grpc 1.61.3 → 1.62.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (723) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +218 -196
  3. data/include/grpc/event_engine/event_engine.h +5 -43
  4. data/include/grpc/event_engine/extensible.h +68 -0
  5. data/include/grpc/impl/slice_type.h +1 -1
  6. data/include/grpc/support/port_platform.h +12 -20
  7. data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.cc +1 -1
  8. data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.h +4 -4
  9. data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.cc +1 -1
  10. data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.h +3 -3
  11. data/src/core/{ext/filters/client_channel → client_channel}/channel_connectivity.cc +11 -11
  12. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.cc +1 -1
  13. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.h +3 -3
  14. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.cc +1 -1
  15. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.h +4 -4
  16. data/src/core/{ext/filters/client_channel/client_channel.cc → client_channel/client_channel_filter.cc} +247 -231
  17. data/src/core/{ext/filters/client_channel/client_channel.h → client_channel/client_channel_filter.h} +42 -42
  18. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_internal.h +6 -6
  19. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_plugin.cc +5 -5
  20. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.cc +2 -2
  21. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.h +5 -5
  22. data/src/core/{ext/filters/client_channel → client_channel}/config_selector.cc +1 -1
  23. data/src/core/{ext/filters/client_channel → client_channel}/config_selector.h +5 -5
  24. data/src/core/{ext/filters/client_channel → client_channel}/connector.h +3 -3
  25. data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.cc +1 -1
  26. data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.h +3 -3
  27. data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.cc +2 -2
  28. data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.h +4 -4
  29. data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.cc +1 -1
  30. data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.h +3 -3
  31. data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.cc +2 -2
  32. data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.h +4 -4
  33. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.cc +8 -8
  34. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.h +8 -8
  35. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.cc +12 -9
  36. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.h +11 -10
  37. data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.cc +1 -1
  38. data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.h +4 -4
  39. data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.cc +1 -1
  40. data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.h +3 -3
  41. data/src/core/{ext/filters/client_channel → client_channel}/service_config_channel_arg_filter.cc +4 -4
  42. data/src/core/{ext/filters/client_channel → client_channel}/subchannel.cc +2 -2
  43. data/src/core/{ext/filters/client_channel → client_channel}/subchannel.h +6 -6
  44. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_interface_internal.h +5 -5
  45. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.cc +1 -1
  46. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.h +3 -3
  47. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.cc +1 -1
  48. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.h +4 -4
  49. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +1 -1
  50. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
  51. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h +1 -1
  52. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +2 -2
  53. data/src/core/ext/filters/http/server/http_server_filter.cc +1 -1
  54. data/src/core/ext/filters/message_size/message_size_filter.cc +3 -3
  55. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  56. data/src/core/ext/filters/rbac/rbac_filter.cc +1 -1
  57. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +1 -1
  58. data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
  59. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +2 -2
  60. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +2 -2
  61. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +1 -1
  62. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +1 -1
  63. data/src/core/ext/transport/chttp2/alpn/alpn.cc +4 -1
  64. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +5 -5
  65. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
  66. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
  67. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +5 -0
  68. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +27 -36
  69. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -3
  70. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -1
  71. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
  72. data/src/core/ext/transport/inproc/inproc_transport.h +8 -0
  73. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb.h +351 -164
  74. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.c +89 -50
  75. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.h +2 -0
  76. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +47 -3
  77. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +15 -7
  78. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb.h +32 -3
  79. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.c +8 -5
  80. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb.h +28 -0
  81. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.c +6 -4
  82. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb.h +0 -1
  83. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.c +0 -1
  84. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb.h +29 -0
  85. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.c +7 -4
  86. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +17 -1
  87. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +4 -3
  88. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb.h +166 -0
  89. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.c +55 -0
  90. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.h +30 -0
  91. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +30 -0
  92. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +7 -5
  93. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb.h +99 -19
  94. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.c +29 -12
  95. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.h +1 -0
  96. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb.h +15 -0
  97. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.c +4 -3
  98. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb.h +31 -3
  99. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.c +22 -4
  100. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +91 -3
  101. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +11 -8
  102. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb.h +30 -0
  103. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.c +7 -4
  104. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb.h +1 -0
  105. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.c +1 -0
  106. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb.h +125 -3
  107. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.c +17 -4
  108. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb.h +19 -1
  109. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.c +4 -3
  110. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb.h +1 -0
  111. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.c +1 -0
  112. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +15 -0
  113. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.c +5 -2
  114. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +42 -0
  115. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +11 -8
  116. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb.h +23 -8
  117. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.c +9 -4
  118. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +58 -16
  119. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +14 -11
  120. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +15 -0
  121. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.c +7 -2
  122. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb.h +129 -0
  123. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.c +27 -6
  124. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.h +1 -0
  125. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb.h +15 -0
  126. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.c +5 -2
  127. data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.c +60 -60
  128. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +278 -256
  129. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +10 -0
  130. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +483 -475
  131. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.c +27 -20
  132. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.c +17 -12
  133. data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.c +157 -161
  134. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.c +105 -97
  135. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +106 -102
  136. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.c +52 -0
  137. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.h +35 -0
  138. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.c +14 -13
  139. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +228 -224
  140. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.c +32 -26
  141. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.h +5 -0
  142. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.c +31 -28
  143. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.c +22 -19
  144. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +818 -813
  145. data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.c +158 -151
  146. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.c +27 -23
  147. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +59 -53
  148. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.c +40 -18
  149. data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.c +106 -103
  150. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.c +16 -12
  151. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +22 -21
  152. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +265 -261
  153. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +127 -125
  154. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +188 -182
  155. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +57 -56
  156. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.c +27 -20
  157. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.h +5 -0
  158. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.c +10 -8
  159. data/src/core/ext/xds/xds_api.cc +63 -150
  160. data/src/core/ext/xds/xds_api.h +2 -7
  161. data/src/core/ext/xds/xds_bootstrap.h +3 -4
  162. data/src/core/ext/xds/xds_bootstrap_grpc.cc +4 -15
  163. data/src/core/ext/xds/xds_bootstrap_grpc.h +2 -1
  164. data/src/core/ext/xds/xds_client.cc +111 -59
  165. data/src/core/ext/xds/xds_client.h +20 -15
  166. data/src/core/ext/xds/xds_client_grpc.cc +53 -15
  167. data/src/core/ext/xds/xds_client_grpc.h +4 -1
  168. data/src/core/ext/xds/xds_client_stats.cc +11 -11
  169. data/src/core/ext/xds/xds_client_stats.h +8 -13
  170. data/src/core/ext/xds/xds_cluster.cc +1 -1
  171. data/src/core/ext/xds/xds_cluster.h +1 -1
  172. data/src/core/ext/xds/xds_endpoint.h +1 -1
  173. data/src/core/ext/xds/xds_health_status.h +1 -1
  174. data/src/core/ext/xds/xds_lb_policy_registry.cc +1 -1
  175. data/src/core/ext/xds/xds_route_config.cc +1 -1
  176. data/src/core/ext/xds/xds_server_config_fetcher.cc +2 -2
  177. data/src/core/ext/xds/xds_transport_grpc.cc +5 -5
