grpc 1.66.0.pre5 → 1.67.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +19 -10
- data/include/grpc/credentials.h +1 -1
- data/include/grpc/event_engine/README.md +1 -1
- data/include/grpc/event_engine/internal/slice_cast.h +1 -1
- data/include/grpc/event_engine/slice.h +0 -1
- data/include/grpc/event_engine/slice_buffer.h +0 -1
- data/include/grpc/grpc_crl_provider.h +1 -1
- data/include/grpc/impl/channel_arg_names.h +1 -1
- data/include/grpc/support/log.h +34 -32
- data/include/grpc/support/sync_generic.h +2 -4
- data/src/core/channelz/channelz.cc +0 -1
- data/src/core/channelz/channelz_registry.cc +0 -1
- data/src/core/client_channel/client_channel.cc +10 -7
- data/src/core/client_channel/client_channel.h +1 -1
- data/src/core/client_channel/client_channel_filter.cc +21 -18
- data/src/core/client_channel/client_channel_filter.h +1 -1
- data/src/core/client_channel/client_channel_internal.h +0 -2
- data/src/core/client_channel/config_selector.h +0 -1
- data/src/core/client_channel/dynamic_filters.cc +0 -2
- data/src/core/client_channel/local_subchannel_pool.cc +0 -2
- data/src/core/client_channel/retry_filter.h +0 -1
- data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
- data/src/core/client_channel/subchannel.cc +21 -27
- data/src/core/client_channel/subchannel_stream_client.cc +1 -1
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
- data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
- data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
- data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
- data/src/core/handshaker/handshaker.cc +21 -29
- data/src/core/handshaker/security/secure_endpoint.cc +3 -3
- data/src/core/handshaker/security/security_handshaker.cc +60 -72
- data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
- data/src/core/lib/backoff/backoff.cc +7 -10
- data/src/core/lib/backoff/backoff.h +4 -6
- data/src/core/lib/channel/channel_stack.cc +0 -1
- data/src/core/lib/channel/channel_stack.h +0 -1
- data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
- data/src/core/lib/channel/connected_channel.cc +0 -1
- data/src/core/lib/channel/promise_based_filter.cc +146 -194
- data/src/core/lib/channel/promise_based_filter.h +1 -1
- data/src/core/lib/compression/compression_internal.cc +0 -1
- data/src/core/lib/config/config_vars.cc +11 -1
- data/src/core/lib/config/config_vars.h +8 -0
- data/src/core/lib/config/core_configuration.cc +0 -1
- data/src/core/lib/config/core_configuration.h +0 -1
- data/src/core/lib/debug/event_log.cc +0 -1
- data/src/core/lib/debug/trace_flags.cc +4 -18
- data/src/core/lib/debug/trace_flags.h +2 -5
- data/src/core/lib/debug/trace_impl.h +6 -0
- data/src/core/lib/event_engine/ares_resolver.cc +89 -56
- data/src/core/lib/event_engine/ares_resolver.h +0 -9
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
- data/src/core/lib/event_engine/forkable.cc +0 -1
- data/src/core/lib/event_engine/forkable.h +0 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
- data/src/core/lib/event_engine/resolved_address.cc +0 -1
- data/src/core/lib/event_engine/slice.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
- data/src/core/lib/experiments/config.cc +12 -10
- data/src/core/lib/experiments/experiments.cc +45 -66
- data/src/core/lib/experiments/experiments.h +22 -27
- data/src/core/lib/gprpp/chunked_vector.h +0 -1
- data/src/core/lib/gprpp/down_cast.h +0 -1
- data/src/core/lib/gprpp/host_port.cc +0 -1
- data/src/core/lib/gprpp/load_file.cc +0 -1
- data/src/core/lib/gprpp/mpscq.h +0 -1
- data/src/core/lib/gprpp/single_set_ptr.h +0 -1
- data/src/core/lib/gprpp/status_helper.cc +0 -1
- data/src/core/lib/gprpp/sync.h +0 -1
- data/src/core/lib/gprpp/table.h +28 -0
- data/src/core/lib/gprpp/thd.h +0 -1
- data/src/core/lib/gprpp/time.h +0 -1
- data/src/core/lib/gprpp/time_util.cc +0 -1
- data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
- data/src/core/lib/gprpp/windows/thd.cc +0 -1
- data/src/core/lib/gprpp/work_serializer.cc +23 -34
- data/src/core/lib/iomgr/buffer_list.cc +0 -1
- data/src/core/lib/iomgr/call_combiner.h +6 -8
- data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
- data/src/core/lib/iomgr/closure.h +5 -8
- data/src/core/lib/iomgr/combiner.cc +6 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +13 -18
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
- data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
- data/src/core/lib/iomgr/ev_posix.cc +55 -44
- data/src/core/lib/iomgr/ev_posix.h +0 -5
- data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.cc +6 -9
- data/src/core/lib/iomgr/exec_ctx.h +26 -16
- data/src/core/lib/iomgr/executor.cc +43 -33
- data/src/core/lib/iomgr/fork_windows.cc +0 -1
- data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
- data/src/core/lib/iomgr/iocp_windows.cc +0 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
- data/src/core/lib/iomgr/lockfree_event.cc +7 -11
- data/src/core/lib/iomgr/polling_entity.cc +10 -3
- data/src/core/lib/iomgr/pollset_windows.cc +0 -2
- data/src/core/lib/iomgr/resolve_address.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_mutator.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
- data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
- data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
- data/src/core/lib/iomgr/tcp_posix.cc +32 -68
