grpc 1.66.0.pre5 → 1.67.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (547) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +19 -10
  3. data/include/grpc/credentials.h +1 -1
  4. data/include/grpc/event_engine/README.md +1 -1
  5. data/include/grpc/event_engine/internal/slice_cast.h +1 -1
  6. data/include/grpc/event_engine/slice.h +0 -1
  7. data/include/grpc/event_engine/slice_buffer.h +0 -1
  8. data/include/grpc/grpc_crl_provider.h +1 -1
  9. data/include/grpc/impl/channel_arg_names.h +1 -1
  10. data/include/grpc/support/log.h +34 -32
  11. data/include/grpc/support/sync_generic.h +2 -4
  12. data/src/core/channelz/channelz.cc +0 -1
  13. data/src/core/channelz/channelz_registry.cc +0 -1
  14. data/src/core/client_channel/client_channel.cc +10 -7
  15. data/src/core/client_channel/client_channel.h +1 -1
  16. data/src/core/client_channel/client_channel_filter.cc +21 -18
  17. data/src/core/client_channel/client_channel_filter.h +1 -1
  18. data/src/core/client_channel/client_channel_internal.h +0 -2
  19. data/src/core/client_channel/config_selector.h +0 -1
  20. data/src/core/client_channel/dynamic_filters.cc +0 -2
  21. data/src/core/client_channel/local_subchannel_pool.cc +0 -2
  22. data/src/core/client_channel/retry_filter.h +0 -1
  23. data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
  24. data/src/core/client_channel/subchannel.cc +21 -27
  25. data/src/core/client_channel/subchannel_stream_client.cc +1 -1
  26. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
  27. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
  28. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
  29. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
  30. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
  31. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
  32. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
  33. data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
  34. data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
  35. data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
  36. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
  37. data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
  38. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
  39. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
  40. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
  41. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
  42. data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
  43. data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
  44. data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
  45. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
  46. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
  47. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
  48. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
  49. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
  52. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
  53. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
  56. data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
  57. data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
  58. data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
  59. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
  60. data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
  61. data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
  62. data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
  63. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
  64. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
  65. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
  66. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
  67. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
  68. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
  69. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
  70. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
  71. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
  72. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
  73. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
  74. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
  75. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
  76. data/src/core/handshaker/handshaker.cc +21 -29
  77. data/src/core/handshaker/security/secure_endpoint.cc +3 -3
  78. data/src/core/handshaker/security/security_handshaker.cc +60 -72
  79. data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
  80. data/src/core/lib/backoff/backoff.cc +7 -10
  81. data/src/core/lib/backoff/backoff.h +4 -6
  82. data/src/core/lib/channel/channel_stack.cc +0 -1
  83. data/src/core/lib/channel/channel_stack.h +0 -1
  84. data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
  85. data/src/core/lib/channel/connected_channel.cc +0 -1
  86. data/src/core/lib/channel/promise_based_filter.cc +146 -194
  87. data/src/core/lib/channel/promise_based_filter.h +1 -1
  88. data/src/core/lib/compression/compression_internal.cc +0 -1
  89. data/src/core/lib/config/config_vars.cc +11 -1
  90. data/src/core/lib/config/config_vars.h +8 -0
  91. data/src/core/lib/config/core_configuration.cc +0 -1
  92. data/src/core/lib/config/core_configuration.h +0 -1
  93. data/src/core/lib/debug/event_log.cc +0 -1
  94. data/src/core/lib/debug/trace_flags.cc +4 -18
  95. data/src/core/lib/debug/trace_flags.h +2 -5
  96. data/src/core/lib/debug/trace_impl.h +6 -0
  97. data/src/core/lib/event_engine/ares_resolver.cc +89 -56
  98. data/src/core/lib/event_engine/ares_resolver.h +0 -9
  99. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
  100. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
  101. data/src/core/lib/event_engine/forkable.cc +0 -1
  102. data/src/core/lib/event_engine/forkable.h +0 -1
  103. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  104. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
  105. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
  106. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
  107. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
  108. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
  109. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
  110. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
  111. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
  112. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
  113. data/src/core/lib/event_engine/resolved_address.cc +0 -1
  114. data/src/core/lib/event_engine/slice.cc +0 -1
  115. data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
  116. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
  117. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
  118. data/src/core/lib/experiments/config.cc +12 -10
  119. data/src/core/lib/experiments/experiments.cc +45 -66
  120. data/src/core/lib/experiments/experiments.h +22 -27
  121. data/src/core/lib/gprpp/chunked_vector.h +0 -1
  122. data/src/core/lib/gprpp/down_cast.h +0 -1
  123. data/src/core/lib/gprpp/host_port.cc +0 -1
  124. data/src/core/lib/gprpp/load_file.cc +0 -1
  125. data/src/core/lib/gprpp/mpscq.h +0 -1
  126. data/src/core/lib/gprpp/single_set_ptr.h +0 -1
  127. data/src/core/lib/gprpp/status_helper.cc +0 -1
  128. data/src/core/lib/gprpp/sync.h +0 -1
  129. data/src/core/lib/gprpp/table.h +28 -0
  130. data/src/core/lib/gprpp/thd.h +0 -1
  131. data/src/core/lib/gprpp/time.h +0 -1
  132. data/src/core/lib/gprpp/time_util.cc +0 -1
  133. data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
  134. data/src/core/lib/gprpp/windows/thd.cc +0 -1
  135. data/src/core/lib/gprpp/work_serializer.cc +23 -34
  136. data/src/core/lib/iomgr/buffer_list.cc +0 -1
  137. data/src/core/lib/iomgr/call_combiner.h +6 -8
  138. data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
  139. data/src/core/lib/iomgr/closure.h +5 -8
  140. data/src/core/lib/iomgr/combiner.cc +6 -8
  141. data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
  142. data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
  143. data/src/core/lib/iomgr/error.h +0 -1
  144. data/src/core/lib/iomgr/ev_apple.cc +13 -18
  145. data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
  146. data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
  147. data/src/core/lib/iomgr/ev_posix.cc +55 -44
  148. data/src/core/lib/iomgr/ev_posix.h +0 -5
  149. data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
  150. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
  151. data/src/core/lib/iomgr/exec_ctx.cc +6 -9
  152. data/src/core/lib/iomgr/exec_ctx.h +26 -16
  153. data/src/core/lib/iomgr/executor.cc +43 -33
  154. data/src/core/lib/iomgr/fork_windows.cc +0 -1
  155. data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
  156. data/src/core/lib/iomgr/iocp_windows.cc +0 -1
  157. data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
  158. data/src/core/lib/iomgr/lockfree_event.cc +7 -11
  159. data/src/core/lib/iomgr/polling_entity.cc +10 -3
  160. data/src/core/lib/iomgr/pollset_windows.cc +0 -2
  161. data/src/core/lib/iomgr/resolve_address.cc +0 -1
  162. data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
  163. data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
  164. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
  165. data/src/core/lib/iomgr/socket_mutator.cc +0 -1
  166. data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
  167. data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
  168. data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
  169. data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
  170. data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
  171. data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
  172. data/src/core/lib/iomgr/tcp_posix.cc +32 -68
  173. data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
  174. data/src/core/lib/iomgr/tcp_windows.cc +4 -12
  175. data/src/core/lib/iomgr/timer_generic.cc +46 -65
  176. data/src/core/lib/iomgr/timer_manager.cc +4 -5
  177. data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
  178. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
  179. data/src/core/lib/iomgr/vsock.cc +0 -1
  180. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
