92
97
|
if (flag_ptr == NULL) {
|
93
98
|
// Our kernel is too old to support |MADV_WIPEONFORK| or
|
@@ -98,6 +103,12 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
98
103
|
// doesn't support it.
|
99
104
|
return 42;
|
100
105
|
}
|
106
|
+
// With Linux and clone(), we do not believe that pthread_atfork() is
|
107
|
+
// sufficient for detecting all forms of address space duplication. At this
|
108
|
+
// point we have a kernel that does not support MADV_WIPEONFORK. We could
|
109
|
+
// return the generation number from pthread_atfork() here and it would
|
110
|
+
// probably be safe in almost any situation, but to ensure safety we return
|
111
|
+
// 0 and force an entropy draw on every call.
|
101
112
|
return 0;
|
102
113
|
}
|
103
114
|
|
@@ -140,7 +151,34 @@ void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(int on) {
|
|
140
151
|
*g_force_madv_wipeonfork_enabled_bss_get() = on;
|
141
152
|
}
|
142
153
|
|
143
|
-
#elif defined(
|
154
|
+
#elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
|
155
|
+
|
156
|
+
DEFINE_STATIC_ONCE(g_pthread_fork_detection_once);
|
157
|
+
DEFINE_BSS_GET(uint64_t, g_atfork_fork_generation);
|
158
|
+
|
159
|
+
static void we_are_forked(void) {
|
160
|
+
// Immediately after a fork, the process must be single-threaded.
|
161
|
+
uint64_t value = *g_atfork_fork_generation_bss_get() + 1;
|
162
|
+
if (value == 0) {
|
163
|
+
value = 1;
|
164
|
+
}
|
165
|
+
*g_atfork_fork_generation_bss_get() = value;
|
166
|
+
}
|
167
|
+
|
168
|
+
static void init_pthread_fork_detection(void) {
|
169
|
+
if (pthread_atfork(NULL, NULL, we_are_forked) != 0) {
|
170
|
+
abort();
|
171
|
+
}
|
172
|
+
*g_atfork_fork_generation_bss_get() = 1;
|
173
|
+
}
|
174
|
+
|
175
|
+
uint64_t CRYPTO_get_fork_generation(void) {
|
176
|
+
CRYPTO_once(g_pthread_fork_detection_once_bss_get(), init_pthread_fork_detection);
|
177
|
+
|
178
|
+
return *g_atfork_fork_generation_bss_get();
|
179
|
+
}
|
180
|
+
|
181
|
+
#elif defined(OPENSSL_DOES_NOT_FORK)
|
144
182
|
|
145
183
|
// These platforms are guaranteed not to fork, and therefore do not require
|
146
184
|
// fork detection support. Returning a constant non zero value makes BoringSSL
|
@@ -17,6 +17,23 @@
|
|
17
17
|
|
18
18
|
#include <openssl/base.h>
|
19
19
|
|
20
|
+
#if defined(OPENSSL_LINUX)
|
21
|
+
// On linux we use MADVISE instead of pthread_atfork(), due
|
22
|
+
// to concerns about clone() being used for address space
|
23
|
+
// duplication.
|
24
|
+
#define OPENSSL_FORK_DETECTION
|
25
|
+
#define OPENSSL_FORK_DETECTION_MADVISE
|
26
|
+
#elif defined(OPENSSL_MACOS) || defined(OPENSSL_IOS) || \
|
27
|
+
defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)
|
28
|
+
// These platforms may detect address space duplication with pthread_atfork.
|
29
|
+
// iOS doesn't normally allow fork in apps, but it's there.
|
30
|
+
#define OPENSSL_FORK_DETECTION
|
31
|
+
#define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
|
32
|
+
#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY)
|
33
|
+
// These platforms do not fork.
|
34
|
+
#define OPENSSL_DOES_NOT_FORK
|
35
|
+
#endif
|
36
|
+
|
20
37
|
#if defined(__cplusplus)
|
21
38
|
extern "C" {
|
22
39
|
#endif
|
@@ -119,7 +119,10 @@ static void rand_thread_state_free(void *state_in) {
|
|
119
119
|
|
120
120
|
if (state->prev != NULL) {
|
121
121
|
state->prev->next = state->next;
|
122
|
-
} else {
|
122
|
+
} else if (*thread_states_list_bss_get() == state) {
|
123
|
+
// |state->prev| may be NULL either if it is the head of the list,
|
124
|
+
// or if |state| is freed before it was added to the list at all.
|
125
|
+
// Compare against the head of the list to distinguish these cases.