  178. data/src/core/lib/channel/channel_args.h +15 -1
  179. data/src/core/lib/channel/connected_channel.cc +13 -12
  180. data/src/core/lib/channel/promise_based_filter.cc +4 -4
  181. data/src/core/lib/channel/promise_based_filter.h +1 -2
  182. data/src/core/lib/config/core_configuration.h +3 -3
  183. data/src/core/lib/event_engine/ares_resolver.cc +106 -59
  184. data/src/core/lib/event_engine/extensions/can_track_errors.h +40 -0
  185. data/src/core/lib/event_engine/extensions/supports_fd.h +160 -0
  186. data/src/core/lib/event_engine/forkable.cc +7 -5
  187. data/src/core/lib/event_engine/posix.h +11 -122
  188. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +1 -5
  189. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +31 -7
  190. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -0
  191. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +3 -4
  192. data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -3
  193. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +14 -6
  194. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +10 -0
  195. data/src/core/lib/event_engine/query_extensions.h +85 -0
  196. data/src/core/lib/event_engine/shim.cc +3 -17
  197. data/src/core/lib/event_engine/shim.h +0 -2
  198. data/src/core/lib/event_engine/thread_pool/thread_count.cc +28 -7
  199. data/src/core/lib/event_engine/thread_pool/thread_count.h +6 -1
  200. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +109 -5
  201. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +9 -0
  202. data/src/core/lib/event_engine/utils.cc +2 -1
  203. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +1 -0
  204. data/src/core/lib/experiments/config.cc +10 -2
  205. data/src/core/lib/experiments/config.h +6 -0
  206. data/src/core/lib/experiments/experiments.cc +57 -18
  207. data/src/core/lib/experiments/experiments.h +16 -8
  208. data/src/core/lib/gpr/posix/sync.cc +2 -2
  209. data/src/core/lib/gpr/posix/time.cc +0 -5
  210. data/src/core/lib/gpr/windows/sync.cc +2 -2
  211. data/src/core/lib/gprpp/debug_location.h +2 -0
  212. data/src/core/lib/gprpp/down_cast.h +49 -0
  213. data/src/core/lib/gprpp/linux/env.cc +1 -19
  214. data/src/core/lib/gprpp/load_file.cc +2 -1
  215. data/src/core/lib/gprpp/load_file.h +2 -1
  216. data/src/core/lib/gprpp/posix/thd.cc +27 -2
  217. data/src/core/lib/gprpp/thd.h +8 -0
  218. data/src/core/lib/gprpp/time.h +4 -3
  219. data/src/core/lib/gprpp/windows/thd.cc +10 -1
  220. data/src/core/lib/iomgr/combiner.cc +1 -1
  221. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +20 -14
  222. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  223. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  224. data/src/core/lib/iomgr/tcp_server_posix.cc +65 -50
  225. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -0
  226. data/src/core/lib/json/json_writer.cc +1 -1
  227. data/src/core/lib/promise/activity.h +8 -2
  228. data/src/core/lib/promise/context.h +45 -7
  229. data/src/core/lib/promise/for_each.h +6 -9
  230. data/src/core/lib/promise/interceptor_list.h +13 -5
  231. data/src/core/lib/promise/latch.h +3 -3
  232. data/src/core/lib/promise/party.cc +12 -0
  233. data/src/core/lib/promise/party.h +37 -6
  234. data/src/core/lib/promise/pipe.h +2 -7
  235. data/src/core/lib/promise/sleep.cc +1 -1
  236. data/src/core/lib/promise/status_flag.h +32 -2
  237. data/src/core/lib/resource_quota/memory_quota.cc +4 -4
  238. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -11
  239. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +11 -10
  240. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -7
  241. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +1 -1
  242. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +16 -24
  243. data/src/core/lib/security/credentials/xds/xds_credentials.cc +1 -1
  244. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
  245. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +3 -7
  246. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  247. data/src/core/lib/security/security_connector/ssl_utils.cc +26 -17
  248. data/src/core/lib/security/transport/legacy_server_auth_filter.cc +2 -2
  249. data/src/core/lib/security/transport/security_handshaker.cc +0 -8
  250. data/src/core/lib/security/transport/security_handshaker.h +0 -6
  251. data/src/core/lib/security/transport/server_auth_filter.cc +2 -2
  252. data/src/core/lib/slice/slice_buffer.h +3 -1
  253. data/src/core/lib/surface/call.cc +162 -76
  254. data/src/core/lib/surface/call_trace.cc +9 -9
  255. data/src/core/lib/surface/channel.cc +15 -24
  256. data/src/core/lib/surface/channel.h +4 -20
  257. data/src/core/lib/surface/channel_init.cc +81 -7
  258. data/src/core/lib/surface/channel_init.h +104 -6
  259. data/src/core/lib/surface/init.cc +1 -1
  260. data/src/core/lib/surface/server.cc +4 -7
  261. data/src/core/lib/surface/version.cc +2 -2
  262. data/src/core/lib/surface/wait_for_cq_end_op.cc +75 -0
  263. data/src/core/lib/surface/wait_for_cq_end_op.h +4 -26
  264. data/src/core/lib/transport/batch_builder.cc +2 -3
  265. data/src/core/lib/transport/batch_builder.h +1 -1
  266. data/src/core/lib/transport/call_factory.cc +41 -0
  267. data/src/core/lib/transport/call_factory.h +56 -0
  268. data/src/core/lib/transport/call_filters.cc +371 -0
  269. data/src/core/lib/transport/call_filters.h +1500 -0
  270. data/src/core/lib/transport/call_size_estimator.cc +41 -0
  271. data/src/core/lib/transport/call_size_estimator.h +52 -0
  272. data/src/core/lib/transport/call_spine.cc +107 -0
  273. data/src/core/lib/transport/call_spine.h +429 -0
  274. data/src/core/lib/transport/handshaker.cc +0 -8
  275. data/src/core/lib/transport/handshaker.h +0 -7
  276. data/src/core/lib/transport/message.cc +45 -0
  277. data/src/core/lib/transport/message.h +61 -0
  278. data/src/core/lib/transport/metadata.cc +37 -0
  279. data/src/core/lib/transport/metadata.h +78 -0
  280. data/src/core/lib/transport/metadata_batch.cc +4 -2
  281. data/src/core/lib/transport/metadata_batch.h +2 -2
  282. data/src/core/lib/transport/transport.cc +0 -105
  283. data/src/core/lib/transport/transport.h +3 -452
  284. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.cc +1 -1
  285. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.h +4 -4
  286. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/backend_metric_data.h +3 -3
  287. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.cc +4 -4
  288. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.h +4 -4
  289. data/src/core/{lib/load_balancing → load_balancing}/delegating_helper.h +5 -5
  290. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.cc +6 -6
  291. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.h +6 -6
  292. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.cc +2 -2
  293. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.h +3 -3
  294. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.cc +19 -19
  295. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.h +3 -3
  296. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.cc +1 -1
  297. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.h +4 -4
  298. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.cc +1 -1
  299. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.h +3 -3
  300. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.cc +1 -1
  301. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.h +4 -4
  302. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.cc +6 -6
  303. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.h +4 -4
  304. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client_internal.h +7 -7
  305. data/src/core/{lib/load_balancing → load_balancing}/lb_policy.cc +1 -1
  306. data/src/core/{lib/load_balancing → load_balancing}/lb_policy.h +6 -6
  307. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_factory.h +4 -4
  308. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.cc +2 -2
  309. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.h +5 -5
  310. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.cc +6 -6
  311. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.h +5 -5
  312. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric_internal.h +8 -8
  313. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.cc +10 -10
  314. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.h +3 -3
  315. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.cc +6 -6
  316. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.h +4 -4
  317. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/priority/priority.cc +8 -8
  318. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.cc +8 -8
  319. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.h +4 -4
  320. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/rls/rls.cc +13 -13
  321. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/round_robin/round_robin.cc +7 -7
  322. data/src/core/{lib/load_balancing → load_balancing}/subchannel_interface.h +3 -3
  323. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/subchannel_list.h +8 -8
  324. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.cc +1 -1
  325. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.h +3 -3
  326. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/weighted_round_robin.cc +10 -10
  327. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_target/weighted_target.cc +7 -7
  328. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/cds.cc +26 -23
  329. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_channel_args.h +4 -4
  330. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_impl.cc +11 -11
  331. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_manager.cc +8 -8
  332. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.cc +10 -10
  333. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.h +4 -4
  334. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_wrr_locality.cc +6 -6
  335. data/src/core/{ext/filters/client_channel/resolver → resolver}/binder/binder_resolver.cc +3 -3
  336. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.cc +9 -9
  337. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.h +3 -3
  338. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver.h +4 -4
  339. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
  340. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -2
  341. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.cc +2 -2
  342. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.h +4 -4
  343. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
  344. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
  345. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.cc +7 -5
  346. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.h +3 -3
  347. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.cc +9 -9
  348. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.h +5 -5
  349. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.cc +1 -1
  350. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.h +3 -3
  351. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.cc +4 -4
  352. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.h +3 -3
  353. data/src/core/{lib/resolver → resolver}/endpoint_addresses.cc +1 -1
  354. data/src/core/{lib/resolver → resolver}/endpoint_addresses.h +3 -3
  355. data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.cc +2 -2
  356. data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.h +4 -4
  357. data/src/core/{ext/filters/client_channel/resolver → resolver}/google_c2p/google_c2p_resolver.cc +3 -3
  358. data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.cc +3 -3
  359. data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.h +5 -5
  360. data/src/core/{lib/resolver → resolver}/resolver.cc +1 -1
  361. data/src/core/{lib/resolver → resolver}/resolver.h +6 -6
  362. data/src/core/{lib/resolver → resolver}/resolver_factory.h +4 -4
  363. data/src/core/{lib/resolver → resolver}/resolver_registry.cc +1 -1
  364. data/src/core/{lib/resolver → resolver}/resolver_registry.h +5 -5
