grpc 1.66.0.pre5 → 1.67.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (547) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +19 -10
  3. data/include/grpc/credentials.h +1 -1
  4. data/include/grpc/event_engine/README.md +1 -1
  5. data/include/grpc/event_engine/internal/slice_cast.h +1 -1
  6. data/include/grpc/event_engine/slice.h +0 -1
  7. data/include/grpc/event_engine/slice_buffer.h +0 -1
  8. data/include/grpc/grpc_crl_provider.h +1 -1
  9. data/include/grpc/impl/channel_arg_names.h +1 -1
  10. data/include/grpc/support/log.h +34 -32
  11. data/include/grpc/support/sync_generic.h +2 -4
  12. data/src/core/channelz/channelz.cc +0 -1
  13. data/src/core/channelz/channelz_registry.cc +0 -1
  14. data/src/core/client_channel/client_channel.cc +10 -7
  15. data/src/core/client_channel/client_channel.h +1 -1
  16. data/src/core/client_channel/client_channel_filter.cc +21 -18
  17. data/src/core/client_channel/client_channel_filter.h +1 -1
  18. data/src/core/client_channel/client_channel_internal.h +0 -2
  19. data/src/core/client_channel/config_selector.h +0 -1
  20. data/src/core/client_channel/dynamic_filters.cc +0 -2
  21. data/src/core/client_channel/local_subchannel_pool.cc +0 -2
  22. data/src/core/client_channel/retry_filter.h +0 -1
  23. data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
  24. data/src/core/client_channel/subchannel.cc +21 -27
  25. data/src/core/client_channel/subchannel_stream_client.cc +1 -1
  26. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
  27. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
  28. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
  29. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
  30. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
  31. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
  32. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
  33. data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
  34. data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
  35. data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
  36. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
  37. data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
  38. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
  39. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
  40. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
  41. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
  42. data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
  43. data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
  44. data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
  45. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
  46. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
  47. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
  48. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
  49. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
  52. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
  53. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
  56. data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
  57. data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
  58. data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
  59. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
  60. data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
  61. data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
  62. data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
  63. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
  64. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
  65. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
  66. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
  67. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
  68. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
  69. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
  70. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
  71. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
  72. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
  73. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
  74. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
  75. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
  76. data/src/core/handshaker/handshaker.cc +21 -29
  77. data/src/core/handshaker/security/secure_endpoint.cc +3 -3
  78. data/src/core/handshaker/security/security_handshaker.cc +60 -72
  79. data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
  80. data/src/core/lib/backoff/backoff.cc +7 -10
  81. data/src/core/lib/backoff/backoff.h +4 -6
  82. data/src/core/lib/channel/channel_stack.cc +0 -1
  83. data/src/core/lib/channel/channel_stack.h +0 -1
  84. data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
  85. data/src/core/lib/channel/connected_channel.cc +0 -1
  86. data/src/core/lib/channel/promise_based_filter.cc +146 -194
  87. data/src/core/lib/channel/promise_based_filter.h +1 -1
  88. data/src/core/lib/compression/compression_internal.cc +0 -1
  89. data/src/core/lib/config/config_vars.cc +11 -1
  90. data/src/core/lib/config/config_vars.h +8 -0
  91. data/src/core/lib/config/core_configuration.cc +0 -1
  92. data/src/core/lib/config/core_configuration.h +0 -1
  93. data/src/core/lib/debug/event_log.cc +0 -1
  94. data/src/core/lib/debug/trace_flags.cc +4 -18
  95. data/src/core/lib/debug/trace_flags.h +2 -5
  96. data/src/core/lib/debug/trace_impl.h +6 -0
  97. data/src/core/lib/event_engine/ares_resolver.cc +89 -56
  98. data/src/core/lib/event_engine/ares_resolver.h +0 -9
  99. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
  100. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
  101. data/src/core/lib/event_engine/forkable.cc +0 -1
  102. data/src/core/lib/event_engine/forkable.h +0 -1
  103. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  104. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
  105. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
  106. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
  107. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
  108. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
  109. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
  110. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
  111. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
  112. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
  113. data/src/core/lib/event_engine/resolved_address.cc +0 -1
  114. data/src/core/lib/event_engine/slice.cc +0 -1
  115. data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
  116. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
  117. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
  118. data/src/core/lib/experiments/config.cc +12 -10
  119. data/src/core/lib/experiments/experiments.cc +45 -66
  120. data/src/core/lib/experiments/experiments.h +22 -27
  121. data/src/core/lib/gprpp/chunked_vector.h +0 -1
  122. data/src/core/lib/gprpp/down_cast.h +0 -1
  123. data/src/core/lib/gprpp/host_port.cc +0 -1
  124. data/src/core/lib/gprpp/load_file.cc +0 -1
  125. data/src/core/lib/gprpp/mpscq.h +0 -1
  126. data/src/core/lib/gprpp/single_set_ptr.h +0 -1
  127. data/src/core/lib/gprpp/status_helper.cc +0 -1
  128. data/src/core/lib/gprpp/sync.h +0 -1
  129. data/src/core/lib/gprpp/table.h +28 -0
  130. data/src/core/lib/gprpp/thd.h +0 -1
  131. data/src/core/lib/gprpp/time.h +0 -1
  132. data/src/core/lib/gprpp/time_util.cc +0 -1
  133. data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
  134. data/src/core/lib/gprpp/windows/thd.cc +0 -1
  135. data/src/core/lib/gprpp/work_serializer.cc +23 -34
  136. data/src/core/lib/iomgr/buffer_list.cc +0 -1
  137. data/src/core/lib/iomgr/call_combiner.h +6 -8
  138. data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
  139. data/src/core/lib/iomgr/closure.h +5 -8
  140. data/src/core/lib/iomgr/combiner.cc +6 -8
  141. data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
  142. data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
  143. data/src/core/lib/iomgr/error.h +0 -1
  144. data/src/core/lib/iomgr/ev_apple.cc +13 -18
  145. data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
  146. data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
  147. data/src/core/lib/iomgr/ev_posix.cc +55 -44
  148. data/src/core/lib/iomgr/ev_posix.h +0 -5
  149. data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
  150. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
  151. data/src/core/lib/iomgr/exec_ctx.cc +6 -9
  152. data/src/core/lib/iomgr/exec_ctx.h +26 -16
  153. data/src/core/lib/iomgr/executor.cc +43 -33
  154. data/src/core/lib/iomgr/fork_windows.cc +0 -1
  155. data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
  156. data/src/core/lib/iomgr/iocp_windows.cc +0 -1
  157. data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
  158. data/src/core/lib/iomgr/lockfree_event.cc +7 -11
  159. data/src/core/lib/iomgr/polling_entity.cc +10 -3
  160. data/src/core/lib/iomgr/pollset_windows.cc +0 -2
  161. data/src/core/lib/iomgr/resolve_address.cc +0 -1
  162. data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
  163. data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
  164. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
  165. data/src/core/lib/iomgr/socket_mutator.cc +0 -1
  166. data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
  167. data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
  168. data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
  169. data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
  170. data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
  171. data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
  172. data/src/core/lib/iomgr/tcp_posix.cc +32 -68
  173. data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
  174. data/src/core/lib/iomgr/tcp_windows.cc +4 -12
  175. data/src/core/lib/iomgr/timer_generic.cc +46 -65
  176. data/src/core/lib/iomgr/timer_manager.cc +4 -5
  177. data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
  178. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
  179. data/src/core/lib/iomgr/vsock.cc +0 -1
  180. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