  181. data/src/core/lib/promise/activity.h +0 -1
  182. data/src/core/lib/promise/context.h +0 -1
  183. data/src/core/lib/promise/detail/join_state.h +44 -44
  184. data/src/core/lib/promise/detail/seq_state.h +1101 -1356
  185. data/src/core/lib/promise/for_each.h +8 -15
  186. data/src/core/lib/promise/interceptor_list.h +17 -27
  187. data/src/core/lib/promise/latch.h +16 -24
  188. data/src/core/lib/promise/map.h +1 -1
  189. data/src/core/lib/promise/party.cc +238 -114
  190. data/src/core/lib/promise/party.h +105 -308
  191. data/src/core/lib/promise/pipe.h +3 -4
  192. data/src/core/lib/promise/poll.h +0 -1
  193. data/src/core/lib/promise/status_flag.h +0 -1
  194. data/src/core/lib/resource_quota/connection_quota.cc +0 -1
  195. data/src/core/lib/resource_quota/memory_quota.cc +11 -19
  196. data/src/core/lib/resource_quota/memory_quota.h +2 -4
  197. data/src/core/lib/resource_quota/periodic_update.cc +2 -3
  198. data/src/core/lib/resource_quota/thread_quota.cc +0 -1
  199. data/src/core/lib/security/authorization/audit_logging.cc +0 -1
  200. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
  201. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
  202. data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
  203. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
  204. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
  205. data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
  206. data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
  207. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
  208. data/src/core/lib/security/credentials/credentials.h +1 -2
  209. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
  210. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
  211. data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
  212. data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
  213. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
  214. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
  215. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
  216. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
  217. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
  218. data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
  219. data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
  220. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
  221. data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
  222. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
  223. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
  224. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
  225. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
  226. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
  227. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  228. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
  229. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
  230. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
  231. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
  232. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
  233. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
  234. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
  235. data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
  236. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
  237. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
  238. data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
  239. data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
  240. data/src/core/lib/slice/percent_encoding.cc +0 -1
  241. data/src/core/lib/slice/slice.cc +0 -1
  242. data/src/core/lib/slice/slice.h +0 -1
  243. data/src/core/lib/slice/slice_buffer.cc +0 -1
  244. data/src/core/lib/slice/slice_internal.h +0 -1
  245. data/src/core/lib/slice/slice_refcount.h +6 -8
  246. data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
  247. data/src/core/lib/surface/call.cc +3 -5
  248. data/src/core/lib/surface/call_utils.h +0 -1
  249. data/src/core/lib/surface/channel.cc +0 -1
  250. data/src/core/lib/surface/channel_create.cc +0 -1
  251. data/src/core/lib/surface/channel_init.h +0 -1
  252. data/src/core/lib/surface/client_call.cc +0 -1
  253. data/src/core/lib/surface/client_call.h +0 -1
  254. data/src/core/lib/surface/completion_queue.cc +28 -4
  255. data/src/core/lib/surface/completion_queue_factory.cc +0 -1
  256. data/src/core/lib/surface/filter_stack_call.cc +9 -9
  257. data/src/core/lib/surface/filter_stack_call.h +0 -1
  258. data/src/core/lib/surface/lame_client.cc +0 -1
  259. data/src/core/lib/surface/server_call.cc +0 -1
  260. data/src/core/lib/surface/server_call.h +0 -1
  261. data/src/core/lib/surface/validate_metadata.h +0 -1
  262. data/src/core/lib/surface/version.cc +2 -2
  263. data/src/core/lib/transport/bdp_estimator.cc +9 -12
  264. data/src/core/lib/transport/bdp_estimator.h +6 -8
  265. data/src/core/lib/transport/call_arena_allocator.cc +2 -16
  266. data/src/core/lib/transport/call_arena_allocator.h +20 -5
  267. data/src/core/lib/transport/call_filters.cc +6 -9
  268. data/src/core/lib/transport/call_spine.h +24 -13
  269. data/src/core/lib/transport/connectivity_state.cc +34 -42
  270. data/src/core/lib/transport/metadata_batch.h +41 -1
  271. data/src/core/lib/transport/timeout_encoding.cc +0 -1
  272. data/src/core/lib/transport/transport.h +6 -8
  273. data/src/core/lib/transport/transport_op_string.cc +0 -1
  274. data/src/core/lib/uri/uri_parser.cc +0 -1
  275. data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
  276. data/src/core/load_balancing/health_check_client.cc +31 -42
  277. data/src/core/load_balancing/oob_backend_metric.cc +2 -4
  278. data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
  279. data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
  280. data/src/core/load_balancing/priority/priority.cc +77 -106
  281. data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
  282. data/src/core/load_balancing/rls/rls.cc +142 -187
  283. data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
  284. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
  285. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
  286. data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
  287. data/src/core/load_balancing/xds/cds.cc +26 -43
  288. data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
  289. data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
  290. data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
  291. data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
  292. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
  293. data/src/core/resolver/binder/binder_resolver.cc +0 -2
  294. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
  295. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
  296. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
  297. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
  298. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
  299. data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
  300. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
  301. data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
  302. data/src/core/resolver/endpoint_addresses.cc +0 -1
  303. data/src/core/resolver/fake/fake_resolver.cc +0 -1
  304. data/src/core/resolver/polling_resolver.cc +6 -15
  305. data/src/core/resolver/polling_resolver.h +1 -1
  306. data/src/core/resolver/xds/xds_config.cc +96 -0
  307. data/src/core/resolver/xds/xds_config.h +109 -0
  308. data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
  309. data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
  310. data/src/core/resolver/xds/xds_resolver.cc +51 -55
  311. data/src/core/server/server.cc +2 -2
  312. data/src/core/server/server_config_selector_filter.cc +0 -1
  313. data/src/core/server/xds_server_config_fetcher.cc +4 -6
  314. data/src/core/service_config/service_config_call_data.h +2 -3
  315. data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
  316. data/src/core/service_config/service_config_impl.h +0 -1
  317. data/src/core/telemetry/call_tracer.cc +0 -1
  318. data/src/core/telemetry/metrics.h +0 -1
  319. data/src/core/telemetry/stats_data.cc +67 -0
  320. data/src/core/telemetry/stats_data.h +48 -0
  321. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
  322. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
  323. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
  324. data/src/core/tsi/fake_transport_security.cc +6 -5
  325. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
  326. data/src/core/util/alloc.cc +0 -1
  327. data/src/core/util/gcp_metadata_query.cc +0 -1
  328. data/src/core/util/http_client/httpcli.cc +12 -15
  329. data/src/core/util/http_client/httpcli.h +16 -11
  330. data/src/core/util/http_client/parser.cc +3 -4
  331. data/src/core/util/json/json_reader.cc +0 -1
  332. data/src/core/util/latent_see.cc +29 -9
  333. data/src/core/util/latent_see.h +122 -27
  334. data/src/core/util/log.cc +36 -55
  335. data/src/core/util/lru_cache.h +104 -0
  336. data/src/core/util/msys/tmpfile.cc +0 -1
  337. data/src/core/util/posix/sync.cc +0 -1
  338. data/src/core/util/posix/time.cc +0 -1
  339. data/src/core/util/ring_buffer.h +123 -0
  340. data/src/core/util/spinlock.h +1 -2
  341. data/src/core/util/string.cc +7 -7
  342. data/src/core/util/sync.cc +0 -1
  343. data/src/core/util/sync_abseil.cc +0 -1
  344. data/src/core/util/time.cc +0 -1
  345. data/src/core/util/unique_ptr_with_bitset.h +86 -0
  346. data/src/core/util/useful.h +0 -24
  347. data/src/core/util/windows/cpu.cc +0 -1
  348. data/src/core/util/windows/sync.cc +0 -1
  349. data/src/core/util/windows/time.cc +0 -1
  350. data/src/core/util/windows/tmpfile.cc +0 -1
  351. data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
  352. data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
  353. data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
  354. data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
  355. data/src/core/xds/grpc/xds_cluster.cc +2 -8
  356. data/src/core/xds/grpc/xds_cluster.h +4 -4
  357. data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