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
- data/src/core/lib/iomgr/tcp_windows.cc +4 -12
- data/src/core/lib/iomgr/timer_generic.cc +46 -65
- data/src/core/lib/iomgr/timer_manager.cc +4 -5
- data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
- data/src/core/lib/iomgr/vsock.cc +0 -1
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
- data/src/core/lib/promise/activity.h +0 -1
- data/src/core/lib/promise/context.h +0 -1
- data/src/core/lib/promise/detail/join_state.h +44 -44
- data/src/core/lib/promise/detail/seq_state.h +1101 -1356
- data/src/core/lib/promise/for_each.h +8 -15
- data/src/core/lib/promise/interceptor_list.h +17 -27
- data/src/core/lib/promise/latch.h +16 -24
- data/src/core/lib/promise/map.h +1 -1
- data/src/core/lib/promise/party.cc +238 -114
- data/src/core/lib/promise/party.h +105 -308
- data/src/core/lib/promise/pipe.h +3 -4
- data/src/core/lib/promise/poll.h +0 -1
- data/src/core/lib/promise/status_flag.h +0 -1
- data/src/core/lib/resource_quota/connection_quota.cc +0 -1
- data/src/core/lib/resource_quota/memory_quota.cc +11 -19
- data/src/core/lib/resource_quota/memory_quota.h +2 -4
- data/src/core/lib/resource_quota/periodic_update.cc +2 -3
- data/src/core/lib/resource_quota/thread_quota.cc +0 -1
- data/src/core/lib/security/authorization/audit_logging.cc +0 -1
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
- data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
- data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.h +1 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
- data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
- data/src/core/lib/slice/percent_encoding.cc +0 -1
- data/src/core/lib/slice/slice.cc +0 -1
- data/src/core/lib/slice/slice.h +0 -1
- data/src/core/lib/slice/slice_buffer.cc +0 -1
- data/src/core/lib/slice/slice_internal.h +0 -1
- data/src/core/lib/slice/slice_refcount.h +6 -8
- data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
- data/src/core/lib/surface/call.cc +3 -5
- data/src/core/lib/surface/call_utils.h +0 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel_create.cc +0 -1
- data/src/core/lib/surface/channel_init.h +0 -1
- data/src/core/lib/surface/client_call.cc +0 -1
- data/src/core/lib/surface/client_call.h +0 -1
- data/src/core/lib/surface/completion_queue.cc +28 -4
- data/src/core/lib/surface/completion_queue_factory.cc +0 -1
- data/src/core/lib/surface/filter_stack_call.cc +9 -9
- data/src/core/lib/surface/filter_stack_call.h +0 -1
- data/src/core/lib/surface/lame_client.cc +0 -1
- data/src/core/lib/surface/server_call.cc +0 -1
- data/src/core/lib/surface/server_call.h +0 -1
- data/src/core/lib/surface/validate_metadata.h +0 -1
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +9 -12
- data/src/core/lib/transport/bdp_estimator.h +6 -8
- data/src/core/lib/transport/call_arena_allocator.cc +2 -16
- data/src/core/lib/transport/call_arena_allocator.h +20 -5
- data/src/core/lib/transport/call_filters.cc +6 -9
- data/src/core/lib/transport/call_spine.h +24 -13
- data/src/core/lib/transport/connectivity_state.cc +34 -42
- data/src/core/lib/transport/metadata_batch.h +41 -1
- data/src/core/lib/transport/timeout_encoding.cc +0 -1
- data/src/core/lib/transport/transport.h +6 -8
- data/src/core/lib/transport/transport_op_string.cc +0 -1
- data/src/core/lib/uri/uri_parser.cc +0 -1
- data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
- data/src/core/load_balancing/health_check_client.cc +31 -42
- data/src/core/load_balancing/oob_backend_metric.cc +2 -4
- data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
- data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
- data/src/core/load_balancing/priority/priority.cc +77 -106
- data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
- data/src/core/load_balancing/rls/rls.cc +142 -187
- data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
- data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
- data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
- data/src/core/load_balancing/xds/cds.cc +26 -43
- data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
- data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
- data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
- data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
- data/src/core/resolver/binder/binder_resolver.cc +0 -2
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
- data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
- data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
- data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
- data/src/core/resolver/endpoint_addresses.cc +0 -1
- data/src/core/resolver/fake/fake_resolver.cc +0 -1
- data/src/core/resolver/polling_resolver.cc +6 -15
- data/src/core/resolver/polling_resolver.h +1 -1
- data/src/core/resolver/xds/xds_config.cc +96 -0
- data/src/core/resolver/xds/xds_config.h +109 -0
- data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
- data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
- data/src/core/resolver/xds/xds_resolver.cc +51 -55
- data/src/core/server/server.cc +2 -2
- data/src/core/server/server_config_selector_filter.cc +0 -1
- data/src/core/server/xds_server_config_fetcher.cc +4 -6
- data/src/core/service_config/service_config_call_data.h +2 -3