  181. data/src/core/lib/promise/activity.h +0 -1
  182. data/src/core/lib/promise/context.h +0 -1
  183. data/src/core/lib/promise/detail/join_state.h +44 -44
  184. data/src/core/lib/promise/detail/seq_state.h +1101 -1356
  185. data/src/core/lib/promise/for_each.h +8 -15
  186. data/src/core/lib/promise/interceptor_list.h +17 -27
  187. data/src/core/lib/promise/latch.h +16 -24
  188. data/src/core/lib/promise/map.h +1 -1
  189. data/src/core/lib/promise/party.cc +238 -114
  190. data/src/core/lib/promise/party.h +105 -308
  191. data/src/core/lib/promise/pipe.h +3 -4
  192. data/src/core/lib/promise/poll.h +0 -1
  193. data/src/core/lib/promise/status_flag.h +0 -1
  194. data/src/core/lib/resource_quota/connection_quota.cc +0 -1
  195. data/src/core/lib/resource_quota/memory_quota.cc +11 -19
  196. data/src/core/lib/resource_quota/memory_quota.h +2 -4
  197. data/src/core/lib/resource_quota/periodic_update.cc +2 -3
  198. data/src/core/lib/resource_quota/thread_quota.cc +0 -1
  199. data/src/core/lib/security/authorization/audit_logging.cc +0 -1
  200. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
  201. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
  202. data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
  203. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
  204. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
  205. data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
  206. data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
  207. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
  208. data/src/core/lib/security/credentials/credentials.h +1 -2
  209. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
  210. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
  211. data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
  212. data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
  213. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
  214. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
  215. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
  216. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
  217. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
  218. data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
  219. data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
  220. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
  221. data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
  222. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
  223. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
  224. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
  225. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
  226. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
  227. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  228. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
  229. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
  230. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
  231. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
  232. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
  233. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
  234. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
  235. data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
  236. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
  237. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
  238. data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
  239. data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
  240. data/src/core/lib/slice/percent_encoding.cc +0 -1
  241. data/src/core/lib/slice/slice.cc +0 -1
  242. data/src/core/lib/slice/slice.h +0 -1
  243. data/src/core/lib/slice/slice_buffer.cc +0 -1
  244. data/src/core/lib/slice/slice_internal.h +0 -1
  245. data/src/core/lib/slice/slice_refcount.h +6 -8
  246. data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
  247. data/src/core/lib/surface/call.cc +3 -5
  248. data/src/core/lib/surface/call_utils.h +0 -1
  249. data/src/core/lib/surface/channel.cc +0 -1
  250. data/src/core/lib/surface/channel_create.cc +0 -1
  251. data/src/core/lib/surface/channel_init.h +0 -1
  252. data/src/core/lib/surface/client_call.cc +0 -1
  253. data/src/core/lib/surface/client_call.h +0 -1
  254. data/src/core/lib/surface/completion_queue.cc +28 -4
  255. data/src/core/lib/surface/completion_queue_factory.cc +0 -1
  256. data/src/core/lib/surface/filter_stack_call.cc +9 -9
  257. data/src/core/lib/surface/filter_stack_call.h +0 -1
  258. data/src/core/lib/surface/lame_client.cc +0 -1
  259. data/src/core/lib/surface/server_call.cc +0 -1
  260. data/src/core/lib/surface/server_call.h +0 -1
  261. data/src/core/lib/surface/validate_metadata.h +0 -1
  262. data/src/core/lib/surface/version.cc +2 -2
  263. data/src/core/lib/transport/bdp_estimator.cc +9 -12
  264. data/src/core/lib/transport/bdp_estimator.h +6 -8
  265. data/src/core/lib/transport/call_arena_allocator.cc +2 -16
  266. data/src/core/lib/transport/call_arena_allocator.h +20 -5
  267. data/src/core/lib/transport/call_filters.cc +6 -9
  268. data/src/core/lib/transport/call_spine.h +24 -13
  269. data/src/core/lib/transport/connectivity_state.cc +34 -42
  270. data/src/core/lib/transport/metadata_batch.h +41 -1
  271. data/src/core/lib/transport/timeout_encoding.cc +0 -1
  272. data/src/core/lib/transport/transport.h +6 -8
  273. data/src/core/lib/transport/transport_op_string.cc +0 -1
  274. data/src/core/lib/uri/uri_parser.cc +0 -1
  275. data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
  276. data/src/core/load_balancing/health_check_client.cc +31 -42
  277. data/src/core/load_balancing/oob_backend_metric.cc +2 -4
  278. data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
  279. data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
  280. data/src/core/load_balancing/priority/priority.cc +77 -106
  281. data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
  282. data/src/core/load_balancing/rls/rls.cc +142 -187
  283. data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
  284. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
  285. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
  286. data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
  287. data/src/core/load_balancing/xds/cds.cc +26 -43
  288. data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
  289. data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
  290. data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
  291. data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
  292. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
  293. data/src/core/resolver/binder/binder_resolver.cc +0 -2
  294. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
  295. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
  296. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
  297. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
  298. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
  299. data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
  300. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
  301. data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
  302. data/src/core/resolver/endpoint_addresses.cc +0 -1
  303. data/src/core/resolver/fake/fake_resolver.cc +0 -1
  304. data/src/core/resolver/polling_resolver.cc +6 -15
  305. data/src/core/resolver/polling_resolver.h +1 -1
  306. data/src/core/resolver/xds/xds_config.cc +96 -0
  307. data/src/core/resolver/xds/xds_config.h +109 -0
  308. data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
  309. data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
  310. data/src/core/resolver/xds/xds_resolver.cc +51 -55
  311. data/src/core/server/server.cc +2 -2
  312. data/src/core/server/server_config_selector_filter.cc +0 -1
  313. data/src/core/server/xds_server_config_fetcher.cc +4 -6
  314. data/src/core/service_config/service_config_call_data.h +2 -3
  315. data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
  316. data/src/core/service_config/service_config_impl.h +0 -1
  317. data/src/core/telemetry/call_tracer.cc +0 -1
  318. data/src/core/telemetry/metrics.h +0 -1
  319. data/src/core/telemetry/stats_data.cc +67 -0
  320. data/src/core/telemetry/stats_data.h +48 -0
  321. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
  322. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
  323. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
  324. data/src/core/tsi/fake_transport_security.cc +6 -5
  325. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
  326. data/src/core/util/alloc.cc +0 -1
  327. data/src/core/util/gcp_metadata_query.cc +0 -1
  328. data/src/core/util/http_client/httpcli.cc +12 -15
  329. data/src/core/util/http_client/httpcli.h +16 -11
  330. data/src/core/util/http_client/parser.cc +3 -4
  331. data/src/core/util/json/json_reader.cc +0 -1
  332. data/src/core/util/latent_see.cc +29 -9
  333. data/src/core/util/latent_see.h +122 -27
  334. data/src/core/util/log.cc +36 -55
  335. data/src/core/util/lru_cache.h +104 -0
  336. data/src/core/util/msys/tmpfile.cc +0 -1
  337. data/src/core/util/posix/sync.cc +0 -1
  338. data/src/core/util/posix/time.cc +0 -1
  339. data/src/core/util/ring_buffer.h +123 -0
  340. data/src/core/util/spinlock.h +1 -2
  341. data/src/core/util/string.cc +7 -7
  342. data/src/core/util/sync.cc +0 -1
  343. data/src/core/util/sync_abseil.cc +0 -1
  344. data/src/core/util/time.cc +0 -1
  345. data/src/core/util/unique_ptr_with_bitset.h +86 -0
  346. data/src/core/util/useful.h +0 -24
  347. data/src/core/util/windows/cpu.cc +0 -1
  348. data/src/core/util/windows/sync.cc +0 -1
  349. data/src/core/util/windows/time.cc +0 -1
  350. data/src/core/util/windows/tmpfile.cc +0 -1
  351. data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
  352. data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
  353. data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
  354. data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
  355. data/src/core/xds/grpc/xds_cluster.cc +2 -8
  356. data/src/core/xds/grpc/xds_cluster.h +4 -4
  357. data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