  358. data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
  359. data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
  360. data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
  361. data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
  362. data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
  363. data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
  364. data/src/core/xds/grpc/xds_http_filter.h +11 -1
  365. data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
  366. data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
  367. data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
  368. data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
  369. data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
  370. data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
  371. data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
  372. data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
  373. data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
  374. data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
  375. data/src/core/xds/grpc/xds_metadata.cc +62 -0
  376. data/src/core/xds/grpc/xds_metadata.h +127 -0
  377. data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
  378. data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
  379. data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
  380. data/src/core/xds/grpc/xds_routing.cc +57 -22
  381. data/src/core/xds/grpc/xds_routing.h +10 -2
  382. data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
  383. data/src/core/xds/xds_client/xds_client.cc +124 -165
  384. data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
  385. data/src/ruby/ext/grpc/rb_call.c +1 -1
  386. data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
  387. data/src/ruby/ext/grpc/rb_channel.c +22 -16
  388. data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
  389. data/src/ruby/ext/grpc/rb_grpc.c +9 -8
  390. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
  391. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
  392. data/src/ruby/ext/grpc/rb_server.c +10 -8
  393. data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
  394. data/src/ruby/lib/grpc/version.rb +1 -1
  395. data/src/ruby/spec/call_spec.rb +53 -40
  396. data/src/ruby/spec/channel_spec.rb +4 -2
  397. data/src/ruby/spec/client_server_spec.rb +148 -507
  398. data/src/ruby/spec/generic/active_call_spec.rb +64 -86
  399. data/src/ruby/spec/support/services.rb +3 -0
  400. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
  401. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
  403. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
  404. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
  424. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
  425. data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
  426. data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
  427. data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
  428. data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
  429. data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
  430. data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
  431. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
  432. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
  433. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
  434. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
  435. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
  436. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
  437. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
  438. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
  439. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
  440. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
  441. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
  442. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
  444. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
  445. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
  446. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
  447. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
  448. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
  449. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
  450. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
  451. data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
  452. data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
  453. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
  454. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
  455. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
  456. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
  457. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
  458. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
  459. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
  460. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
  461. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
  462. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
  463. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
  464. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
  465. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
  466. data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
  467. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
  468. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
  469. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
  470. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
  471. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
  472. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
  473. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
  474. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
  475. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
  476. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
  477. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
  478. metadata +113 -87
  479. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
  480. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
  481. data/src/core/util/android/log.cc +0 -48
  482. data/src/core/util/linux/log.cc +0 -69
  483. data/src/core/util/posix/log.cc +0 -69
  484. data/src/core/util/windows/log.cc +0 -73
  485. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
  486. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
  487. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
  488. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
  489. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
  490. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
  491. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
  492. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
  493. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
  494. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
  495. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
  496. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
  497. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
  498. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
  499. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
  500. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
  501. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
  502. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
  503. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
  504. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
  505. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
  506. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
  507. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
  508. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
  509. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
  510. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
  511. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
  512. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
  513. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
  514. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
  515. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
  516. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
  517. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
  518. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
  519. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
  520. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
  521. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
  522. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
  523. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
  524. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
  525. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
  526. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
  527. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
  528. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
  529. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
  530. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
  531. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
  532. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
  533. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
  534. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
  535. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
  536. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
  537. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
  538. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
  539. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
  540. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
  541. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
  542. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
  543. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
  544. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
  545. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
  546. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
  547. /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
@@ -57,7 +57,7 @@
57
57
  /* This file is generated by crypto/obj/objects.go. */
58
58
 