- data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
- data/src/core/service_config/service_config_impl.h +0 -1
- data/src/core/telemetry/call_tracer.cc +0 -1
- data/src/core/telemetry/metrics.h +0 -1
- data/src/core/telemetry/stats_data.cc +67 -0
- data/src/core/telemetry/stats_data.h +48 -0
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
- data/src/core/tsi/fake_transport_security.cc +6 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
- data/src/core/util/alloc.cc +0 -1
- data/src/core/util/gcp_metadata_query.cc +0 -1
- data/src/core/util/http_client/httpcli.cc +12 -15
- data/src/core/util/http_client/httpcli.h +16 -11
- data/src/core/util/http_client/parser.cc +3 -4
- data/src/core/util/json/json_reader.cc +0 -1
- data/src/core/util/latent_see.cc +29 -9
- data/src/core/util/latent_see.h +122 -27
- data/src/core/util/log.cc +36 -55
- data/src/core/util/lru_cache.h +104 -0
- data/src/core/util/msys/tmpfile.cc +0 -1
- data/src/core/util/posix/sync.cc +0 -1
- data/src/core/util/posix/time.cc +0 -1
- data/src/core/util/ring_buffer.h +123 -0
- data/src/core/util/spinlock.h +1 -2
- data/src/core/util/string.cc +7 -7
- data/src/core/util/sync.cc +0 -1
- data/src/core/util/sync_abseil.cc +0 -1
- data/src/core/util/time.cc +0 -1
- data/src/core/util/unique_ptr_with_bitset.h +86 -0
- data/src/core/util/useful.h +0 -24
- data/src/core/util/windows/cpu.cc +0 -1
- data/src/core/util/windows/sync.cc +0 -1
- data/src/core/util/windows/time.cc +0 -1
- data/src/core/util/windows/tmpfile.cc +0 -1
- data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
- data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
- data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
- data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
- data/src/core/xds/grpc/xds_cluster.cc +2 -8
- data/src/core/xds/grpc/xds_cluster.h +4 -4
- data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
- data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
- data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
- data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
- data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
- data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
- data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_filter.h +11 -1
- data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
- data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
- data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
- data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
- data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
- data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
- data/src/core/xds/grpc/xds_metadata.cc +62 -0
- data/src/core/xds/grpc/xds_metadata.h +127 -0
- data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
- data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
- data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
- data/src/core/xds/grpc/xds_routing.cc +57 -22
- data/src/core/xds/grpc/xds_routing.h +10 -2
- data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
- data/src/core/xds/xds_client/xds_client.cc +124 -165
- data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
- data/src/ruby/ext/grpc/rb_channel.c +22 -16
- data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc.c +9 -8
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
- data/src/ruby/ext/grpc/rb_server.c +10 -8
- data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/call_spec.rb +53 -40
- data/src/ruby/spec/channel_spec.rb +4 -2
- data/src/ruby/spec/client_server_spec.rb +148 -507
- data/src/ruby/spec/generic/active_call_spec.rb +64 -86
- data/src/ruby/spec/support/services.rb +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
- metadata +113 -87
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
- data/src/core/util/android/log.cc +0 -48
- data/src/core/util/linux/log.cc +0 -69
- data/src/core/util/posix/log.cc +0 -69
- data/src/core/util/windows/log.cc +0 -73
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
@@ -57,7 +57,7 @@
|
|
57
57
|
/* This file is generated by crypto/obj/objects.go. */
|
58
58
|
|
59
59
|
|
60
|
-
#define NUM_NID
|
60
|
+
#define NUM_NID 966
|
61
61
|
|
62
62
|
static const uint8_t kObjectData[] = {
|
63
63
|
/* NID_rsadsi */
|
@@ -8783,6 +8783,7 @@ static const ASN1_OBJECT kObjects[NUM_NID] = {
|
|
8783
8783
|
{"HKDF", "hkdf", NID_hkdf, 0, NULL, 0},
|
8784
8784
|
{"X25519Kyber768Draft00", "X25519Kyber768Draft00",
|
8785
8785
|
NID_X25519Kyber768Draft00, 0, NULL, 0},
|
8786
|
+
{"X25519MLKEM768", "X25519MLKEM768", NID_X25519MLKEM768, 0, NULL, 0},
|
8786
8787
|
};
|
8787
8788
|
|
8788
8789
|
static const uint16_t kNIDsInShortNameOrder[] = {
|
@@ -8981,6 +8982,7 @@ static const uint16_t kNIDsInShortNameOrder[] = {
|
|
8981
8982
|
458 /* UID */,
|
8982
8983
|
948 /* X25519 */,
|
8983
8984
|
964 /* X25519Kyber768Draft00 */,
|
8985
|
+
965 /* X25519MLKEM768 */,
|
8984
8986
|
961 /* X448 */,
|
8985
8987
|
11 /* X500 */,
|
8986
8988
|
378 /* X500algorithms */,
|
@@ -9852,6 +9854,7 @@ static const uint16_t kNIDsInLongNameOrder[] = {
|
|
9852
9854
|
375 /* Trust Root */,
|
9853
9855
|
948 /* X25519 */,
|
9854
9856
|
964 /* X25519Kyber768Draft00 */,
|
9857
|
+
965 /* X25519MLKEM768 */,
|
9855
9858
|
961 /* X448 */,
|
9856
9859
|
12 /* X509 */,
|
9857
9860
|
402 /* X509v3 AC Targeting */,