  358. data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
  359. data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
  360. data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
  361. data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
  362. data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
  363. data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
  364. data/src/core/xds/grpc/xds_http_filter.h +11 -1
  365. data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
  366. data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
  367. data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
  368. data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
  369. data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
  370. data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
  371. data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
  372. data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
  373. data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
  374. data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
  375. data/src/core/xds/grpc/xds_metadata.cc +62 -0
  376. data/src/core/xds/grpc/xds_metadata.h +127 -0
  377. data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
  378. data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
  379. data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
  380. data/src/core/xds/grpc/xds_routing.cc +57 -22
  381. data/src/core/xds/grpc/xds_routing.h +10 -2
  382. data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
  383. data/src/core/xds/xds_client/xds_client.cc +124 -165
  384. data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
  385. data/src/ruby/ext/grpc/rb_call.c +1 -1
  386. data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
  387. data/src/ruby/ext/grpc/rb_channel.c +22 -16
  388. data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
  389. data/src/ruby/ext/grpc/rb_grpc.c +9 -8
  390. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
  391. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
  392. data/src/ruby/ext/grpc/rb_server.c +10 -8
  393. data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
  394. data/src/ruby/lib/grpc/version.rb +1 -1
  395. data/src/ruby/spec/call_spec.rb +53 -40
  396. data/src/ruby/spec/channel_spec.rb +4 -2
  397. data/src/ruby/spec/client_server_spec.rb +148 -507
  398. data/src/ruby/spec/generic/active_call_spec.rb +64 -86
  399. data/src/ruby/spec/support/services.rb +3 -0
  400. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
  401. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
  403. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
  404. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
  424. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
  425. data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
  426. data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
  427. data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
  428. data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
  429. data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
  430. data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
  431. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
  432. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
  433. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
  434. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
  435. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
  436. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
  437. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
  438. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
  439. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
  440. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
  441. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
  442. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
  444. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
  445. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
  446. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
  447. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
  448. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
  449. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
  450. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
  451. data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
  452. data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
  453. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
  454. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
  455. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
  456. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
  457. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
  458. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
  459. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
  460. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
  461. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
  462. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
  463. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
  464. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
  465. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
  466. data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
  467. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
  468. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
  469. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
  470. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
  471. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
  472. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
  473. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
  474. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
  475. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
  476. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
  477. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
  478. metadata +113 -87
  479. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
  480. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
  481. data/src/core/util/android/log.cc +0 -48
  482. data/src/core/util/linux/log.cc +0 -69
  483. data/src/core/util/posix/log.cc +0 -69
  484. data/src/core/util/windows/log.cc +0 -73
  485. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
  486. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
  487. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
  488. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
  489. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
  490. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
  491. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
  492. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
  493. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
  494. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
  495. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
  496. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
  497. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
  498. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
  499. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
  500. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
  501. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
  502. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
  503. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
  504. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
  505. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
  506. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
  507. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
  508. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
  509. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
  510. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
  511. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
  512. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
  513. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
  514. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
  515. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
  516. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
  517. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
  518. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
  519. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
  520. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
  521. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
  522. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
  523. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
  524. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
  525. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
  526. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
  527. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
  528. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
  529. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
  530. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
  531. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
  532. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
  533. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
  534. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
  535. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
  536. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
  537. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
  538. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
  539. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
  540. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
  541. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
  542. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
  543. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
  544. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
  545. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
  546. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
  547. /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
@@ -385,10 +385,9 @@ OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
385
385
  pem_password_cb *callback, void *u);
386
386
 