  365. data/src/core/{lib/resolver → resolver}/server_address.h +4 -4
  366. data/src/core/{ext/filters/client_channel/resolver → resolver}/sockaddr/sockaddr_resolver.cc +3 -3
  367. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.cc +4 -4
  368. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.h +4 -4
  369. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver.cc +11 -11
  370. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_attributes.h +4 -4
  371. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.cc +1 -1
  372. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.h +3 -3
  373. data/src/core/{lib/service_config → service_config}/service_config.h +4 -4
  374. data/src/core/{lib/service_config → service_config}/service_config_call_data.h +5 -5
  375. data/src/core/{lib/service_config → service_config}/service_config_impl.cc +2 -2
  376. data/src/core/{lib/service_config → service_config}/service_config_impl.h +5 -5
  377. data/src/core/{lib/service_config → service_config}/service_config_parser.cc +1 -1
  378. data/src/core/{lib/service_config → service_config}/service_config_parser.h +3 -3
  379. data/src/core/tsi/fake_transport_security.cc +1 -1
  380. data/src/ruby/ext/grpc/extconf.rb +0 -1
  381. data/src/ruby/ext/grpc/rb_channel.c +11 -5
  382. data/src/ruby/ext/grpc/rb_event_thread.c +9 -3
  383. data/src/ruby/lib/grpc/version.rb +1 -1
  384. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +8 -103
  385. data/third_party/abseil-cpp/absl/algorithm/container.h +57 -71
  386. data/third_party/abseil-cpp/absl/base/attributes.h +51 -12
  387. data/third_party/abseil-cpp/absl/base/call_once.h +15 -9
  388. data/third_party/abseil-cpp/absl/base/casts.h +1 -1
  389. data/third_party/abseil-cpp/absl/base/config.h +91 -24
  390. data/third_party/abseil-cpp/absl/base/internal/endian.h +13 -12
  391. data/third_party/abseil-cpp/absl/base/internal/identity.h +4 -2
  392. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +19 -18
  393. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
  394. data/third_party/abseil-cpp/absl/base/internal/nullability_impl.h +106 -0
  395. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -11
  396. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -0
  397. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -4
  398. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +20 -0
  399. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +10 -4
  400. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +13 -6
  401. data/third_party/abseil-cpp/absl/base/log_severity.cc +1 -0
  402. data/third_party/abseil-cpp/absl/base/log_severity.h +23 -10
  403. data/third_party/abseil-cpp/absl/base/no_destructor.h +217 -0
  404. data/third_party/abseil-cpp/absl/base/nullability.h +224 -0
  405. data/third_party/abseil-cpp/absl/base/optimization.h +1 -0
  406. data/third_party/abseil-cpp/absl/base/options.h +27 -1
  407. data/third_party/abseil-cpp/absl/base/prefetch.h +25 -14
  408. data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -2
  409. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +3 -3
  410. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +1 -1
  411. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +4 -2
  412. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -9
  413. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -12
  414. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +12 -1
  415. data/third_party/abseil-cpp/absl/container/internal/layout.h +6 -21
  416. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +11 -2
  417. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +148 -31
  418. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +717 -278
  419. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +26 -2
  420. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +6 -0
  421. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +34 -5
  422. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +6 -3
  423. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +4 -2
  424. data/third_party/abseil-cpp/absl/crc/internal/{crc_memcpy_x86_64.cc → crc_memcpy_x86_arm_combined.cc} +65 -47
  425. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +10 -2
  426. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +4 -2
  427. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +24 -0
  428. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +35 -33
  429. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +41 -17
  430. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +108 -44
  431. data/third_party/abseil-cpp/absl/flags/declare.h +0 -5
  432. data/third_party/abseil-cpp/absl/flags/flag.h +1 -10
  433. data/third_party/abseil-cpp/absl/flags/internal/flag.h +0 -5
  434. data/third_party/abseil-cpp/absl/flags/marshalling.cc +10 -1
  435. data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -1
  436. data/third_party/abseil-cpp/absl/functional/function_ref.h +8 -0
  437. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +2 -2
  438. data/third_party/abseil-cpp/absl/hash/internal/hash.h +49 -2
  439. data/third_party/abseil-cpp/absl/numeric/bits.h +37 -18
  440. data/third_party/abseil-cpp/absl/random/distributions.h +1 -1
  441. data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +248 -0
  442. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +55 -14
  443. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +53 -2
  444. data/third_party/abseil-cpp/absl/status/status.cc +36 -238
  445. data/third_party/abseil-cpp/absl/status/status.h +95 -53
  446. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +1 -3
  447. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +3 -2
  448. data/third_party/abseil-cpp/absl/status/statusor.cc +5 -2
  449. data/third_party/abseil-cpp/absl/status/statusor.h +43 -3
  450. data/third_party/abseil-cpp/absl/strings/ascii.cc +84 -12
  451. data/third_party/abseil-cpp/absl/strings/ascii.h +8 -6
  452. data/third_party/abseil-cpp/absl/strings/charconv.cc +19 -12
  453. data/third_party/abseil-cpp/absl/strings/charconv.h +6 -3
  454. data/third_party/abseil-cpp/absl/strings/charset.h +164 -0
  455. data/third_party/abseil-cpp/absl/strings/cord.cc +266 -69
  456. data/third_party/abseil-cpp/absl/strings/cord.h +138 -92
  457. data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +19 -33
  458. data/third_party/abseil-cpp/absl/strings/cord_analysis.h +4 -3
  459. data/third_party/abseil-cpp/absl/strings/escaping.cc +5 -4
  460. data/third_party/abseil-cpp/absl/strings/has_absl_stringify.h +63 -0
  461. data/third_party/abseil-cpp/absl/strings/has_ostream_operator.h +42 -0
  462. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -6
  463. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +19 -45
  464. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +23 -28
  465. data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +15 -26
  466. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +12 -4
  467. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +145 -8
  468. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +72 -24
  469. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +17 -1
  470. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +7 -4
  471. data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +8 -3
  472. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +10 -4
  473. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +5 -4
  474. data/third_party/abseil-cpp/absl/strings/match.cc +3 -0
  475. data/third_party/abseil-cpp/absl/strings/numbers.cc +396 -153
  476. data/third_party/abseil-cpp/absl/strings/numbers.h +193 -35
  477. data/third_party/abseil-cpp/absl/strings/str_cat.cc +151 -21
  478. data/third_party/abseil-cpp/absl/strings/str_cat.h +127 -25
  479. data/third_party/abseil-cpp/absl/strings/str_format.h +30 -20
  480. data/third_party/abseil-cpp/absl/strings/str_join.h +16 -16
  481. data/third_party/abseil-cpp/absl/strings/str_replace.cc +12 -3
  482. data/third_party/abseil-cpp/absl/strings/str_replace.h +8 -5
  483. data/third_party/abseil-cpp/absl/strings/str_split.cc +8 -6
  484. data/third_party/abseil-cpp/absl/strings/str_split.h +18 -0
  485. data/third_party/abseil-cpp/absl/strings/string_view.cc +26 -5
  486. data/third_party/abseil-cpp/absl/strings/string_view.h +91 -26
  487. data/third_party/abseil-cpp/absl/strings/strip.h +5 -2
  488. data/third_party/abseil-cpp/absl/strings/substitute.cc +12 -4
  489. data/third_party/abseil-cpp/absl/strings/substitute.h +103 -91
  490. data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.h +2 -2
  491. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -0
  492. data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.h +4 -2
  493. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +296 -332
  494. data/third_party/abseil-cpp/absl/synchronization/mutex.h +89 -34
  495. data/third_party/abseil-cpp/absl/time/civil_time.h +26 -0
  496. data/third_party/abseil-cpp/absl/time/clock.h +5 -1
  497. data/third_party/abseil-cpp/absl/time/duration.cc +3 -3
  498. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +2 -2
  499. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
  500. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +9 -14
  501. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -8
  502. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +18 -0
  503. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +18 -0
  504. data/third_party/abseil-cpp/absl/types/internal/variant.h +3 -3
  505. data/third_party/abseil-cpp/absl/types/optional.h +3 -2
  506. data/third_party/abseil-cpp/absl/types/span.h +9 -4
  507. data/third_party/abseil-cpp/absl/utility/utility.h +11 -93
  508. data/third_party/boringssl-with-bazel/err_data.c +278 -276
  509. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
  510. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -9
  511. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +8 -21
  512. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
  513. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -1
  514. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
  515. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +11 -3
  516. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +4 -1
  517. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +1 -1
  518. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +3 -3
  519. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -6
  520. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +4 -13
  521. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +1 -6
  522. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +27 -4
  523. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -4
  524. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -4
  525. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +8 -0
  526. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +1 -11
  527. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +7 -8
  528. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +42 -12
  529. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -22
  530. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +9 -9
  531. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +34 -1
  532. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +49 -3
  533. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +30 -42
  534. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +87 -96
  535. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +5 -1
  536. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +4 -2
  537. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  538. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +4 -0
  539. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -2
  540. data/third_party/boringssl-with-bazel/src/crypto/des/des.c +105 -31
  541. data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +10 -81
  542. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +2 -15
  543. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +1 -9