59
59
 
60
- #define NUM_NID 965
60
+ #define NUM_NID 966
61
61
 
62
62
  static const uint8_t kObjectData[] = {
63
63
  /* NID_rsadsi */
@@ -8783,6 +8783,7 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
8783
8783
  {"HKDF", "hkdf", NID_hkdf, 0, NULL, 0},
8784
8784
  {"X25519Kyber768Draft00", "X25519Kyber768Draft00",
8785
8785
  NID_X25519Kyber768Draft00, 0, NULL, 0},
8786
+ {"X25519MLKEM768", "X25519MLKEM768", NID_X25519MLKEM768, 0, NULL, 0},
8786
8787
  };
8787
8788
 
8788
8789
  static const uint16_t kNIDsInShortNameOrder[] = {
@@ -8981,6 +8982,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
8981
8982
  458 /* UID */,
8982
8983
  948 /* X25519 */,
8983
8984
  964 /* X25519Kyber768Draft00 */,
8985
+ 965 /* X25519MLKEM768 */,
8984
8986
  961 /* X448 */,
8985
8987
  11 /* X500 */,
8986
8988
  378 /* X500algorithms */,
@@ -9852,6 +9854,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
9852
9854
  375 /* Trust Root */,
9853
9855
  948 /* X25519 */,
9854
9856
  964 /* X25519Kyber768Draft00 */,
9857
+ 965 /* X25519MLKEM768 */,
9855
9858
  961 /* X448 */,
9856
9859
  12 /* X509 */,
9857
9860
  402 /* X509v3 AC Targeting */,
@@ -312,12 +312,11 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
312
312
  const unsigned iv_len = EVP_CIPHER_iv_length(enc);
313
313
 
314
314
  if (pass == NULL) {
315
- pass_len = 0;
316
315
  if (!callback) {
317
316
  callback = PEM_def_callback;
318
317
  }
319
318
  pass_len = (*callback)(buf, PEM_BUFSIZE, 1, u);
320
- if (pass_len <= 0) {
319
+ if (pass_len < 0) {
321
320
  OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);
322
321
  goto err;
323
322
  }
@@ -393,7 +392,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
393
392
  callback = PEM_def_callback;
394
393
  }
395
394
  pass_len = callback(buf, PEM_BUFSIZE, 0, u);
396
- if (pass_len <= 0) {
395
+ if (pass_len < 0) {
397
396
  OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
398
397
  return 0;
399
398
  }
@@ -779,11 +778,11 @@ err:
779
778
 
780
779
  int PEM_def_callback(char *buf, int size, int rwflag, void *userdata) {
781
780
  if (!buf || !userdata || size < 0) {
782
- return 0;
781
+ return -1;
783
782
  }
784
783
  size_t len = strlen((char *)userdata);
785
784
  if (len >= (size_t)size) {
786
- return 0;
785
+ return -1;
787
786
  }
788
787
  OPENSSL_strlcpy(buf, userdata, (size_t)size);
789
788
  return (int)len;
@@ -113,12 +113,11 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
113
113
  }
114
114
  if (enc || (nid != -1)) {
115
115
  if (!pass) {
116
- pass_len = 0;
117
116
  if (!cb) {
118
117
  cb = PEM_def_callback;
119
118
  }
120
119
  pass_len = cb(buf, PEM_BUFSIZE, 1, u);
121
- if (pass_len <= 0) {
120
+ if (pass_len < 0) {
122
121
  OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);
123
122
  PKCS8_PRIV_KEY_INFO_free(p8inf);
124
123
  return 0;
@@ -166,7 +165,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
166
165
  cb = PEM_def_callback;
167
166
  }
168
167
  pass_len = cb(psbuf, PEM_BUFSIZE, 0, u);
169
- if (pass_len <= 0) {
168
+ if (pass_len < 0) {
170
169
  OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
171
170
  X509_SIG_free(p8);
172
171
  return NULL;
@@ -110,7 +110,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
110
110
  cb = PEM_def_callback;
111
111
  }
112
112
  pass_len = cb(psbuf, PEM_BUFSIZE, 0, u);
113
- if (pass_len <= 0) {
113
+ if (pass_len < 0) {
114
114
  OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
115
115
  X509_SIG_free(p8);
116
116
  goto err;
@@ -57,6 +57,7 @@
57
57
  #define OPENSSL_HEADER_PKCS8_INTERNAL_H
58
58
 
59
59
  #include <openssl/base.h>
60
+ #include <openssl/stack.h>
60
61
 
61
62
  #if defined(__cplusplus)
62
63
  extern "C" {
@@ -14,7 +14,8 @@
14
14
 
15
15
  #include <openssl/rand.h>
16
16
 
17
- #include "../fipsmodule/rand/internal.h"
17
+ #include "../bcm_support.h"
18
+ #include "sysrand_internal.h"
18
19
 
19
20
  #if defined(OPENSSL_RAND_DETERMINISTIC)
20
21
 
@@ -35,6 +36,8 @@ static CRYPTO_MUTEX g_num_calls_lock = CRYPTO_MUTEX_INIT;
35
36
 