|
@@ -312,12 +312,11 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
|
|
312
312
|
const unsigned iv_len = EVP_CIPHER_iv_length(enc);
|
313
313
|
|
314
314
|
if (pass == NULL) {
|
315
|
-
pass_len = 0;
|
316
315
|
if (!callback) {
|
317
316
|
callback = PEM_def_callback;
|
318
317
|
}
|
319
318
|
pass_len = (*callback)(buf, PEM_BUFSIZE, 1, u);
|
320
|
-
if (pass_len
|
319
|
+
if (pass_len < 0) {
|
321
320
|
OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);
|
322
321
|
goto err;
|
323
322
|
}
|
@@ -393,7 +392,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
|
393
392
|
callback = PEM_def_callback;
|
394
393
|
}
|
395
394
|
pass_len = callback(buf, PEM_BUFSIZE, 0, u);
|
396
|
-
if (pass_len
|
395
|
+
if (pass_len < 0) {
|
397
396
|
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
|
398
397
|
return 0;
|
399
398
|
}
|
@@ -779,11 +778,11 @@ err:
|
|
779
778
|
|
780
779
|
int PEM_def_callback(char *buf, int size, int rwflag, void *userdata) {
|
781
780
|
if (!buf || !userdata || size < 0) {
|
782
|
-
return
|
781
|
+
return -1;
|
783
782
|
}
|
784
783
|
size_t len = strlen((char *)userdata);
|
785
784
|
if (len >= (size_t)size) {
|
786
|
-
return
|
785
|
+
return -1;
|
787
786
|
}
|
788
787
|
OPENSSL_strlcpy(buf, userdata, (size_t)size);
|
789
788
|
return (int)len;
|
@@ -113,12 +113,11 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid,
|
|
113
113
|
}
|
114
114
|
if (enc || (nid != -1)) {
|
115
115
|
if (!pass) {
|
116
|
-
pass_len = 0;
|
117
116
|
if (!cb) {
|
118
117
|
cb = PEM_def_callback;
|
119
118
|
}
|
120
119
|
pass_len = cb(buf, PEM_BUFSIZE, 1, u);
|
121
|
-
if (pass_len
|
120
|
+
if (pass_len < 0) {
|
122
121
|
OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);
|
123
122
|
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
124
123
|
return 0;
|
@@ -166,7 +165,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
|
|
166
165
|
cb = PEM_def_callback;
|
167
166
|
}
|
168
167
|
pass_len = cb(psbuf, PEM_BUFSIZE, 0, u);
|
169
|
-
if (pass_len
|
168
|
+
if (pass_len < 0) {
|
170
169
|
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
|
171
170
|
X509_SIG_free(p8);
|
172
171
|
return NULL;
|
@@ -110,7 +110,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
|
|
110
110
|
cb = PEM_def_callback;
|
111
111
|
}
|
112
112
|
pass_len = cb(psbuf, PEM_BUFSIZE, 0, u);
|
113
|
-
if (pass_len
|
113
|
+
if (pass_len < 0) {
|
114
114
|
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
|
115
115
|
X509_SIG_free(p8);
|
116
116
|
goto err;
|
@@ -14,7 +14,8 @@
|
|
14
14
|
|
15
15
|
#include <openssl/rand.h>
|
16
16
|
|
17
|
-
#include "../
|
17
|
+
#include "../bcm_support.h"
|
18
|
+
#include "sysrand_internal.h"
|
18
19
|
|
19
20
|
#if defined(OPENSSL_RAND_DETERMINISTIC)
|
20
21
|
|
@@ -35,6 +36,8 @@ static CRYPTO_MUTEX g_num_calls_lock = CRYPTO_MUTEX_INIT;
|
|
35
36
|
|
36
37
|
void RAND_reset_for_fuzzing(void) { g_num_calls = 0; }
|
37
38
|
|
39
|
+
void CRYPTO_init_sysrand(void) {}
|
40
|
+
|
38
41
|
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
39
42
|
static const uint8_t kZeroKey[32];
|
40
43
|
|
@@ -50,6 +53,11 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
|
50
53
|
CRYPTO_chacha_20(out, out, requested, kZeroKey, nonce, 0);
|
51
54
|
}
|
52
55
|
|
56
|
+
int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
|
57
|
+
CRYPTO_sysrand(buf, len);
|
58
|
+
return 1;
|
59
|
+
}
|
60
|
+
|
53
61
|
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
54
62
|
CRYPTO_sysrand(out, requested);
|
55
63
|
}
|
data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c
RENAMED
@@ -16,8 +16,7 @@
|
|
16
16
|
#define _GNU_SOURCE // needed for madvise() and MAP_ANONYMOUS on Linux.
|
17
17
|
#endif
|
18
18
|
|
19
|
-
#include
|
20
|
-
#include "fork_detect.h"
|
19
|
+
#include "../bcm_support.h"
|
21
20
|
|
22
21
|
#if defined(OPENSSL_FORK_DETECTION_MADVISE)
|
23
22
|
#include <unistd.h>
|
@@ -35,19 +34,18 @@ static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
|
|
35
34
|
#include <pthread.h>
|
36
35
|
#endif // OPENSSL_FORK_DETECTION_MADVISE
|
37
36
|
|
38
|
-
#include "../
|
39
|
-
#include "../../internal.h"
|
37
|
+
#include "../internal.h"
|
40
38
|
|
41
39
|
#if defined(OPENSSL_FORK_DETECTION_MADVISE)
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
40
|
+
static int g_force_madv_wipeonfork;
|
41
|
+
static int g_force_madv_wipeonfork_enabled;
|
42
|
+
static CRYPTO_once_t g_fork_detect_once = CRYPTO_ONCE_INIT;
|
43
|
+
static CRYPTO_MUTEX g_fork_detect_lock = CRYPTO_MUTEX_INIT;
|
44
|
+
static CRYPTO_atomic_u32 * g_fork_detect_addr;
|
45
|
+
static uint64_t g_fork_generation;
|
48
46
|
|
49
47
|
static void init_fork_detect(void) {
|
50
|
-
if (
|
48
|
+
if (g_force_madv_wipeonfork) {
|
51
49
|
return;
|
52
50
|
}
|
53
51
|
|
@@ -74,13 +72,13 @@ static void init_fork_detect(void) {
|
|
74
72
|
}
|
75
73
|
|
76
74
|
CRYPTO_atomic_store_u32(addr, 1);
|
77
|
-
|
78
|
-
|
75
|
+
g_fork_detect_addr = addr;
|
76
|
+
g_fork_generation = 1;
|
79
77
|
|
80
78
|
}
|
81
79
|
|
82
80
|
uint64_t CRYPTO_get_fork_generation(void) {
|
83
|
-
CRYPTO_once(
|
81
|
+
CRYPTO_once(&g_fork_detect_once, init_fork_detect);
|
84
82
|
|
85
83
|
// In a single-threaded process, there are obviously no races because there's
|
86
84
|
// only a single mutator in the address space.