387
387
  // PEM_def_callback treats |userdata| as a string and copies it into |buf|,
388
- // assuming its |size| is sufficient. Returns the length of the string, or 0
389
- // if there is not enough room. If either |buf| or |userdata| is NULL, 0 is
390
- // returned. Note that this is different from OpenSSL, which prompts for a
391
- // password.
388
+ // assuming its |size| is sufficient. Returns the length of the string, or -1 on
389
+ // error. Error cases the buffer being too small, or |buf| and |userdata| being
390
+ // NULL. Note that this is different from OpenSSL, which prompts for a password.
392
391
  OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag,
393
392
  void *userdata);
394
393
 
@@ -56,7 +56,7 @@ extern "C++" {
56
56
  return func; \
57
57
  }()
58
58
 
59
- namespace bssl {
59
+ BSSL_NAMESPACE_BEGIN
60
60
 
61
61
  enum class FIPSStatus {
62
62
  NOT_APPROVED = 0,
@@ -87,7 +87,7 @@ class FIPSIndicatorHelper {
87
87
  const uint64_t before_;
88
88
  };
89
89
 
90
- } // namespace bssl
90
+ BSSL_NAMESPACE_END
91
91
  } // extern "C++"
92
92
 
93
93
  #endif // !BORINGSSL_NO_CXX
@@ -30,6 +30,28 @@ extern "C++" {
30
30
  #include <string_view>
31
31
  #endif
32
32
 
33
+ #if defined(__has_include)
34
+ #if __has_include(<version>)
35
+ #include <version>
36
+ #endif
37
+ #endif
38
+
39
+ #if defined(__cpp_lib_ranges) && __cpp_lib_ranges >= 201911L
40
+ #include <ranges>
41
+ BSSL_NAMESPACE_BEGIN
42
+ template <typename T>
43
+ class Span;
44
+ BSSL_NAMESPACE_END
45
+
46
+ // Mark `Span` as satisfying the `view` and `borrowed_range` concepts. This
47
+ // should be done before the definition of `Span`, so that any inlined calls to
48
+ // range functionality use the correct specializations.
49
+ template <typename T>
50
+ inline constexpr bool std::ranges::enable_view<bssl::Span<T>> = true;
51
+ template <typename T>
52
+ inline constexpr bool std::ranges::enable_borrowed_range<bssl::Span<T>> = true;
53
+ #endif
54
+
33
55
  BSSL_NAMESPACE_BEGIN
34
56
 
35
57
  template <typename T>
@@ -651,6 +651,17 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
651
651
 
652
652
  #define DTLS1_VERSION 0xfeff
653
653
  #define DTLS1_2_VERSION 0xfefd
654
+ // DTLS1_3_EXPERIMENTAL_VERSION gates experimental, in-progress code for DTLS
655
+ // 1.3.
656
+ //
657
+ // WARNING: Do not use this value. BoringSSL's DTLS 1.3 implementation is still
658
+ // under development. The code enabled by this value is neither stable nor
659
+ // secure. It does not correspond to any real protocol. It is also incompatible
660
+ // with other DTLS implementations, and it is not compatible with future or past
661
+ // versions of BoringSSL.
662
+ //
663
+ // When the DTLS 1.3 implementation is complete, this symbol will be replaced.
664
+ #define DTLS1_3_EXPERIMENTAL_VERSION 0xfc25
654
665
 