36
37
  void RAND_reset_for_fuzzing(void) { g_num_calls = 0; }
37
38
 
39
+ void CRYPTO_init_sysrand(void) {}
40
+
38
41
  void CRYPTO_sysrand(uint8_t *out, size_t requested) {
39
42
  static const uint8_t kZeroKey[32];
40
43
 
@@ -50,6 +53,11 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
50
53
  CRYPTO_chacha_20(out, out, requested, kZeroKey, nonce, 0);
51
54
  }
52
55
 
56
+ int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
57
+ CRYPTO_sysrand(buf, len);
58
+ return 1;
59
+ }
60
+
53
61
  void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
54
62
  CRYPTO_sysrand(out, requested);
55
63
  }
@@ -16,8 +16,7 @@
16
16
  #define _GNU_SOURCE // needed for madvise() and MAP_ANONYMOUS on Linux.
17
17
  #endif
18
18
 
19
- #include <openssl/base.h>
20
- #include "fork_detect.h"
19
+ #include "../bcm_support.h"
21
20
 
22
21
  #if defined(OPENSSL_FORK_DETECTION_MADVISE)
23
22
  #include <unistd.h>
@@ -35,19 +34,18 @@ static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
35
34
  #include <pthread.h>
36
35
  #endif // OPENSSL_FORK_DETECTION_MADVISE
37
36
 
38
- #include "../delocate.h"
39
- #include "../../internal.h"
37
+ #include "../internal.h"
40
38
 
41
39
  #if defined(OPENSSL_FORK_DETECTION_MADVISE)
42
- DEFINE_BSS_GET(int, g_force_madv_wipeonfork);
43
- DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled);
44
- DEFINE_STATIC_ONCE(g_fork_detect_once);
45
- DEFINE_STATIC_MUTEX(g_fork_detect_lock);
46
- DEFINE_BSS_GET(CRYPTO_atomic_u32 *, g_fork_detect_addr);
47
- DEFINE_BSS_GET(uint64_t, g_fork_generation);
40
+ static int g_force_madv_wipeonfork;
41
+ static int g_force_madv_wipeonfork_enabled;
42
+ static CRYPTO_once_t g_fork_detect_once = CRYPTO_ONCE_INIT;
43
+ static CRYPTO_MUTEX g_fork_detect_lock = CRYPTO_MUTEX_INIT;
44
+ static CRYPTO_atomic_u32 * g_fork_detect_addr;
45
+ static uint64_t g_fork_generation;
48
46
 
49
47
  static void init_fork_detect(void) {
50
- if (*g_force_madv_wipeonfork_bss_get()) {
48
+ if (g_force_madv_wipeonfork) {
51
49
  return;
52
50
  }
53
51
 
@@ -74,13 +72,13 @@ static void init_fork_detect(void) {
74
72
  }
75
73
 
76
74
  CRYPTO_atomic_store_u32(addr, 1);
77
- *g_fork_detect_addr_bss_get() = addr;
78
- *g_fork_generation_bss_get() = 1;
75
+ g_fork_detect_addr = addr;
76
+ g_fork_generation = 1;
79
77
 
80
78
  }
81
79
 
82
80
  uint64_t CRYPTO_get_fork_generation(void) {
83
- CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect);
81
+ CRYPTO_once(&g_fork_detect_once, init_fork_detect);
84
82
 
85
83
  // In a single-threaded process, there are obviously no races because there's
86
84
  // only a single mutator in the address space.
@@ -93,12 +91,12 @@ uint64_t CRYPTO_get_fork_generation(void) {
93
91
  // child process is single-threaded, the child may become multi-threaded
94
92
  // before it observes this. Therefore, we must synchronize the logic below.
95
93
 
96
- CRYPTO_atomic_u32 *const flag_ptr = *g_fork_detect_addr_bss_get();
94
+ CRYPTO_atomic_u32 *const flag_ptr = g_fork_detect_addr;
97
95
  if (flag_ptr == NULL) {
98
96
  // Our kernel is too old to support |MADV_WIPEONFORK| or
99
97
  // |g_force_madv_wipeonfork| is set.
100
- if (*g_force_madv_wipeonfork_bss_get() &&
101
- *g_force_madv_wipeonfork_enabled_bss_get()) {
98
+ if (g_force_madv_wipeonfork &&
99
+ g_force_madv_wipeonfork_enabled) {
102
100
  // A constant generation number to simulate support, even if the kernel
103
101
  // doesn't support it.
104
102
  return 42;
@@ -114,7 +112,7 @@ uint64_t CRYPTO_get_fork_generation(void) {
114
112
 
115
113
  // In the common case, try to observe the flag without taking a lock. This
116
114
  // avoids cacheline contention in the PRNG.
117
- uint64_t *const generation_ptr = g_fork_generation_bss_get();
115
+ uint64_t *const generation_ptr = &g_fork_generation;
118
116
  if (CRYPTO_atomic_load_u32(flag_ptr) != 0) {
119
117
  // If we observe a non-zero flag, it is safe to read |generation_ptr|
120
118
  // without a lock. The flag and generation number are fixed for this copy of
@@ -125,7 +123,7 @@ uint64_t CRYPTO_get_fork_generation(void) {
125
123
  // The flag was zero. The generation number must be incremented, but other
126
124
  // threads may have concurrently observed the zero, so take a lock before
127
125
  // incrementing.
128
- CRYPTO_MUTEX *const lock = g_fork_detect_lock_bss_get();
126
+ CRYPTO_MUTEX *const lock = &g_fork_detect_lock;
129
127
  CRYPTO_MUTEX_lock_write(lock);
130
128
  uint64_t current_generation = *generation_ptr;
131
129
  if (CRYPTO_atomic_load_u32(flag_ptr) == 0) {
@@ -147,35 +145,35 @@ uint64_t CRYPTO_get_fork_generation(void) {
147
145
  }
148
146
 