  544. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +1 -5
  545. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +2 -5
  546. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +1 -4
  547. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +1 -2
  548. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -3
  549. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -2
  550. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +2 -8
  551. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +1 -1
  552. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +26 -17
  553. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +1 -1
  554. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +4 -2
  555. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +26 -5
  556. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +10 -41
  557. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +49 -2
  558. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +26 -0
  559. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +27 -26
  560. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -6
  561. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1 -8
  562. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +8 -2
  563. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -2
  564. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +11 -24
  565. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c +43 -50
  566. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +2 -6
  567. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +4 -0
  568. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1 -2
  569. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +16 -9
  570. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +7 -6
  571. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +2 -7
  572. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +51 -13
  573. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +17 -0
  574. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +5 -2
  575. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +1 -2
  576. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +1 -3
  577. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +6 -5
  578. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +1 -2
  579. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +153 -6
  580. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +87 -7
  581. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +39 -5
  582. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +32 -5
  583. data/third_party/boringssl-with-bazel/src/crypto/internal.h +254 -54
  584. data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +70 -0
  585. data/third_party/boringssl-with-bazel/src/crypto/{kyber → keccak}/keccak.c +124 -49
  586. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +8 -39
  587. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +39 -29
  588. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +3 -6
  589. data/third_party/boringssl-with-bazel/src/crypto/mem.c +17 -33
  590. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +36 -16
  591. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -3
  592. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +31 -0
  593. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +2 -4
  594. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +3 -3
  595. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +9 -13
  596. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +3 -6
  597. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +4 -0
  598. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +3 -1
  599. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +101 -0
  600. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +50 -0
  601. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +133 -0
  602. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +54 -0
  603. data/third_party/boringssl-with-bazel/src/crypto/spx/internal.h +79 -0
  604. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +150 -0
  605. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +61 -0
  606. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +71 -0
  607. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +139 -0
  608. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +53 -0
  609. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +44 -0
  610. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +136 -0
  611. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +70 -0
  612. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +135 -0
  613. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +45 -0
  614. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +4 -9
  615. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +10 -22
  616. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +3 -6
  617. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +12 -36
  618. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -2
  619. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -2
  620. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +14 -9
  621. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +23 -33
  622. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -51
  623. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +2 -6
  624. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +6 -2
  625. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +1 -1
  626. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +1 -4
  627. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -3
  628. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akey.c +1 -1
  629. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akeya.c +3 -1
  630. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_alt.c +5 -6
  631. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bcons.c +1 -1
  632. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bitst.c +1 -1
  633. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_conf.c +0 -2
  634. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_cpols.c +1 -1
  635. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_crld.c +1 -2
  636. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_enum.c +1 -0
  637. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_extku.c +1 -1
  638. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_genn.c +12 -12
  639. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ia5.c +1 -1
  640. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_info.c +4 -6
  641. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_int.c +1 -1
  642. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_lib.c +3 -2
  643. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ncons.c +2 -2
  644. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ocsp.c +1 -1
  645. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pcons.c +1 -1
  646. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pmaps.c +1 -1
  647. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_prn.c +3 -4
  648. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_purp.c +92 -335
  649. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_skey.c +1 -2
  650. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_utl.c +20 -18
  651. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +35 -32
  652. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +44 -59
  653. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -1
  654. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +107 -255
  655. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +32 -20
  656. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +25 -152
  657. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -1
  658. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +330 -944
  659. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +93 -215
  660. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +28 -6
  661. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  662. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -129
  663. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +7 -8
  664. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +46 -50
  665. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +2 -0
  666. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -4
  667. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +6 -6
  668. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -21
  669. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +5 -6
  670. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +3 -1
  671. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +24 -0
  672. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -5
  673. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -0
  674. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +1 -0
  675. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +4 -1
  676. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +2 -2
  677. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -13
  678. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +33 -11
  679. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
  680. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +5 -4
  681. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +26 -18
  682. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -6
  683. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -1
  684. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  685. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +19 -5
  686. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +45 -0
  687. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -0
  688. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +20 -3
  689. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -20
  690. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +76 -60
  691. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +31 -6
  692. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +3 -22
  693. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -1
  694. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2806 -941
  695. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +38 -1025
  696. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +124 -0
  697. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +1 -2
  698. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +82 -9
  699. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +42 -4
  700. data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
  701. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +4 -5
  702. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +9 -1
  703. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1
  704. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +5 -1
  705. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -1
  706. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -2
  707. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +21 -0
  708. data/third_party/cares/config_linux/ares_config.h +2 -38
  709. metadata +214 -179
  710. data/src/core/lib/iomgr/load_file.cc +0 -78
  711. data/src/core/lib/iomgr/load_file.h +0 -35
  712. data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -137
  713. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -280
  714. data/third_party/abseil-cpp/absl/flags/flag.cc +0 -38
  715. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +0 -116
  716. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -158
  717. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
  718. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
  719. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
  720. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -100
  721. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -111
  722. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -197
  723. /data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/ext_dat.h +0 -0
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c CHANGED
@@ -55,6 +55,7 @@
55
55
  #include <openssl/mem.h>
56
56
 