655
666
  // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
656
667
  // |version|. If |version| is zero, the default minimum version is used. It
@@ -2537,6 +2548,7 @@ OPENSSL_EXPORT size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
2537
2548
  #define SSL_GROUP_SECP384R1 24
2538
2549
  #define SSL_GROUP_SECP521R1 25
2539
2550
  #define SSL_GROUP_X25519 29
2551
+ #define SSL_GROUP_X25519_MLKEM768 0x11ec
2540
2552
  #define SSL_GROUP_X25519_KYBER768_DRAFT00 0x6399
2541
2553
 
2542
2554
  // SSL_CTX_set1_group_ids sets the preferred groups for |ctx| to |group_ids|.
@@ -3635,13 +3647,13 @@ OPENSSL_EXPORT int SSL_CREDENTIAL_set1_delegated_credential(
3635
3647
  // holds for any application protocol state remembered for 0-RTT, e.g. HTTP/3
3636
3648
  // SETTINGS.
3637
3649
 
3638
- // ssl_encryption_level_t represents a specific QUIC encryption level used to
3639
- // transmit handshake messages.
3650
+ // ssl_encryption_level_t represents an encryption level in TLS 1.3. Values in
3651
+ // this enum match the first 4 epochs used in DTLS 1.3 (section 6.1).
3640
3652
  enum ssl_encryption_level_t BORINGSSL_ENUM_INT {
3641
3653
  ssl_encryption_initial = 0,
3642
- ssl_encryption_early_data,
3643
- ssl_encryption_handshake,
3644
- ssl_encryption_application,
3654
+ ssl_encryption_early_data = 1,
3655
+ ssl_encryption_handshake = 2,
3656
+ ssl_encryption_application = 3,
3645
3657
  };
3646
3658
 
3647
3659
  // ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks.
@@ -4617,6 +4629,16 @@ enum ssl_select_cert_result_t BORINGSSL_ENUM_INT {
4617
4629
  // ssl_select_cert_error indicates that a fatal error occured and the
4618
4630
  // handshake should be terminated.
4619
4631
  ssl_select_cert_error = -1,
4632
+ // ssl_select_cert_disable_ech indicates that, although an encrypted
4633
+ // ClientHelloInner was decrypted, it should be discarded. The certificate
4634
+ // selection callback will then be called again, passing in the
4635
+ // ClientHelloOuter instead. From there, the handshake will proceed
4636
+ // without retry_configs, to signal to the client to disable ECH.
4637
+ //
4638
+ // This value may only be returned when |SSL_ech_accepted| returnes one. It
4639
+ // may be useful if the ClientHelloInner indicated a service which does not
4640
+ // support ECH, e.g. if it is a TLS-1.2 only service.
4641
+ ssl_select_cert_disable_ech = -2,
4620
4642
  };
4621
4643
 
4622
4644
  // SSL_early_callback_ctx_extension_get searches the extensions in
@@ -5616,6 +5638,14 @@ enum ssl_compliance_policy_t BORINGSSL_ENUM_INT {
5616
5638
  // implementation risks of using a more obscure primitive like P-384
5617
5639
  // dominate other considerations.
5618
5640
  ssl_compliance_policy_wpa3_192_202304,
5641
+
5642
+ // ssl_compliance_policy_cnsa_202407 confingures a TLS connection to use:
5643
+ // * For TLS 1.3, AES-256-GCM over AES-128-GCM over ChaCha20-Poly1305.
5644
+ //
5645
+ // I.e. it ensures that AES-GCM will be used whenever the client supports it.
5646
+ // The cipher suite configuration mini-language can be used to similarly
5647
+ // configure prior TLS versions if they are enabled.
5648
+ ssl_compliance_policy_cnsa_202407,
5619
5649
  };
5620
5650
 
5621
5651
  // SSL_CTX_set_compliance_policy configures various aspects of |ctx| based on
@@ -584,6 +584,11 @@ bool dtls1_add_message(SSL *ssl, Array<uint8_t> data) {
584
584
  }
585
585
 
586
586
  bool dtls1_add_change_cipher_spec(SSL *ssl) {
587
+ // DTLS 1.3 disables compatibility mode, which means that DTLS 1.3 never sends
588
+ // a ChangeCipherSpec message.
589
+ if (ssl_protocol_version(ssl) > TLS1_2_VERSION) {
590
+ return true;
591
+ }
587
592
  return add_outgoing(ssl, true /* ChangeCipherSpec */, Array<uint8_t>());
588
593
  }
589
594
 
@@ -624,12 +629,6 @@ static enum seal_result_t seal_next_message(SSL *ssl, uint8_t *out,
624
629
  assert(ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len);
625
630
  assert(msg == &ssl->d1->outgoing_messages[ssl->d1->outgoing_written]);
626
631
 
627
- if (msg->epoch != ssl->d1->w_epoch &&
628
- (ssl->d1->w_epoch == 0 || msg->epoch != ssl->d1->w_epoch - 1)) {
629
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
630
- return seal_error;
631
- }
632
-
633
632
  size_t overhead = dtls_max_seal_overhead(ssl, msg->epoch);
634
633
  size_t prefix = dtls_seal_prefix_len(ssl, msg->epoch);
635
634
 
@@ -95,6 +95,12 @@ bool dtls1_new(SSL *ssl) {
95
95
  return false;
96
96
  }
97
97
 