149
147
  void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(int on) {
150
- *g_force_madv_wipeonfork_bss_get() = 1;
151
- *g_force_madv_wipeonfork_enabled_bss_get() = on;
148
+ g_force_madv_wipeonfork = 1;
149
+ g_force_madv_wipeonfork_enabled = on;
152
150
  }
153
151
 
154
152
  #elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
155
153
 
156
- DEFINE_STATIC_ONCE(g_pthread_fork_detection_once);
157
- DEFINE_BSS_GET(uint64_t, g_atfork_fork_generation);
154
+ static CRYPTO_once_t g_pthread_fork_detection_once = CRYPTO_ONCE_INIT;
155
+ static uint64_t g_atfork_fork_generation;
158
156
 
159
157
  static void we_are_forked(void) {
160
158
  // Immediately after a fork, the process must be single-threaded.
161
- uint64_t value = *g_atfork_fork_generation_bss_get() + 1;
159
+ uint64_t value = g_atfork_fork_generation + 1;
162
160
  if (value == 0) {
163
161
  value = 1;
164
162
  }
165
- *g_atfork_fork_generation_bss_get() = value;
163
+ g_atfork_fork_generation = value;
166
164
  }
167
165
 
168
166
  static void init_pthread_fork_detection(void) {
169
167
  if (pthread_atfork(NULL, NULL, we_are_forked) != 0) {
170
168
  abort();
171
169
  }
172
- *g_atfork_fork_generation_bss_get() = 1;
170
+ g_atfork_fork_generation = 1;
173
171
  }
174
172
 
175
173
  uint64_t CRYPTO_get_fork_generation(void) {
176
- CRYPTO_once(g_pthread_fork_detection_once_bss_get(), init_pthread_fork_detection);
174
+ CRYPTO_once(&g_pthread_fork_detection_once, init_pthread_fork_detection);
177
175
 
178
- return *g_atfork_fork_generation_bss_get();
176
+ return g_atfork_fork_generation;
179
177
  }
180
178
 
181
179
  #elif defined(OPENSSL_DOES_NOT_FORK)
@@ -18,7 +18,8 @@
18
18
 
19
19
  #include <openssl/rand.h>
20
20
 
21
- #include "../fipsmodule/rand/internal.h"
21
+ #include "../bcm_support.h"
22
+ #include "sysrand_internal.h"
22
23
 
23
24
  #if defined(OPENSSL_RAND_GETENTROPY)
24
25
 
@@ -30,6 +31,8 @@
30
31
  #include <sys/random.h>
31
32
  #endif
32
33
 
34
+ void CRYPTO_init_sysrand(void) {}
35
+
33
36
  // CRYPTO_sysrand puts |requested| random bytes into |out|.
34
37
  void CRYPTO_sysrand(uint8_t *out, size_t requested) {
35
38
  while (requested > 0) {
@@ -45,6 +48,11 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
45
48
  }
46
49
  }
47
50
 
51
+ int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
52
+ CRYPTO_sysrand(buf, len);
53
+ return 1;
54
+ }
55
+
48
56
  void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
49
57
  CRYPTO_sysrand(out, requested);
50
58
  }
@@ -14,19 +14,27 @@
14
14
 
15
15
  #include <openssl/rand.h>
16
16
 
17
- #include "../fipsmodule/rand/internal.h"
17
+ #include "../bcm_support.h"
18
+ #include "sysrand_internal.h"
18
19
 
19
20
  #if defined(OPENSSL_RAND_IOS)
20
21
  #include <stdlib.h>
21
22
 
22
23
  #include <CommonCrypto/CommonRandom.h>
23
24
 
25
+ void CRYPTO_init_sysrand(void) {}
26
+
24
27
  void CRYPTO_sysrand(uint8_t *out, size_t requested) {
25
28
  if (CCRandomGenerateBytes(out, requested) != kCCSuccess) {
26
29
  abort();
27
30
  }
28
31
  }
29
32
 
33
+ int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
34
+ CRYPTO_sysrand(buf, len);
35
+ return 1;
36
+ }
37
+
30
38
  void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
31
39
  CRYPTO_sysrand(out, requested);
32
40
  }
@@ -14,11 +14,27 @@
14
14
 
15
15
  #include <openssl/ctrdrbg.h>
16
16
 
17
- #include "../fipsmodule/rand/internal.h"
17
+ #include "../fipsmodule/bcm_interface.h"
18
+ #include "../bcm_support.h"
18
19
  #include "../internal.h"
19
20
 
20
21
  #if defined(BORINGSSL_FIPS)
21
22
 
23
+ // passive_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable
24
+ // for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
25
+ // entropy came directly from the CPU and zero if it came from the OS. It
26
+ // actively obtains entropy from the CPU/OS
27
+ static void passive_get_seed_entropy(uint8_t *out_entropy,
28
+ size_t out_entropy_len,
29
+ int *out_want_additional_input) {
30
+ *out_want_additional_input = 0;
31
+ if (bcm_success(BCM_rand_bytes_hwrng(out_entropy, out_entropy_len))) {
32
+ *out_want_additional_input = 1;
33
+ } else {
34
+ CRYPTO_sysrand_for_seed(out_entropy, out_entropy_len);
35
+ }
36
+ }
37
+
22
38
  #define ENTROPY_READ_LEN \
23
39
  (/* last_block size */ 16 + CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD)
24
40
 
@@ -143,7 +159,7 @@ void RAND_need_entropy(size_t bytes_needed) {
143
159
  if (get_seed_from_daemon(buf, todo)) {
144
160
  want_additional_input = 1;
145
161
  } else {
146
- CRYPTO_get_seed_entropy(buf, todo, &want_additional_input);
162
+ passive_get_seed_entropy(buf, todo, &want_additional_input);
147
163
  }
148
164
 
149
165
  if (boringssl_fips_break_test("CRNG")) {
@@ -152,7 +168,7 @@ void RAND_need_entropy(size_t bytes_needed) {
152
168
  OPENSSL_memset(buf, 0, todo);
153
169
  }
154
170
 