57
57
  #include "../delocate.h"
58
+ #include "../modes/internal.h"
58
59
  #include "../service_indicator/internal.h"
59
60
  #include "internal.h"
60
61
 
@@ -66,10 +67,8 @@ struct ccm128_context {
66
67
  };
67
68
 
68
69
  struct ccm128_state {
69
- union {
70
- uint64_t u[2];
71
- uint8_t c[16];
72
- } nonce, cmac;
70
+ alignas(16) uint8_t nonce[16];
71
+ alignas(16) uint8_t cmac[16];
73
72
  };
74
73
 
75
74
  static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key,
@@ -86,7 +85,7 @@ static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key,
86
85
  }
87
86
 
88
87
  static size_t CRYPTO_ccm128_max_input(const struct ccm128_context *ctx) {
89
- return ctx->L >= sizeof(size_t) ? (size_t)-1
88
+ return ctx->L >= sizeof(size_t) ? SIZE_MAX
90
89
  : (((size_t)1) << (ctx->L * 8)) - 1;
91
90
  }
92
91
 
@@ -107,16 +106,16 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
107
106
 
108
107
  // Assemble the first block for computing the MAC.
109
108
  OPENSSL_memset(state, 0, sizeof(*state));
110
- state->nonce.c[0] = (uint8_t)((L - 1) | ((M - 2) / 2) << 3);
109
+ state->nonce[0] = (uint8_t)((L - 1) | ((M - 2) / 2) << 3);
111
110
  if (aad_len != 0) {
112
- state->nonce.c[0] |= 0x40; // Set AAD Flag
111
+ state->nonce[0] |= 0x40; // Set AAD Flag
113
112
  }
114
- OPENSSL_memcpy(&state->nonce.c[1], nonce, nonce_len);
113
+ OPENSSL_memcpy(&state->nonce[1], nonce, nonce_len);
115
114
  for (unsigned i = 0; i < L; i++) {
116
- state->nonce.c[15 - i] = (uint8_t)(plaintext_len >> (8 * i));
115
+ state->nonce[15 - i] = (uint8_t)(plaintext_len >> (8 * i));
117
116
  }
118
117
 
119
- (*block)(state->nonce.c, state->cmac.c, key);
118
+ (*block)(state->nonce, state->cmac, key);
120
119
  size_t blocks = 1;
121
120
 
122
121
  if (aad_len != 0) {
@@ -124,38 +123,38 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
124
123
  // Cast to u64 to avoid the compiler complaining about invalid shifts.
125
124
  uint64_t aad_len_u64 = aad_len;
126
125
  if (aad_len_u64 < 0x10000 - 0x100) {
127
- state->cmac.c[0] ^= (uint8_t)(aad_len_u64 >> 8);
128
- state->cmac.c[1] ^= (uint8_t)aad_len_u64;
126
+ state->cmac[0] ^= (uint8_t)(aad_len_u64 >> 8);
127
+ state->cmac[1] ^= (uint8_t)aad_len_u64;
129
128
  i = 2;
130
129
  } else if (aad_len_u64 <= 0xffffffff) {
131
- state->cmac.c[0] ^= 0xff;
132
- state->cmac.c[1] ^= 0xfe;
133
- state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 24);
134
- state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 16);
135
- state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 8);
136
- state->cmac.c[5] ^= (uint8_t)aad_len_u64;
130
+ state->cmac[0] ^= 0xff;
131
+ state->cmac[1] ^= 0xfe;
132
+ state->cmac[2] ^= (uint8_t)(aad_len_u64 >> 24);
133
+ state->cmac[3] ^= (uint8_t)(aad_len_u64 >> 16);
134
+ state->cmac[4] ^= (uint8_t)(aad_len_u64 >> 8);
135
+ state->cmac[5] ^= (uint8_t)aad_len_u64;
137
136
  i = 6;
138
137
  } else {
139
- state->cmac.c[0] ^= 0xff;
140
- state->cmac.c[1] ^= 0xff;
141
- state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 56);
142
- state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 48);
143
- state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 40);
144
- state->cmac.c[5] ^= (uint8_t)(aad_len_u64 >> 32);
145
- state->cmac.c[6] ^= (uint8_t)(aad_len_u64 >> 24);
146
- state->cmac.c[7] ^= (uint8_t)(aad_len_u64 >> 16);
147
- state->cmac.c[8] ^= (uint8_t)(aad_len_u64 >> 8);
148
- state->cmac.c[9] ^= (uint8_t)aad_len_u64;
138
+ state->cmac[0] ^= 0xff;
139
+ state->cmac[1] ^= 0xff;
140
+ state->cmac[2] ^= (uint8_t)(aad_len_u64 >> 56);
141
+ state->cmac[3] ^= (uint8_t)(aad_len_u64 >> 48);
142
+ state->cmac[4] ^= (uint8_t)(aad_len_u64 >> 40);
143
+ state->cmac[5] ^= (uint8_t)(aad_len_u64 >> 32);
144
+ state->cmac[6] ^= (uint8_t)(aad_len_u64 >> 24);
145
+ state->cmac[7] ^= (uint8_t)(aad_len_u64 >> 16);
146
+ state->cmac[8] ^= (uint8_t)(aad_len_u64 >> 8);
147
+ state->cmac[9] ^= (uint8_t)aad_len_u64;
149
148
  i = 10;
150
149
  }
151
150
 
152
151
  do {
153
152
  for (; i < 16 && aad_len != 0; i++) {
154
- state->cmac.c[i] ^= *aad;
153
+ state->cmac[i] ^= *aad;
155
154
  aad++;
156
155
  aad_len--;
157
156
  }
158
- (*block)(state->cmac.c, state->cmac.c, key);
157
+ (*block)(state->cmac, state->cmac, key);
159
158
  blocks++;
160
159
  i = 0;
161
160
  } while (aad_len != 0);
@@ -174,7 +173,7 @@ static int ccm128_init_state(const struct ccm128_context *ctx,
174
173
  // Assemble the first block for encrypting and decrypting. The bottom |L|
175
174
  // bytes are replaced with a counter and all bit the encoding of |L| is
176
175
  // cleared in the first byte.
177
- state->nonce.c[0] &= 7;
176
+ state->nonce[0] &= 7;
178
177
  return 1;
179
178
  }
180
179
 