98
+ d1->initial_aead_write_ctx = SSLAEADContext::CreateNullCipher(true);
99
+ if (!d1->initial_aead_write_ctx) {
100
+ tls_free(ssl);
101
+ return false;
102
+ }
103
+
98
104
  ssl->d1 = d1.release();
99
105
 
100
106
  // Set the version to the highest supported version.
@@ -216,6 +216,11 @@ int dtls1_write_app_data(SSL *ssl, bool *out_needs_handshake,
216
216
  return 1;
217
217
  }
218
218
 
219
+ static size_t dtls_seal_align_prefix_len(const SSL *ssl, uint16_t epoch) {
220
+ return dtls_record_header_write_len(ssl, epoch) +
221
+ ssl->s3->aead_write_ctx->ExplicitNonceLen();
222
+ }
223
+
219
224
  int dtls1_write_record(SSL *ssl, int type, Span<const uint8_t> in,
220
225
  uint16_t epoch) {
221
226
  SSLBuffer *buf = &ssl->s3->write_buffer;
@@ -231,7 +236,7 @@ int dtls1_write_record(SSL *ssl, int type, Span<const uint8_t> in,
231
236
  }
232
237
 
233
238
  size_t ciphertext_len;
234
- if (!buf->EnsureCap(ssl_seal_align_prefix_len(ssl),
239
+ if (!buf->EnsureCap(dtls_seal_align_prefix_len(ssl, epoch),
235
240
  in.size() + SSL_max_seal_overhead(ssl)) ||
236
241
  !dtls_seal_record(ssl, buf->remaining().data(), &ciphertext_len,
237
242
  buf->remaining().size(), type, in.data(), in.size(),
@@ -88,7 +88,16 @@ static bool dtls1_set_read_state(SSL *ssl, ssl_encryption_level_t level,
88
88
  return false;
89
89
  }
90
90
 
91
- ssl->d1->r_epoch++;
91
+ if (ssl_protocol_version(ssl) > TLS1_2_VERSION) {
92
+ // TODO(crbug.com/boringssl/715): Handle the additional epochs used for key
93
+ // update.
94
+ // TODO(crbug.com/boringssl/715): If we want to gracefully handle packet
95
+ // reordering around KeyUpdate (i.e. accept records from both epochs), we'll
96
+ // need a separate bitmap for each epoch.
97
+ ssl->d1->r_epoch = level;
98
+ } else {
99
+ ssl->d1->r_epoch++;
100
+ }
92
101
  ssl->d1->bitmap = DTLS1_BITMAP();
93
102
  ssl->s3->read_sequence = 0;
94
103
 
@@ -106,6 +115,9 @@ static bool dtls1_set_write_state(SSL *ssl, ssl_encryption_level_t level,
106
115
  ssl->d1->last_write_sequence = ssl->s3->write_sequence;
107
116
  ssl->s3->write_sequence = 0;
108
117
 
118
+ if (ssl_protocol_version(ssl) > TLS1_2_VERSION) {
119
+ ssl->d1->w_epoch = level;
120
+ }
109
121
  ssl->d1->last_aead_write_ctx = std::move(ssl->s3->aead_write_ctx);
110
122
  ssl->s3->aead_write_ctx = std::move(aead_ctx);
111
123
  ssl->s3->write_level = level;
@@ -159,6 +159,148 @@ static void dtls1_bitmap_record(DTLS1_BITMAP *bitmap, uint64_t seq_num) {
159
159
  }
160
160
  }
161
161
 