155
- RAND_load_entropy(buf, todo, want_additional_input);
171
+ BCM_rand_load_entropy(buf, todo, want_additional_input);
156
172
  }
157
173
 
158
174
  #endif // FIPS
@@ -12,11 +12,21 @@
12
12
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
13
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
14
 
15
+ #include <limits.h>
16
+
15
17
  #include <openssl/rand.h>
16
18
 
17
- #include <limits.h>
19
+ #include "../bcm_support.h"
20
+ #include "../fipsmodule/bcm_interface.h"
18
21
 
19
22
 
23
+ int RAND_bytes(uint8_t *buf, size_t len) {
24
+ BCM_rand_bytes(buf, len);
25
+ return 1;
26
+ }
27
+
28
+ int RAND_pseudo_bytes(uint8_t *buf, size_t len) { return RAND_bytes(buf, len); }
29
+
20
30
  void RAND_seed(const void *buf, int num) {
21
31
  // OpenSSH calls |RAND_seed| before jailing on the assumption that any needed
22
32
  // file descriptors etc will be opened.
@@ -28,7 +38,7 @@ int RAND_load_file(const char *path, long num) {
28
38
  if (num < 0) { // read the "whole file"
29
39
  return 1;
30
40
  } else if (num <= INT_MAX) {
31
- return (int) num;
41
+ return (int)num;
32
42
  } else {
33
43
  return INT_MAX;
34
44
  }
@@ -38,37 +48,30 @@ const char *RAND_file_name(char *buf, size_t num) { return NULL; }
38
48
 
39
49
  void RAND_add(const void *buf, int num, double entropy) {}
40
50
 
41
- int RAND_egd(const char *path) {
42
- return 255;
43
- }
51
+ int RAND_egd(const char *path) { return 255; }
44
52
 
45
- int RAND_poll(void) {
46
- return 1;
47
- }
53
+ int RAND_poll(void) { return 1; }
48
54
 
49
- int RAND_status(void) {
50
- return 1;
51
- }
55
+ int RAND_status(void) { return 1; }
52
56
 
53
57
  static const struct rand_meth_st kSSLeayMethod = {
54
- RAND_seed,
55
- RAND_bytes,
56
- RAND_cleanup,
57
- RAND_add,
58
- RAND_pseudo_bytes,
59
- RAND_status,
58
+ RAND_seed, RAND_bytes, RAND_cleanup,
59
+ RAND_add, RAND_pseudo_bytes, RAND_status,
60
60
  };
61
61
 
62
- RAND_METHOD *RAND_SSLeay(void) {
63
- return (RAND_METHOD*) &kSSLeayMethod;
64
- }
62
+ RAND_METHOD *RAND_SSLeay(void) { return (RAND_METHOD *)&kSSLeayMethod; }
65
63
 
66
- RAND_METHOD *RAND_OpenSSL(void) {
67
- return RAND_SSLeay();
68
- }
64
+ RAND_METHOD *RAND_OpenSSL(void) { return RAND_SSLeay(); }
69
65
 
70
66
  const RAND_METHOD *RAND_get_rand_method(void) { return RAND_SSLeay(); }
71
67
 
72
68
  int RAND_set_rand_method(const RAND_METHOD *method) { return 1; }
73
69
 
74
70
  void RAND_cleanup(void) {}
71
+
72
+ void RAND_get_system_entropy_for_custom_prng(uint8_t *buf, size_t len) {
73
+ if (len > 256) {
74
+ abort();
75
+ }
76
+ CRYPTO_sysrand_for_seed(buf, len);
77
+ }
@@ -0,0 +1,37 @@
1
+ /* Copyright (c) 2024, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #ifndef OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H
16
+ #define OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H
17
+
18
+ #include <openssl/base.h>
19
+
20
+ #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
21
+ #define OPENSSL_RAND_DETERMINISTIC
22
+ #elif defined(OPENSSL_TRUSTY)
23
+ #define OPENSSL_RAND_TRUSTY
24
+ #elif defined(OPENSSL_WINDOWS)
25
+ #define OPENSSL_RAND_WINDOWS
26
+ #elif defined(OPENSSL_LINUX)
27
+ #define OPENSSL_RAND_URANDOM
28
+ #elif defined(OPENSSL_APPLE) && !defined(OPENSSL_MACOS)
29
+ // Unlike macOS, iOS and similar hide away getentropy().
30
+ #define OPENSSL_RAND_IOS
31
+ #else
32
+ // By default if you are integrating BoringSSL we expect you to
33
+ // provide getentropy from the <unistd.h> header file.
34
+ #define OPENSSL_RAND_GETENTROPY
35
+ #endif
36
+
37
+ #endif // OPENSSL_HEADER_CRYPTO__SYSRAND_INTERNAL_H
@@ -14,7 +14,8 @@
14
14
 
15
15
  #include <openssl/rand.h>
16
16
 
17
- #include "../fipsmodule/rand/internal.h"
17
+ #include "../bcm_support.h"
18
+ #include "sysrand_internal.h"
18
19
 
19
20
  #if defined(OPENSSL_RAND_TRUSTY)
20
21
  #include <stdint.h>
@@ -25,12 +26,19 @@
25
26
 
26
27
  #include <lib/rng/trusty_rng.h>
27
28
 
29
+ void CRYPTO_init_sysrand(void) {}
30
+
28
31
  void CRYPTO_sysrand(uint8_t *out, size_t requested) {
29
32
  if (trusty_rng_hw_rand(out, requested) != NO_ERROR) {
30
33
  abort();
31
34
  }
32
35
  }
33
36
 
37
+ int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
38
+ CRYPTO_sysrand(buf, len);
39
+ return 1;
40
+ }
41
+
34
42
  void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
35
43
  CRYPTO_sysrand(out, requested);
36
44
  }
@@ -18,7 +18,8 @@
18
18
 
19
19
  #include <openssl/rand.h>
20
20
 
21
- #include "internal.h"
21
+ #include "../bcm_support.h"
22
+ #include "sysrand_internal.h"
22
23
 