|
@@ -93,12 +91,12 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
93
91
|
// child process is single-threaded, the child may become multi-threaded
|
94
92
|
// before it observes this. Therefore, we must synchronize the logic below.
|
95
93
|
|
96
|
-
CRYPTO_atomic_u32 *const flag_ptr =
|
94
|
+
CRYPTO_atomic_u32 *const flag_ptr = g_fork_detect_addr;
|
97
95
|
if (flag_ptr == NULL) {
|
98
96
|
// Our kernel is too old to support |MADV_WIPEONFORK| or
|
99
97
|
// |g_force_madv_wipeonfork| is set.
|
100
|
-
if (
|
101
|
-
|
98
|
+
if (g_force_madv_wipeonfork &&
|
99
|
+
g_force_madv_wipeonfork_enabled) {
|
102
100
|
// A constant generation number to simulate support, even if the kernel
|
103
101
|
// doesn't support it.
|
104
102
|
return 42;
|
@@ -114,7 +112,7 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
114
112
|
|
115
113
|
// In the common case, try to observe the flag without taking a lock. This
|
116
114
|
// avoids cacheline contention in the PRNG.
|
117
|
-
uint64_t *const generation_ptr =
|
115
|
+
uint64_t *const generation_ptr = &g_fork_generation;
|
118
116
|
if (CRYPTO_atomic_load_u32(flag_ptr) != 0) {
|
119
117
|
// If we observe a non-zero flag, it is safe to read |generation_ptr|
|
120
118
|
// without a lock. The flag and generation number are fixed for this copy of
|
@@ -125,7 +123,7 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
125
123
|
// The flag was zero. The generation number must be incremented, but other
|
126
124
|
// threads may have concurrently observed the zero, so take a lock before
|
127
125
|
// incrementing.
|
128
|
-
CRYPTO_MUTEX *const lock =
|
126
|
+
CRYPTO_MUTEX *const lock = &g_fork_detect_lock;
|
129
127
|
CRYPTO_MUTEX_lock_write(lock);
|
130
128
|
uint64_t current_generation = *generation_ptr;
|
131
129
|
if (CRYPTO_atomic_load_u32(flag_ptr) == 0) {
|
@@ -147,35 +145,35 @@ uint64_t CRYPTO_get_fork_generation(void) {
|
|
147
145
|
}
|
148
146
|
|
149
147
|
void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(int on) {
|
150
|
-
|
151
|
-
|
148
|
+
g_force_madv_wipeonfork = 1;
|
149
|
+
g_force_madv_wipeonfork_enabled = on;
|
152
150
|
}
|
153
151
|
|
154
152
|
#elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
|
155
153
|
|
156
|
-
|
157
|
-
|
154
|
+
static CRYPTO_once_t g_pthread_fork_detection_once = CRYPTO_ONCE_INIT;
|
155
|
+
static uint64_t g_atfork_fork_generation;
|
158
156
|
|
159
157
|
static void we_are_forked(void) {
|
160
158
|
// Immediately after a fork, the process must be single-threaded.
|
161
|
-
uint64_t value =
|
159
|
+
uint64_t value = g_atfork_fork_generation + 1;
|
162
160
|
if (value == 0) {
|
163
161
|
value = 1;
|
164
162
|
}
|
165
|
-
|
163
|
+
g_atfork_fork_generation = value;
|
166
164
|
}
|
167
165
|
|
168
166
|
static void init_pthread_fork_detection(void) {
|
169
167
|
if (pthread_atfork(NULL, NULL, we_are_forked) != 0) {
|
170
168
|
abort();
|
171
169
|
}
|
172
|
-
|
170
|
+
g_atfork_fork_generation = 1;
|
173
171
|
}
|
174
172
|
|
175
173
|
uint64_t CRYPTO_get_fork_generation(void) {
|
176
|
-
CRYPTO_once(
|
174
|
+
CRYPTO_once(&g_pthread_fork_detection_once, init_pthread_fork_detection);
|
177
175
|
|
178
|
-
return
|
176
|
+
return g_atfork_fork_generation;
|
179
177
|
}
|
180
178
|
|
181
179
|
#elif defined(OPENSSL_DOES_NOT_FORK)
|
@@ -18,7 +18,8 @@
|
|
18
18
|
|
19
19
|
#include <openssl/rand.h>
|
20
20
|
|
21
|
-
#include "../
|
21
|
+
#include "../bcm_support.h"
|
22
|
+
#include "sysrand_internal.h"
|
22
23
|
|
23
24
|
#if defined(OPENSSL_RAND_GETENTROPY)
|
24
25
|
|
@@ -30,6 +31,8 @@
|
|
30
31
|
#include <sys/random.h>
|
31
32
|
#endif
|
32
33
|
|
34
|
+
void CRYPTO_init_sysrand(void) {}
|
35
|
+
|
33
36
|
// CRYPTO_sysrand puts |requested| random bytes into |out|.