162
+ // reconstruct_epoch finds the largest epoch that ends with the epoch bits from
163
+ // |wire_epoch| that is less than or equal to |current_epoch|, to match the
164
+ // epoch reconstruction algorithm described in RFC 9147 section 4.2.2.
165
+ static uint16_t reconstruct_epoch(uint8_t wire_epoch, uint16_t current_epoch) {
166
+ uint16_t current_epoch_high = current_epoch & 0xfffc;
167
+ uint16_t epoch = (wire_epoch & 0x3) | current_epoch_high;
168
+ if (epoch > current_epoch && current_epoch_high > 0) {
169
+ epoch -= 0x4;
170
+ }
171
+ return epoch;
172
+ }
173
+
174
+ uint64_t reconstruct_seqnum(uint16_t wire_seq, uint64_t seq_mask,
175
+ uint64_t max_valid_seqnum) {
176
+ uint64_t max_seqnum_plus_one = max_valid_seqnum + 1;
177
+ uint64_t diff = (wire_seq - max_seqnum_plus_one) & seq_mask;
178
+ uint64_t step = seq_mask + 1;
179
+ uint64_t seqnum = max_seqnum_plus_one + diff;
180
+ // seqnum is computed as the addition of 3 non-negative values
181
+ // (max_valid_seqnum, 1, and diff). The values 1 and diff are small (relative
182
+ // to the size of a uint64_t), while max_valid_seqnum can span the range of
183
+ // all uint64_t values. If seqnum is less than max_valid_seqnum, then the
184
+ // addition overflowed.
185
+ bool overflowed = seqnum < max_valid_seqnum;
186
+ // If the diff is larger than half the step size, then the closest seqnum
187
+ // to max_seqnum_plus_one (in Z_{2^64}) is seqnum minus step instead of
188
+ // seqnum.
189
+ bool closer_is_less = diff > step / 2;
190
+ // Subtracting step from seqnum will cause underflow if seqnum is too small.
191
+ bool would_underflow = seqnum < step;
192
+ if (overflowed || (closer_is_less && !would_underflow)) {
193
+ seqnum -= step;
194
+ }
195
+ return seqnum;
196
+ }
197
+
198
+ static bool parse_dtls13_record_header(SSL *ssl, CBS *in, Span<uint8_t> packet,
199
+ uint8_t type, CBS *out_body,
200
+ uint64_t *out_sequence,
201
+ uint16_t *out_epoch,
202
+ size_t *out_header_len) {
203
+ // TODO(crbug.com/boringssl/715): Decrypt the sequence number before
204
+ // decoding it.
205
+ if ((type & 0x10) == 0x10) {
206
+ // Connection ID bit set, which we didn't negotiate.
207
+ return false;
208
+ }
209
+
210
+ // TODO(crbug.com/boringssl/715): Add a runner test that performs many
211
+ // key updates to verify epoch reconstruction works for epochs larger than
212
+ // 3.
213
+ *out_epoch = reconstruct_epoch(type, ssl->d1->r_epoch);
214
+ size_t seqlen = 1;
215
+ if ((type & 0x08) == 0x08) {
216
+ // If this bit is set, the sequence number is 16 bits long, otherwise it is
217
+ // 8 bits. The seqlen variable tracks the length of the sequence number in
218
+ // bytes.
219
+ seqlen = 2;
220
+ }
221
+ if (!CBS_skip(in, seqlen)) {
222
+ // The record header was incomplete or malformed.
223
+ return false;
224
+ }
225
+ *out_header_len = packet.size() - CBS_len(in);
226
+ if ((type & 0x04) == 0x04) {
227
+ *out_header_len += 2;
228
+ // 16-bit length present
229
+ if (!CBS_get_u16_length_prefixed(in, out_body)) {
230
+ // The record header was incomplete or malformed.
231
+ return false;
232
+ }
233
+ } else {
234
+ // No length present - the remaining contents are the whole packet.
235
+ // CBS_get_bytes is used here to advance |in| to the end so that future
236
+ // code that computes the number of consumed bytes functions correctly.
237
+ if (!CBS_get_bytes(in, out_body, CBS_len(in))) {
238
+ return false;
239
+ }
240
+ }
241
+
242
+ // Decrypt and reconstruct the sequence number:
243
+ uint8_t mask[AES_BLOCK_SIZE];
244
+ SSLAEADContext *aead = ssl->s3->aead_read_ctx.get();
245
+ if (!aead->GenerateRecordNumberMask(mask, *out_body)) {
246
+ // GenerateRecordNumberMask most likely failed because the record body was
247
+ // not long enough.
248
+ return false;
249
+ }
250
+ // Apply the mask to the sequence number as it exists in the header. The
251
+ // header (with the decrypted sequence number bytes) is used as the
252
+ // additional data for the AEAD function. Since we don't support Connection
253
+ // ID, the sequence number starts immediately after the type byte.
254
+ uint64_t seq = 0;
255
+ for (size_t i = 0; i < seqlen; i++) {
256
+ packet[i + 1] ^= mask[i];
257
+ seq = (seq << 8) | packet[i + 1];
258
+ }
259
+ *out_sequence = reconstruct_seqnum(seq, (1 << (seqlen * 8)) - 1,
260
+ ssl->d1->bitmap.max_seq_num);
261
+ return true;
262
+ }
263
+
264
+ static bool parse_dtls_plaintext_record_header(
265
+ SSL *ssl, CBS *in, size_t packet_size, uint8_t type, CBS *out_body,
266
+ uint64_t *out_sequence, uint16_t *out_epoch, size_t *out_header_len,
267
+ uint16_t *out_version) {
268
+ SSLAEADContext *aead = ssl->s3->aead_read_ctx.get();
269
+ uint8_t sequence_bytes[8];
270
+ if (!CBS_get_u16(in, out_version) ||
271
+ !CBS_copy_bytes(in, sequence_bytes, sizeof(sequence_bytes))) {
272
+ return false;
273
+ }
274
+ *out_header_len = packet_size - CBS_len(in) + 2;
275
+ if (!CBS_get_u16_length_prefixed(in, out_body) ||
276
+ CBS_len(out_body) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
277
+ return false;
278
+ }
279
+
280
+ bool version_ok;
281
+ if (aead->is_null_cipher()) {
282
+ // Only check the first byte. Enforcing beyond that can prevent decoding
283
+ // version negotiation failure alerts.
284
+ version_ok = (*out_version >> 8) == DTLS1_VERSION_MAJOR;
285
+ } else {
286
+ version_ok = *out_version == aead->RecordVersion();
287
+ }
288
+
289
+ if (!version_ok) {
290
+ return false;
291
+ }
292
+
293
+ *out_sequence = CRYPTO_load_u64_be(sequence_bytes);
294
+ *out_epoch = static_cast<uint16_t>(*out_sequence >> 48);
295
+
296
+ // Discard the packet if we're expecting an encrypted DTLS 1.3 record but we
297
+ // get the old record header format.
298
+ if (!aead->is_null_cipher() && aead->ProtocolVersion() >= TLS1_3_VERSION) {
299
+ return false;
300
+ }
301
+ return true;
302
+ }
303
+
162
304
  enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
163
305
  Span<uint8_t> *out,
164
306
  size_t *out_consumed,
@@ -174,41 +316,41 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
174
316
 