23
24
  #if defined(OPENSSL_RAND_URANDOM)
24
25
 
@@ -62,8 +63,7 @@
62
63
  #include <openssl/mem.h>
63
64
 
64
65
  #include "getrandom_fillin.h"
65
- #include "../delocate.h"
66
- #include "../../internal.h"
66
+ #include "../internal.h"
67
67
 
68
68
 
69
69
  #if defined(USE_NR_getrandom)
@@ -96,17 +96,17 @@ static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) {
96
96
  static const int kHaveGetrandom = -3;
97
97
 
98
98
  // urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
99
- DEFINE_BSS_GET(int, urandom_fd)
99
+ static int urandom_fd;
100
100
 
101
101
  #if defined(USE_NR_getrandom)
102
102
 
103
103
  // getrandom_ready is one if |getrandom| had been initialized by the time
104
104
  // |init_once| was called and zero otherwise.
105
- DEFINE_BSS_GET(int, getrandom_ready)
105
+ static int getrandom_ready;
106
106
 
107
107
  // extra_getrandom_flags_for_seed contains a value that is ORed into the flags
108
108
  // for getrandom() when reading entropy for a seed.
109
- DEFINE_BSS_GET(int, extra_getrandom_flags_for_seed)
109
+ static int extra_getrandom_flags_for_seed;
110
110
 
111
111
  // On Android, check a system property to decide whether to set
112
112
  // |extra_getrandom_flags_for_seed| otherwise they will default to zero. If
@@ -123,14 +123,14 @@ static void maybe_set_extra_getrandom_flags(void) {
123
123
 
124
124
  value[length] = 0;
125
125
  if (OPENSSL_strcasecmp(value, "true") == 0) {
126
- *extra_getrandom_flags_for_seed_bss_get() = GRND_RANDOM;
126
+ extra_getrandom_flags_for_seed = GRND_RANDOM;
127
127
  }
128
128
  #endif
129
129
  }
130
130
 
131
131
  #endif // USE_NR_getrandom
132
132
 
133
- DEFINE_STATIC_ONCE(rand_once)
133
+ static CRYPTO_once_t rand_once = CRYPTO_ONCE_INIT;
134
134
 
135
135
  // init_once initializes the state of this module to values previously
136
136
  // requested. This is the only function that modifies |urandom_fd|, which may be
@@ -142,7 +142,7 @@ static void init_once(void) {
142
142
  ssize_t getrandom_ret =
143
143
  boringssl_getrandom(&dummy, sizeof(dummy), GRND_NONBLOCK);
144
144
  if (getrandom_ret == 1) {
145
- *getrandom_ready_bss_get() = 1;
145
+ getrandom_ready = 1;
146
146
  have_getrandom = 1;
147
147
  } else if (getrandom_ret == -1 && errno == EAGAIN) {
148
148
  // We have getrandom, but the entropy pool has not been initialized yet.
@@ -157,7 +157,7 @@ static void init_once(void) {
157
157
  }
158
158
 
159
159
  if (have_getrandom) {
160
- *urandom_fd_bss_get() = kHaveGetrandom;
160
+ urandom_fd = kHaveGetrandom;
161
161
  maybe_set_extra_getrandom_flags();
162
162
  return;
163
163
  }
@@ -185,19 +185,19 @@ static void init_once(void) {
185
185
  abort();
186
186
  }
187
187
 
188
- *urandom_fd_bss_get() = fd;
188
+ urandom_fd = fd;
189
189
  }
190
190
 
191
- DEFINE_STATIC_ONCE(wait_for_entropy_once)
191
+ static CRYPTO_once_t wait_for_entropy_once = CRYPTO_ONCE_INIT;
192
192
 
193
193
  static void wait_for_entropy(void) {
194
- int fd = *urandom_fd_bss_get();
194
+ int fd = urandom_fd;
195
195
  if (fd == kHaveGetrandom) {
196
196
  // |getrandom| and |getentropy| support blocking in |fill_with_entropy|
197
197
  // directly. For |getrandom|, we first probe with a non-blocking call to aid
198
198
  // debugging.
199
199
  #if defined(USE_NR_getrandom)
200
- if (*getrandom_ready_bss_get()) {
200
+ if (getrandom_ready) {
201
201
  // The entropy pool was already initialized in |init_once|.
202
202
  return;
203
203
  }
@@ -256,13 +256,13 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
256
256
 
257
257
  #if defined (USE_NR_getrandom)
258
258
  if (seed) {
259
- getrandom_flags |= *extra_getrandom_flags_for_seed_bss_get();
259
+ getrandom_flags |= extra_getrandom_flags_for_seed;
260
260
  }
261
261
  #endif
262
262
 
263
263
  CRYPTO_init_sysrand();
264
264
  if (block) {
265
- CRYPTO_once(wait_for_entropy_once_bss_get(), wait_for_entropy);
265
+ CRYPTO_once(&wait_for_entropy_once, wait_for_entropy);
266
266
  }
267
267
 
268
268
  // Clear |errno| so it has defined value if |read| or |getrandom|
@@ -271,7 +271,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
271
271
  while (len > 0) {
272
272
  ssize_t r;
273
273
 
274
- if (*urandom_fd_bss_get() == kHaveGetrandom) {
274
+ if (urandom_fd == kHaveGetrandom) {
275
275
  #if defined(USE_NR_getrandom)
276
276
  r = boringssl_getrandom(out, len, getrandom_flags);
277
277
  #else // USE_NR_getrandom
@@ -280,7 +280,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
280
280
  #endif
281
281
  } else {
282
282
  do {
283
- r = read(*urandom_fd_bss_get(), out, len);
283
+ r = read(urandom_fd, out, len);
284
284
  } while (r == -1 && errno == EINTR);
285
285
  }
286
286
 
@@ -295,7 +295,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
295
295
  }
296
296
 
297
297
  void CRYPTO_init_sysrand(void) {
298
- CRYPTO_once(rand_once_bss_get(), init_once);
298
+ CRYPTO_once(&rand_once, init_once);
299
299
  }
300
300
 
301
301
  // CRYPTO_sysrand puts |requested| random bytes into |out|.