@@ -183,17 +182,17 @@ static int ccm128_encrypt(const struct ccm128_context *ctx,
183
182
  uint8_t *out, const uint8_t *in, size_t len) {
184
183
  // The counter for encryption begins at one.
185
184
  for (unsigned i = 0; i < ctx->L; i++) {
186
- state->nonce.c[15 - i] = 0;
185
+ state->nonce[15 - i] = 0;
187
186
  }
188
- state->nonce.c[15] = 1;
187
+ state->nonce[15] = 1;
189
188
 
190
189
  uint8_t partial_buf[16];
191
190
  unsigned num = 0;
192
191
  if (ctx->ctr != NULL) {
193
- CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, state->nonce.c, partial_buf,
192
+ CRYPTO_ctr128_encrypt_ctr32(in, out, len, key, state->nonce, partial_buf,
194
193
  &num, ctx->ctr);
195
194
  } else {
196
- CRYPTO_ctr128_encrypt(in, out, len, key, state->nonce.c, partial_buf, &num,
195
+ CRYPTO_ctr128_encrypt(in, out, len, key, state->nonce, partial_buf, &num,
197
196
  ctx->block);
198
197
  }
199
198
  return 1;
@@ -209,34 +208,28 @@ static int ccm128_compute_mac(const struct ccm128_context *ctx,
209
208
  }
210
209
 
211
210
  // Incorporate |in| into the MAC.
212
- union {
213
- uint64_t u[2];
214
- uint8_t c[16];
215
- } tmp;
216
211
  while (len >= 16) {
217
- OPENSSL_memcpy(tmp.c, in, 16);
218
- state->cmac.u[0] ^= tmp.u[0];
219
- state->cmac.u[1] ^= tmp.u[1];
220
- (*block)(state->cmac.c, state->cmac.c, key);
212
+ CRYPTO_xor16(state->cmac, state->cmac, in);
213
+ (*block)(state->cmac, state->cmac, key);
221
214
  in += 16;
222
215
  len -= 16;
223
216
  }
224
217
  if (len > 0) {
225
218
  for (size_t i = 0; i < len; i++) {
226
- state->cmac.c[i] ^= in[i];
219
+ state->cmac[i] ^= in[i];
227
220
  }
228
- (*block)(state->cmac.c, state->cmac.c, key);
221
+ (*block)(state->cmac, state->cmac, key);
229
222
  }
230
223
 
231
224
  // Encrypt the MAC with counter zero.
232
225
  for (unsigned i = 0; i < ctx->L; i++) {
233
- state->nonce.c[15 - i] = 0;
226
+ state->nonce[15 - i] = 0;
234
227
  }
235
- (*block)(state->nonce.c, tmp.c, key);
236
- state->cmac.u[0] ^= tmp.u[0];
237
- state->cmac.u[1] ^= tmp.u[1];
228
+ alignas(16) uint8_t tmp[16];
229
+ (*block)(state->nonce, tmp, key);
230
+ CRYPTO_xor16(state->cmac, state->cmac, tmp);
238
231
 
239
- OPENSSL_memcpy(out_tag, state->cmac.c, tag_len);
232
+ OPENSSL_memcpy(out_tag, state->cmac, tag_len);
240
233
  return 1;
241
234
  }
242
235
 
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c CHANGED
@@ -71,17 +71,13 @@
71
71
 
72
72
 
73
73
  DH *DH_new(void) {
74
- DH *dh = OPENSSL_malloc(sizeof(DH));
74
+ DH *dh = OPENSSL_zalloc(sizeof(DH));
75
75
  if (dh == NULL) {
76
76
  return NULL;
77
77
  }
78
78
 
79
- OPENSSL_memset(dh, 0, sizeof(DH));
80
-
81
79
  CRYPTO_MUTEX_init(&dh->method_mont_p_lock);
82
-
83
80
  dh->references = 1;
84
-
85
81
  return dh;
86
82
  }
87
83
 
@@ -398,7 +394,7 @@ int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) {
398
394
  int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len,
399
395
  size_t max_out_len, const BIGNUM *peers_key,
400
396
  const EVP_MD *digest) {
401
- *out_len = (size_t)-1;
397
+ *out_len = SIZE_MAX;
402
398
 
403
399
  const size_t digest_len = EVP_MD_size(digest);
404
400
  if (digest_len > max_out_len) {
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c CHANGED
@@ -185,6 +185,10 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
185
185
  void EVP_MD_CTX_move(EVP_MD_CTX *out, EVP_MD_CTX *in) {
186
186
  EVP_MD_CTX_cleanup(out);
187
187
  // While not guaranteed, |EVP_MD_CTX| is currently safe to move with |memcpy|.
188
+ // bssl-crypto currently relies on this, however, so if we change this, we
189
+ // need to box the |HMAC_CTX|. (Relying on this is only fine because we assume
190
+ // BoringSSL and bssl-crypto will always be updated atomically. We do not
191
+ // allow any version skew between the two.)
188
192
  OPENSSL_memcpy(out, in, sizeof(EVP_MD_CTX));
189
193
  EVP_MD_CTX_init(in);
190
194
  }
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c CHANGED
@@ -250,11 +250,10 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
250
250
  goto err;
251
251
  }
252
252
 
253
- ret = OPENSSL_malloc(sizeof(EC_GROUP));
253
+ ret = OPENSSL_zalloc(sizeof(EC_GROUP));
254
254
  if (ret == NULL) {
255
255
  return NULL;
256
256
  }
257
- OPENSSL_memset(ret, 0, sizeof(EC_GROUP));
258
257
  ret->references = 1;
259
258
  ret->meth = EC_GFp_mont_method();
260
259
  bn_mont_ctx_init(&ret->field);
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c CHANGED
@@ -86,12 +86,11 @@
86
86
  DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class)
87
87
 
88
88
  static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) {
89
- EC_WRAPPED_SCALAR *wrapped = OPENSSL_malloc(sizeof(EC_WRAPPED_SCALAR));
89
+ EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR));
90
90
  if (wrapped == NULL) {
91
91
  return NULL;
92
92
  }
93
93
 
94
- OPENSSL_memset(wrapped, 0, sizeof(EC_WRAPPED_SCALAR));
95
94
  wrapped->bignum.d = wrapped->scalar.words;
96
95
  wrapped->bignum.width = group->order.N.width;
97
96
  wrapped->bignum.dmax = group->order.N.width;
@@ -106,13 +105,11 @@ static void ec_wrapped_scalar_free(EC_WRAPPED_SCALAR *scalar) {
106
105
  EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }
107
106
 
108
107
  EC_KEY *EC_KEY_new_method(const ENGINE *engine) {
109
- EC_KEY *ret = OPENSSL_malloc(sizeof(EC_KEY));
108
+ EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY));
110
109
  if (ret == NULL) {
111
110
  return NULL;
112
111
  }
113
112
 
114
- OPENSSL_memset(ret, 0, sizeof(EC_KEY));
115
-
116
113
  if (engine) {
117
114
  ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);
118
115
  }
@@ -166,12 +163,12 @@ void EC_KEY_free(EC_KEY *r) {
166
163
  METHOD_unref(r->ecdsa_meth);
167
164
  }
168
165
 
166
+ CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
167
+
169
168
  EC_GROUP_free(r->group);
170
169
  EC_POINT_free(r->pub_key);
171
170
  ec_wrapped_scalar_free(r->priv_key);
172
171
 