|
34
37
|
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
35
38
|
while (requested > 0) {
|
@@ -45,6 +48,11 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
|
45
48
|
}
|
46
49
|
}
|
47
50
|
|
51
|
+
int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
|
52
|
+
CRYPTO_sysrand(buf, len);
|
53
|
+
return 1;
|
54
|
+
}
|
55
|
+
|
48
56
|
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
49
57
|
CRYPTO_sysrand(out, requested);
|
50
58
|
}
|
@@ -14,19 +14,27 @@
|
|
14
14
|
|
15
15
|
#include <openssl/rand.h>
|
16
16
|
|
17
|
-
#include "../
|
17
|
+
#include "../bcm_support.h"
|
18
|
+
#include "sysrand_internal.h"
|
18
19
|
|
19
20
|
#if defined(OPENSSL_RAND_IOS)
|
20
21
|
#include <stdlib.h>
|
21
22
|
|
22
23
|
#include <CommonCrypto/CommonRandom.h>
|
23
24
|
|
25
|
+
void CRYPTO_init_sysrand(void) {}
|
26
|
+
|
24
27
|
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
25
28
|
if (CCRandomGenerateBytes(out, requested) != kCCSuccess) {
|
26
29
|
abort();
|
27
30
|
}
|
28
31
|
}
|
29
32
|
|
33
|
+
int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
|
34
|
+
CRYPTO_sysrand(buf, len);
|
35
|
+
return 1;
|
36
|
+
}
|
37
|
+
|
30
38
|
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
31
39
|
CRYPTO_sysrand(out, requested);
|
32
40
|
}
|
@@ -14,11 +14,27 @@
|
|
14
14
|
|
15
15
|
#include <openssl/ctrdrbg.h>
|
16
16
|
|
17
|
-
#include "../fipsmodule/
|
17
|
+
#include "../fipsmodule/bcm_interface.h"
|
18
|
+
#include "../bcm_support.h"
|
18
19
|
#include "../internal.h"
|
19
20
|
|
20
21
|
#if defined(BORINGSSL_FIPS)
|
21
22
|
|
23
|
+
// passive_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable
|
24
|
+
// for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
|
25
|
+
// entropy came directly from the CPU and zero if it came from the OS. It
|
26
|
+
// actively obtains entropy from the CPU/OS
|
27
|
+
static void passive_get_seed_entropy(uint8_t *out_entropy,
|
28
|
+
size_t out_entropy_len,
|
29
|
+
int *out_want_additional_input) {
|
30
|
+
*out_want_additional_input = 0;
|
31
|
+
if (bcm_success(BCM_rand_bytes_hwrng(out_entropy, out_entropy_len))) {
|
32
|
+
*out_want_additional_input = 1;
|
33
|
+
} else {
|
34
|
+
CRYPTO_sysrand_for_seed(out_entropy, out_entropy_len);
|
35
|
+
}
|
36
|
+
}
|
37
|
+
|
22
38
|
#define ENTROPY_READ_LEN \
|
23
39
|
(/* last_block size */ 16 + CTR_DRBG_ENTROPY_LEN * BORINGSSL_FIPS_OVERREAD)
|
24
40
|
|
@@ -143,7 +159,7 @@ void RAND_need_entropy(size_t bytes_needed) {
|
|
143
159
|
if (get_seed_from_daemon(buf, todo)) {
|
144
160
|
want_additional_input = 1;
|
145
161
|
} else {
|
146
|
-
|
162
|
+
passive_get_seed_entropy(buf, todo, &want_additional_input);
|
147
163
|
}
|
148
164
|
|
149
165
|
if (boringssl_fips_break_test("CRNG")) {
|
@@ -152,7 +168,7 @@ void RAND_need_entropy(size_t bytes_needed) {
|
|
152
168
|
OPENSSL_memset(buf, 0, todo);
|
153
169
|
}
|
154
170
|
|
155
|
-
|
171
|
+
BCM_rand_load_entropy(buf, todo, want_additional_input);
|
156
172
|
}
|
157
173
|
|
158
174
|
#endif // FIPS
|
@@ -12,11 +12,21 @@
|
|
12
12
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
13
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
14
|
|
15
|
+
#include <limits.h>
|
16
|
+
|
15
17
|
#include <openssl/rand.h>
|
16
18
|
|
17
|
-
#include
|
19
|
+
#include "../bcm_support.h"
|
20
|
+
#include "../fipsmodule/bcm_interface.h"
|
18
21
|
|
19
22
|
|
23
|
+
int RAND_bytes(uint8_t *buf, size_t len) {
|
24
|
+
BCM_rand_bytes(buf, len);
|
25
|
+
return 1;
|
26
|
+
}
|
27
|
+
|
28
|
+
int RAND_pseudo_bytes(uint8_t *buf, size_t len) { return RAND_bytes(buf, len); }
|
29
|
+
|
20
30
|
void RAND_seed(const void *buf, int num) {
|
21
31
|
// OpenSSH calls |RAND_seed| before jailing on the assumption that any needed
|
22
32
|
// file descriptors etc will be opened.