|
123
126
|
*thread_states_list_bss_get() = state->next;
|
124
127
|
}
|
125
128
|
|
@@ -371,7 +374,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
|
|
371
374
|
CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND);
|
372
375
|
|
373
376
|
if (state == NULL) {
|
374
|
-
state =
|
377
|
+
state = OPENSSL_zalloc(sizeof(struct rand_thread_state));
|
375
378
|
if (state == NULL ||
|
376
379
|
!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state,
|
377
380
|
rand_thread_state_free)) {
|
@@ -130,11 +130,10 @@ static int bn_blinding_create_param(BN_BLINDING *b, const BIGNUM *e,
|
|
130
130
|
const BN_MONT_CTX *mont, BN_CTX *ctx);
|
131
131
|
|
132
132
|
BN_BLINDING *BN_BLINDING_new(void) {
|
133
|
-
BN_BLINDING *ret =
|
133
|
+
BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING));
|
134
134
|
if (ret == NULL) {
|
135
135
|
return NULL;
|
136
136
|
}
|
137
|
-
OPENSSL_memset(ret, 0, sizeof(BN_BLINDING));
|
138
137
|
|
139
138
|
ret->A = BN_new();
|
140
139
|
if (ret->A == NULL) {
|
@@ -206,13 +206,11 @@ RSA *RSA_new_private_key_large_e(const BIGNUM *n, const BIGNUM *e,
|
|
206
206
|
RSA *RSA_new(void) { return RSA_new_method(NULL); }
|
207
207
|
|
208
208
|
RSA *RSA_new_method(const ENGINE *engine) {
|
209
|
-
RSA *rsa =
|
209
|
+
RSA *rsa = OPENSSL_zalloc(sizeof(RSA));
|
210
210
|
if (rsa == NULL) {
|
211
211
|
return NULL;
|
212
212
|
}
|
213
213
|
|
214
|
-
OPENSSL_memset(rsa, 0, sizeof(RSA));
|
215
|
-
|
216
214
|
if (engine) {
|
217
215
|
rsa->meth = ENGINE_get_RSA_method(engine);
|
218
216
|
}
|
@@ -155,7 +155,7 @@ static int ensure_fixed_copy(BIGNUM **out, const BIGNUM *in, int width) {
|
|
155
155
|
return 0;
|
156
156
|
}
|
157
157
|
*out = copy;
|
158
|
-
|
158
|
+
bn_secret(copy);
|
159
159
|
|
160
160
|
return 1;
|
161
161
|
}
|
@@ -259,8 +259,7 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) {
|
|
259
259
|
goto err;
|
260
260
|
}
|
261
261
|
rsa->iqmp_mont = iqmp_mont;
|
262
|
-
|
263
|
-
sizeof(BN_ULONG) * rsa->iqmp_mont->width);
|
262
|
+
bn_secret(rsa->iqmp_mont);
|
264
263
|
}
|
265
264
|
}
|
266
265
|
}
|
@@ -376,7 +375,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used,
|
|
376
375
|
assert(new_num_blindings > rsa->num_blindings);
|
377
376
|
|
378
377
|
BN_BLINDING **new_blindings =
|
379
|
-
|
378
|
+
OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *));
|
380
379
|
uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings);
|
381
380
|
if (new_blindings == NULL || new_blindings_inuse == NULL) {
|
382
381
|
goto err;
|
@@ -622,7 +621,9 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
|
|
622
621
|
goto err;
|
623
622
|
}
|
624
623
|
|
625
|
-
|
624
|
+
// The input to the RSA private transform may be secret, but padding is
|
625
|
+
// expected to construct a value within range, so we can leak this comparison.
|
626
|
+
if (constant_time_declassify_int(BN_ucmp(f, rsa->n) >= 0)) {
|
626
627
|
// Usually the padding functions would catch this.
|
627
628
|
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
|
628
629
|
goto err;
|
@@ -94,12 +94,11 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) {
|
|
94
94
|
CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
|
95
95
|
if (!array) {
|
96
96
|
const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1);
|
97
|
-
array =
|
97
|
+
array = OPENSSL_zalloc(num_bytes);
|
98
98
|
if (!array) {
|
99
99
|
return;
|
100
100
|
}
|
101
101
|
|
102
|
-
OPENSSL_memset(array, 0, num_bytes);
|
103
102
|
if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS, array,
|
104
103
|
OPENSSL_free)) {
|
105
104
|
// |OPENSSL_free| has already been called by |CRYPTO_set_thread_local|.
|