173
- CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
174
-
175
172
  OPENSSL_free(r);
176
173
  }
177
174
 
@@ -317,8 +314,10 @@ int EC_KEY_check_key(const EC_KEY *eckey) {
317
314
  OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
318
315
  return 0;
319
316
  }
320
- if (!ec_GFp_simple_points_equal(eckey->group, &point,
321
- &eckey->pub_key->raw)) {
317
+ // Leaking this comparison only leaks whether |eckey|'s public key was
318
+ // correct.
319
+ if (!constant_time_declassify_int(ec_GFp_simple_points_equal(
320
+ eckey->group, &point, &eckey->pub_key->raw))) {
322
321
  OPENSSL_PUT_ERROR(EC, EC_R_INVALID_PRIVATE_KEY);
323
322
  return 0;
324
323
  }
@@ -503,6 +502,14 @@ int EC_KEY_generate_key(EC_KEY *key) {
503
502
  return 0;
504
503
  }
505
504
 
505
+ // The public key is derived from the private key, but it is public.
506
+ //
507
+ // TODO(crbug.com/boringssl/677): This isn't quite right. While |pub_key|
508
+ // represents a public point, it is still in Jacobian form and the exact
509
+ // Jacobian representation is secret. We need to make it affine first. See
510
+ // discussion in the bug.
511
+ CONSTTIME_DECLASSIFY(&pub_key->raw, sizeof(pub_key->raw));
512
+
506
513
  ec_wrapped_scalar_free(key->priv_key);
507
514
  key->priv_key = priv_key;
508
515
  EC_POINT_free(key->pub_key);
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c CHANGED
@@ -24,6 +24,7 @@
24
24
  #include <openssl/err.h>
25
25
  #include <openssl/mem.h>
26
26
 
27
+ #include <assert.h>
27
28
  #include <string.h>
28
29
 
29
30
  #include "internal.h"
@@ -836,12 +837,12 @@ static void p224_select_point(const uint64_t idx, size_t size,
836
837
 
837
838
  for (size_t i = 0; i < size; i++) {
838
839
  const p224_limb *inlimbs = &pre_comp[i][0][0];
839
- uint64_t mask = i ^ idx;
840
- mask |= mask >> 4;
841
- mask |= mask >> 2;
842
- mask |= mask >> 1;
843
- mask &= 1;
844
- mask--;
840
+ static_assert(sizeof(uint64_t) <= sizeof(crypto_word_t),
841
+ "crypto_word_t too small");
842
+ static_assert(sizeof(size_t) <= sizeof(crypto_word_t),
843
+ "crypto_word_t too small");
844
+ // Without a value barrier, Clang adds a branch here.
845
+ uint64_t mask = value_barrier_w(constant_time_eq_w(i, idx));
845
846
  for (size_t j = 0; j < 4 * 3; j++) {
846
847
  outlimbs[j] |= inlimbs[j] & mask;
847
848
  }
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c CHANGED
@@ -197,13 +197,8 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
197
197
  wNAF = wNAF_stack;
198
198
  precomp = precomp_stack;
199
199
  } else {
200
- if (num >= ((size_t)-1) / sizeof(wNAF_alloc[0]) ||
201
- num >= ((size_t)-1) / sizeof(precomp_alloc[0])) {
202
- OPENSSL_PUT_ERROR(EC, ERR_R_OVERFLOW);
203
- goto err;
204
- }
205
- wNAF_alloc = OPENSSL_malloc(num * sizeof(wNAF_alloc[0]));
206
- precomp_alloc = OPENSSL_malloc(num * sizeof(precomp_alloc[0]));
200
+ wNAF_alloc = OPENSSL_calloc(num, sizeof(wNAF_alloc[0]));
201
+ precomp_alloc = OPENSSL_calloc(num, sizeof(precomp_alloc[0]));
207
202
  if (wNAF_alloc == NULL || precomp_alloc == NULL) {
208
203
  goto err;
209
204
  }
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c CHANGED
@@ -17,31 +17,34 @@
17
17
  #endif
18
18
 
19
19
  #include <openssl/base.h>
20
-
21
20
  #include "fork_detect.h"
22
21
 
23
- #if defined(OPENSSL_LINUX)
24
- #include <assert.h>
25
- #include <sys/mman.h>
22
+ #if defined(OPENSSL_FORK_DETECTION_MADVISE)
26
23
  #include <unistd.h>
27
24
  #include <stdlib.h>
28
-
29
- #include "../delocate.h"
30
- #include "../../internal.h"
31
-
32
-
25
+ #include <assert.h>
26
+ #include <sys/mman.h>
33
27
  #if defined(MADV_WIPEONFORK)
34
28
  static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
35
29
  #else
36
30
  #define MADV_WIPEONFORK 18
37
31
  #endif
32
+ #elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
33
+ #include <unistd.h>
34
+ #include <stdlib.h>
35
+ #include <pthread.h>
36
+ #endif // OPENSSL_FORK_DETECTION_MADVISE
38
37
 
38
+ #include "../delocate.h"
39
+ #include "../../internal.h"
40
+
41
+ #if defined(OPENSSL_FORK_DETECTION_MADVISE)
42
+ DEFINE_BSS_GET(int, g_force_madv_wipeonfork);
43
+ DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled);
39
44
  DEFINE_STATIC_ONCE(g_fork_detect_once);
40
45
  DEFINE_STATIC_MUTEX(g_fork_detect_lock);
41
46
  DEFINE_BSS_GET(CRYPTO_atomic_u32 *, g_fork_detect_addr);
42
47
  DEFINE_BSS_GET(uint64_t, g_fork_generation);
43
- DEFINE_BSS_GET(int, g_force_madv_wipeonfork);
44
- DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled);
45
48
 
46
49
  static void init_fork_detect(void) {
47
50
  if (*g_force_madv_wipeonfork_bss_get()) {
@@ -73,9 +76,12 @@ static void init_fork_detect(void) {
73
76
  CRYPTO_atomic_store_u32(addr, 1);
74
77
  *g_fork_detect_addr_bss_get() = addr;
75
78
  *g_fork_generation_bss_get() = 1;
79
+
76
80
  }
77
81
 
78
82
  uint64_t CRYPTO_get_fork_generation(void) {
83
+ CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect);
84
+
79
85
  // In a single-threaded process, there are obviously no races because there's
80
86
  // only a single mutator in the address space.
81
87
  //
@@ -87,7 +93,6 @@ uint64_t CRYPTO_get_fork_generation(void) {
87
93
  // child process is single-threaded, the child may become multi-threaded
88
94
  // before it observes this. Therefore, we must synchronize the logic below.
89
95
 
90
- CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect);
91
96
  CRYPTO_atomic_u32 *const flag_ptr = *g_fork_detect_addr_bss_get();
92
97
  if (flag_ptr == NULL) {
93
98
  // Our kernel is too old to support |MADV_WIPEONFORK| or
@@ -98,6 +103,12 @@ uint64_t CRYPTO_get_fork_generation(void) {
98
103
  // doesn't support it.
99
104
  return 42;
100
105
  }
106
+ // With Linux and clone(), we do not believe that pthread_atfork() is
107
+ // sufficient for detecting all forms of address space duplication. At this
108
+ // point we have a kernel that does not support MADV_WIPEONFORK. We could
109
+ // return the generation number from pthread_atfork() here and it would
110
+ // probably be safe in almost any situation, but to ensure safety we return
111
+ // 0 and force an entropy draw on every call.
101
112
  return 0;
102
113
  }
103
114
 