|
@@ -28,7 +38,7 @@ int RAND_load_file(const char *path, long num) {
|
|
28
38
|
if (num < 0) { // read the "whole file"
|
29
39
|
return 1;
|
30
40
|
} else if (num <= INT_MAX) {
|
31
|
-
return (int)
|
41
|
+
return (int)num;
|
32
42
|
} else {
|
33
43
|
return INT_MAX;
|
34
44
|
}
|
@@ -38,37 +48,30 @@ const char *RAND_file_name(char *buf, size_t num) { return NULL; }
|
|
38
48
|
|
39
49
|
void RAND_add(const void *buf, int num, double entropy) {}
|
40
50
|
|
41
|
-
int RAND_egd(const char *path) {
|
42
|
-
return 255;
|
43
|
-
}
|
51
|
+
int RAND_egd(const char *path) { return 255; }
|
44
52
|
|
45
|
-
int RAND_poll(void) {
|
46
|
-
return 1;
|
47
|
-
}
|
53
|
+
int RAND_poll(void) { return 1; }
|
48
54
|
|
49
|
-
int RAND_status(void) {
|
50
|
-
return 1;
|
51
|
-
}
|
55
|
+
int RAND_status(void) { return 1; }
|
52
56
|
|
53
57
|
static const struct rand_meth_st kSSLeayMethod = {
|
54
|
-
|
55
|
-
|
56
|
-
RAND_cleanup,
|
57
|
-
RAND_add,
|
58
|
-
RAND_pseudo_bytes,
|
59
|
-
RAND_status,
|
58
|
+
RAND_seed, RAND_bytes, RAND_cleanup,
|
59
|
+
RAND_add, RAND_pseudo_bytes, RAND_status,
|
60
60
|
};
|
61
61
|
|
62
|
-
RAND_METHOD *RAND_SSLeay(void) {
|
63
|
-
return (RAND_METHOD*) &kSSLeayMethod;
|
64
|
-
}
|
62
|
+
RAND_METHOD *RAND_SSLeay(void) { return (RAND_METHOD *)&kSSLeayMethod; }
|
65
63
|
|
66
|
-
RAND_METHOD *RAND_OpenSSL(void) {
|
67
|
-
return RAND_SSLeay();
|
68
|
-
}
|
64
|
+
RAND_METHOD *RAND_OpenSSL(void) { return RAND_SSLeay(); }
|
69
65
|
|
70
66
|
const RAND_METHOD *RAND_get_rand_method(void) { return RAND_SSLeay(); }
|
71
67
|
|
72
68
|
int RAND_set_rand_method(const RAND_METHOD *method) { return 1; }
|
73
69
|
|
74
70
|
void RAND_cleanup(void) {}
|
71
|
+
|
72
|
+
void RAND_get_system_entropy_for_custom_prng(uint8_t *buf, size_t len) {
|
73
|
+
if (len > 256) {
|
74
|
+
abort();
|
75
|
+
}
|
76
|
+
CRYPTO_sysrand_for_seed(buf, len);
|
77
|
+
}
|
@@ -0,0 +1,37 @@
|
|
1
|
+
/* Copyright (c) 2024, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_SYSRAND_INTERNAL_H
|
17
|
+
|
18
|
+
#include <openssl/base.h>
|
19
|
+
|
20
|
+
#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
21
|
+
#define OPENSSL_RAND_DETERMINISTIC
|
22
|
+
#elif defined(OPENSSL_TRUSTY)
|
23
|
+
#define OPENSSL_RAND_TRUSTY
|
24
|
+
#elif defined(OPENSSL_WINDOWS)
|
25
|
+
#define OPENSSL_RAND_WINDOWS
|
26
|
+
#elif defined(OPENSSL_LINUX)
|
27
|
+
#define OPENSSL_RAND_URANDOM
|
28
|
+
#elif defined(OPENSSL_APPLE) && !defined(OPENSSL_MACOS)
|
29
|
+
// Unlike macOS, iOS and similar hide away getentropy().
|
30
|
+
#define OPENSSL_RAND_IOS
|
31
|
+
#else
|
32
|
+
// By default if you are integrating BoringSSL we expect you to
|
33
|
+
// provide getentropy from the <unistd.h> header file.
|
34
|
+
#define OPENSSL_RAND_GETENTROPY
|
35
|
+
#endif
|
36
|
+
|
37
|
+
#endif // OPENSSL_HEADER_CRYPTO__SYSRAND_INTERNAL_H
|
@@ -14,7 +14,8 @@
|
|
14
14
|
|
15
15
|
#include <openssl/rand.h>
|
16
16
|
|
17
|
-
#include "../
|
17
|
+
#include "../bcm_support.h"
|
18
|
+
#include "sysrand_internal.h"
|
18
19
|
|
19
20
|
#if defined(OPENSSL_RAND_TRUSTY)
|
20
21
|
#include <stdint.h>
|
@@ -25,12 +26,19 @@
|
|
25
26
|
|
26
27
|
#include <lib/rng/trusty_rng.h>
|
27
28
|
|
29
|
+
void CRYPTO_init_sysrand(void) {}
|
30
|
+
|
28
31
|
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
|
29
32
|
if (trusty_rng_hw_rand(out, requested) != NO_ERROR) {
|
30
33
|
abort();
|
31
34
|
}
|
32
35
|
}
|
33
36
|
|
37
|
+
int CRYPTO_sysrand_if_available(uint8_t *buf, size_t len) {
|
38
|
+
CRYPTO_sysrand(buf, len);
|
39
|
+
return 1;
|
40
|
+
}
|
41
|
+
|
34
42
|
void CRYPTO_sysrand_for_seed(uint8_t *out, size_t requested) {
|
35
43
|
CRYPTO_sysrand(out, requested);
|
36
44
|
}
|
@@ -18,7 +18,8 @@
|
|
18
18
|
|
19
19
|
#include <openssl/rand.h>
|
20
20
|
|
21
|
-
#include "
|
21
|
+
#include "../bcm_support.h"
|
22
|
+
#include "sysrand_internal.h"
|
22
23
|
|
23
24
|
#if defined(OPENSSL_RAND_URANDOM)
|
24
25
|
|
@@ -62,8 +63,7 @@
|
|
62
63
|
#include <openssl/mem.h>
|
63
64
|
|
64
65
|
#include "getrandom_fillin.h"
|
65
|
-
#include "../
|
66
|
-
#include "../../internal.h"
|
66
|
+
#include "../internal.h"
|
67
67
|
|
68
68
|
|
69
69
|
#if defined(USE_NR_getrandom)
|
@@ -96,17 +96,17 @@ static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) {
|
|
96
96
|
static const int kHaveGetrandom = -3;
|
97
97
|
|
98
98
|
// urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
|
99
|
-
|
99
|
+
static int urandom_fd;
|
100
100
|
|
101
101
|
#if defined(USE_NR_getrandom)
|
102
102
|
|
103
103
|
// getrandom_ready is one if |getrandom| had been initialized by the time
|
104
104
|
// |init_once| was called and zero otherwise.