@@ -140,7 +151,34 @@ void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(int on) {
140
151
  *g_force_madv_wipeonfork_enabled_bss_get() = on;
141
152
  }
142
153
 
143
- #elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY)
154
+ #elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
155
+
156
+ DEFINE_STATIC_ONCE(g_pthread_fork_detection_once);
157
+ DEFINE_BSS_GET(uint64_t, g_atfork_fork_generation);
158
+
159
+ static void we_are_forked(void) {
160
+ // Immediately after a fork, the process must be single-threaded.
161
+ uint64_t value = *g_atfork_fork_generation_bss_get() + 1;
162
+ if (value == 0) {
163
+ value = 1;
164
+ }
165
+ *g_atfork_fork_generation_bss_get() = value;
166
+ }
167
+
168
+ static void init_pthread_fork_detection(void) {
169
+ if (pthread_atfork(NULL, NULL, we_are_forked) != 0) {
170
+ abort();
171
+ }
172
+ *g_atfork_fork_generation_bss_get() = 1;
173
+ }
174
+
175
+ uint64_t CRYPTO_get_fork_generation(void) {
176
+ CRYPTO_once(g_pthread_fork_detection_once_bss_get(), init_pthread_fork_detection);
177
+
178
+ return *g_atfork_fork_generation_bss_get();
179
+ }
180
+
181
+ #elif defined(OPENSSL_DOES_NOT_FORK)
144
182
 
145
183
  // These platforms are guaranteed not to fork, and therefore do not require
146
184
  // fork detection support. Returning a constant non zero value makes BoringSSL
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h CHANGED
@@ -17,6 +17,23 @@
17
17
 
18
18
  #include <openssl/base.h>
19
19
 
20
+ #if defined(OPENSSL_LINUX)
21
+ // On linux we use MADVISE instead of pthread_atfork(), due
22
+ // to concerns about clone() being used for address space
23
+ // duplication.
24
+ #define OPENSSL_FORK_DETECTION
25
+ #define OPENSSL_FORK_DETECTION_MADVISE
26
+ #elif defined(OPENSSL_MACOS) || defined(OPENSSL_IOS) || \
27
+ defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)
28
+ // These platforms may detect address space duplication with pthread_atfork.
29
+ // iOS doesn't normally allow fork in apps, but it's there.
30
+ #define OPENSSL_FORK_DETECTION
31
+ #define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
32
+ #elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY)
33
+ // These platforms do not fork.
34
+ #define OPENSSL_DOES_NOT_FORK
35
+ #endif
36
+
20
37
  #if defined(__cplusplus)
21
38
  extern "C" {
22
39
  #endif
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c CHANGED
@@ -119,7 +119,10 @@ static void rand_thread_state_free(void *state_in) {
119
119
 
120
120
  if (state->prev != NULL) {
121
121
  state->prev->next = state->next;
122
- } else {
122
+ } else if (*thread_states_list_bss_get() == state) {
123
+ // |state->prev| may be NULL either if it is the head of the list,
124
+ // or if |state| is freed before it was added to the list at all.
125
+ // Compare against the head of the list to distinguish these cases.
123
126
  *thread_states_list_bss_get() = state->next;
124
127
  }
125
128
 
@@ -371,7 +374,7 @@ void RAND_bytes_with_additional_data(uint8_t *out, size_t out_len,
371
374
  CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND);
372
375
 
373
376
  if (state == NULL) {
374
- state = OPENSSL_malloc(sizeof(struct rand_thread_state));
377
+ state = OPENSSL_zalloc(sizeof(struct rand_thread_state));
375
378
  if (state == NULL ||
376
379
  !CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state,
377
380
  rand_thread_state_free)) {
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c CHANGED
@@ -130,11 +130,10 @@ static int bn_blinding_create_param(BN_BLINDING *b, const BIGNUM *e,
130
130
  const BN_MONT_CTX *mont, BN_CTX *ctx);
131
131
 
132
132
  BN_BLINDING *BN_BLINDING_new(void) {
133
- BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING));
133
+ BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING));
134
134
  if (ret == NULL) {
135
135
  return NULL;
136
136
  }
137
- OPENSSL_memset(ret, 0, sizeof(BN_BLINDING));
138
137
 
139
138
  ret->A = BN_new();
140
139
  if (ret->A == NULL) {
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c CHANGED
@@ -206,13 +206,11 @@ RSA *RSA_new_private_key_large_e(const BIGNUM *n, const BIGNUM *e,
206
206
  RSA *RSA_new(void) { return RSA_new_method(NULL); }
207
207
 
208
208
  RSA *RSA_new_method(const ENGINE *engine) {
209
- RSA *rsa = OPENSSL_malloc(sizeof(RSA));
209
+ RSA *rsa = OPENSSL_zalloc(sizeof(RSA));
210
210
  if (rsa == NULL) {
211
211
  return NULL;
212
212
  }
213
213
 
214
- OPENSSL_memset(rsa, 0, sizeof(RSA));
215
-
216
214
  if (engine) {
217
215
  rsa->meth = ENGINE_get_RSA_method(engine);
218
216
  }
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c CHANGED
@@ -155,7 +155,7 @@ static int ensure_fixed_copy(BIGNUM **out, const BIGNUM *in, int width) {
155
155
  return 0;
156
156
  }
157
157
  *out = copy;
158
- CONSTTIME_SECRET(copy->d, sizeof(BN_ULONG) * width);
158
+ bn_secret(copy);
159
159
 
160
160
  return 1;
161
161
  }
@@ -259,8 +259,7 @@ static int freeze_private_key(RSA *rsa, BN_CTX *ctx) {
259
259
  goto err;
260
260
  }
261
261
  rsa->iqmp_mont = iqmp_mont;
262
- CONSTTIME_SECRET(rsa->iqmp_mont->d,
263
- sizeof(BN_ULONG) * rsa->iqmp_mont->width);
262
+ bn_secret(rsa->iqmp_mont);
264
263
  }
265
264
  }
266
265
  }
@@ -376,7 +375,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used,
376
375
  assert(new_num_blindings > rsa->num_blindings);
377
376
 
378
377
  BN_BLINDING **new_blindings =
379
- OPENSSL_malloc(sizeof(BN_BLINDING *) * new_num_blindings);
378
+ OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *));
380
379
  uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings);
381
380
  if (new_blindings == NULL || new_blindings_inuse == NULL) {
382
381
  goto err;
@@ -622,7 +621,9 @@ int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
622
621
  goto err;
623
622
  }
624
623
 
625
- if (BN_ucmp(f, rsa->n) >= 0) {
624
+ // The input to the RSA private transform may be secret, but padding is
625
+ // expected to construct a value within range, so we can leak this comparison.
626
+ if (constant_time_declassify_int(BN_ucmp(f, rsa->n) >= 0)) {
626
627
  // Usually the padding functions would catch this.
627
628
  OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
628
629
  goto err;
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c CHANGED
@@ -94,12 +94,11 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) {
94
94
  CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
95
95
  if (!array) {
96
96
  const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1);
97
- array = OPENSSL_malloc(num_bytes);
97
+ array = OPENSSL_zalloc(num_bytes);
98
98
  if (!array) {
99
99
  return;
100
100
  }
101
101
 
102
- OPENSSL_memset(array, 0, num_bytes);
103
102
  if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS, array,
104
103
  OPENSSL_free)) {
105
104
  // |OPENSSL_free| has already been called by |CRYPTO_set_thread_local|.