|
105
|
-
|
105
|
+
static int getrandom_ready;
|
106
106
|
|
107
107
|
// extra_getrandom_flags_for_seed contains a value that is ORed into the flags
|
108
108
|
// for getrandom() when reading entropy for a seed.
|
109
|
-
|
109
|
+
static int extra_getrandom_flags_for_seed;
|
110
110
|
|
111
111
|
// On Android, check a system property to decide whether to set
|
112
112
|
// |extra_getrandom_flags_for_seed| otherwise they will default to zero. If
|
@@ -123,14 +123,14 @@ static void maybe_set_extra_getrandom_flags(void) {
|
|
123
123
|
|
124
124
|
value[length] = 0;
|
125
125
|
if (OPENSSL_strcasecmp(value, "true") == 0) {
|
126
|
-
|
126
|
+
extra_getrandom_flags_for_seed = GRND_RANDOM;
|
127
127
|
}
|
128
128
|
#endif
|
129
129
|
}
|
130
130
|
|
131
131
|
#endif // USE_NR_getrandom
|
132
132
|
|
133
|
-
|
133
|
+
static CRYPTO_once_t rand_once = CRYPTO_ONCE_INIT;
|
134
134
|
|
135
135
|
// init_once initializes the state of this module to values previously
|
136
136
|
// requested. This is the only function that modifies |urandom_fd|, which may be
|
@@ -142,7 +142,7 @@ static void init_once(void) {
|
|
142
142
|
ssize_t getrandom_ret =
|
143
143
|
boringssl_getrandom(&dummy, sizeof(dummy), GRND_NONBLOCK);
|
144
144
|
if (getrandom_ret == 1) {
|
145
|
-
|
145
|
+
getrandom_ready = 1;
|
146
146
|
have_getrandom = 1;
|
147
147
|
} else if (getrandom_ret == -1 && errno == EAGAIN) {
|
148
148
|
// We have getrandom, but the entropy pool has not been initialized yet.
|
@@ -157,7 +157,7 @@ static void init_once(void) {
|
|
157
157
|
}
|
158
158
|
|
159
159
|
if (have_getrandom) {
|
160
|
-
|
160
|
+
urandom_fd = kHaveGetrandom;
|
161
161
|
maybe_set_extra_getrandom_flags();
|
162
162
|
return;
|
163
163
|
}
|
@@ -185,19 +185,19 @@ static void init_once(void) {
|
|
185
185
|
abort();
|
186
186
|
}
|
187
187
|
|
188
|
-
|
188
|
+
urandom_fd = fd;
|
189
189
|
}
|
190
190
|
|
191
|
-
|
191
|
+
static CRYPTO_once_t wait_for_entropy_once = CRYPTO_ONCE_INIT;
|
192
192
|
|
193
193
|
static void wait_for_entropy(void) {
|
194
|
-
int fd =
|
194
|
+
int fd = urandom_fd;
|
195
195
|
if (fd == kHaveGetrandom) {
|
196
196
|
// |getrandom| and |getentropy| support blocking in |fill_with_entropy|
|
197
197
|
// directly. For |getrandom|, we first probe with a non-blocking call to aid
|
198
198
|
// debugging.
|
199
199
|
#if defined(USE_NR_getrandom)
|
200
|
-
if (
|
200
|
+
if (getrandom_ready) {
|
201
201
|
// The entropy pool was already initialized in |init_once|.
|
202
202
|
return;
|
203
203
|
}
|
@@ -256,13 +256,13 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
|
|
256
256
|
|
257
257
|
#if defined (USE_NR_getrandom)
|
258
258
|
if (seed) {
|
259
|
-
getrandom_flags |=
|
259
|
+
getrandom_flags |= extra_getrandom_flags_for_seed;
|
260
260
|
}
|
261
261
|
#endif
|
262
262
|
|
263
263
|
CRYPTO_init_sysrand();
|
264
264
|
if (block) {
|
265
|
-
CRYPTO_once(
|
265
|
+
CRYPTO_once(&wait_for_entropy_once, wait_for_entropy);
|
266
266
|
}
|
267
267
|
|
268
268
|
// Clear |errno| so it has defined value if |read| or |getrandom|
|
@@ -271,7 +271,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
|
|
271
271
|
while (len > 0) {
|
272
272
|
ssize_t r;
|
273
273
|
|
274
|
-
if (
|
274
|
+
if (urandom_fd == kHaveGetrandom) {
|
275
275
|
#if defined(USE_NR_getrandom)
|
276
276
|
r = boringssl_getrandom(out, len, getrandom_flags);
|
277
277
|
#else // USE_NR_getrandom
|
@@ -280,7 +280,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
|
|
280
280
|
#endif
|
281
281
|
} else {
|
282
282
|
do {
|
283
|
-
r = read(
|
283
|
+
r = read(urandom_fd, out, len);
|
284
284
|
} while (r == -1 && errno == EINTR);
|
285
285
|
}
|
286
286
|
|
@@ -295,7 +295,7 @@ static int fill_with_entropy(uint8_t *out, size_t len, int block, int seed) {
|
|
295
295
|
}
|
296
296
|
|
297
297
|
void CRYPTO_init_sysrand(void) {
|
298
|
-
CRYPTO_once(
|
298
|
+
CRYPTO_once(&rand_once, init_once);
|
299
299
|
}
|
300
300
|
|
301
301
|
// CRYPTO_sysrand puts |requested| random bytes into |out|.
|