175
317
  CBS cbs = CBS(in);
176
318
 
177
- // Decode the record.
178
319
  uint8_t type;
179
- uint16_t version;
180
- uint8_t sequence_bytes[8];
181
- CBS body;
182
- if (!CBS_get_u8(&cbs, &type) ||
183
- !CBS_get_u16(&cbs, &version) ||
184
- !CBS_copy_bytes(&cbs, sequence_bytes, sizeof(sequence_bytes)) ||
185
- !CBS_get_u16_length_prefixed(&cbs, &body) ||
186
- CBS_len(&body) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
320
+ size_t record_header_len;
321
+ if (!CBS_get_u8(&cbs, &type)) {
187
322
  // The record header was incomplete or malformed. Drop the entire packet.
188
323
  *out_consumed = in.size();
189
324
  return ssl_open_record_discard;
190
325
  }
191
-
192
- bool version_ok;
193
- if (ssl->s3->aead_read_ctx->is_null_cipher()) {
194
- // Only check the first byte. Enforcing beyond that can prevent decoding
195
- // version negotiation failure alerts.
196
- version_ok = (version >> 8) == DTLS1_VERSION_MAJOR;
326
+ SSLAEADContext *aead = ssl->s3->aead_read_ctx.get();
327
+ uint64_t sequence;
328
+ uint16_t epoch;
329
+ uint16_t version = 0;
330
+ CBS body;
331
+ bool valid_record_header;
332
+ // Decode the record header. If the 3 high bits of the type are 001, then the
333
+ // record header is the DTLS 1.3 format. The DTLS 1.3 format should only be
334
+ // used for encrypted records with DTLS 1.3. Plaintext records or DTLS 1.2
335
+ // records use the old record header format.
336
+ if ((type & 0xe0) == 0x20 && !aead->is_null_cipher() &&
337
+ aead->ProtocolVersion() >= TLS1_3_VERSION) {
338
+ valid_record_header = parse_dtls13_record_header(
339
+ ssl, &cbs, in, type, &body, &sequence, &epoch, &record_header_len);
197
340
  } else {
198
- version_ok = version == ssl->s3->aead_read_ctx->RecordVersion();
341
+ valid_record_header = parse_dtls_plaintext_record_header(
342
+ ssl, &cbs, in.size(), type, &body, &sequence, &epoch,
343
+ &record_header_len, &version);
199
344
  }
200
-
201
- if (!version_ok) {
345
+ if (!valid_record_header) {
202
346
  // The record header was incomplete or malformed. Drop the entire packet.
203
347
  *out_consumed = in.size();
204
348
  return ssl_open_record_discard;
205
349
  }
206
350
 
207
- Span<const uint8_t> header = in.subspan(0, DTLS1_RT_HEADER_LENGTH);
351
+ Span<const uint8_t> header = in.subspan(0, record_header_len);
208
352
  ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, header);
209
353
 
210
- uint64_t sequence = CRYPTO_load_u64_be(sequence_bytes);
211
- uint16_t epoch = static_cast<uint16_t>(sequence >> 48);
212
354
  if (epoch != ssl->d1->r_epoch ||
213
355
  dtls1_bitmap_should_discard(&ssl->d1->bitmap, sequence)) {
214
356
  // Drop this record. It's from the wrong epoch or is a replay. Note that if
@@ -220,7 +362,7 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
220
362
  }
221
363
 
222
364
  // discard the body in-place.
223
- if (!ssl->s3->aead_read_ctx->Open(
365
+ if (!aead->Open(
224
366
  out, type, version, sequence, header,
225
367
  MakeSpan(const_cast<uint8_t *>(CBS_data(&body)), CBS_len(&body)))) {
226
368
  // Bad packets are silently dropped in DTLS. See section 4.2.1 of RFC 6347.
@@ -235,13 +377,29 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
235
377
  }
236
378
  *out_consumed = in.size() - CBS_len(&cbs);
237
379
 
380
+ // DTLS 1.3 hides the record type inside the encrypted data.
381
+ bool has_padding =
382
+ !aead->is_null_cipher() && aead->ProtocolVersion() >= TLS1_3_VERSION;
238
383
  // Check the plaintext length.
239
- if (out->size() > SSL3_RT_MAX_PLAIN_LENGTH) {
384
+ size_t plaintext_limit = SSL3_RT_MAX_PLAIN_LENGTH + (has_padding ? 1 : 0);
385
+ if (out->size() > plaintext_limit) {
240
386
  OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
241
387
  *out_alert = SSL_AD_RECORD_OVERFLOW;
242
388
  return ssl_open_record_error;
243
389
  }
244
390
 
391
+ if (has_padding) {
392
+ do {
393
+ if (out->empty()) {
394
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
395
+ *out_alert = SSL_AD_DECRYPT_ERROR;
396
+ return ssl_open_record_error;
397
+ }
398
+ type = out->back();
399
+ *out = out->subspan(0, out->size() - 1);
400
+ } while (type == 0);
401
+ }
402
+
245
403
  dtls1_bitmap_record(&ssl->d1->bitmap, sequence);
246
404
 
247
405
  // TODO(davidben): Limit the number of empty records as in TLS? This is only
@@ -257,24 +415,52 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
257
415
  return ssl_open_record_success;
258
416
  }
259
417
 
260
- static const SSLAEADContext *get_write_aead(const SSL *ssl,
261
- uint16_t epoch) {
418
+ static SSLAEADContext *get_write_aead(const SSL *ssl, uint16_t epoch) {
419
+ if (epoch == 0) {
420
+ return ssl->d1->initial_aead_write_ctx.get();
421
+ }
422
+
262
423
  if (epoch < ssl->d1->w_epoch) {
263
- assert(epoch + 1 == ssl->d1->w_epoch);
424
+ BSSL_CHECK(epoch + 1 == ssl->d1->w_epoch);
264
425
  return ssl->d1->last_aead_write_ctx.get();
265
426
  }
266
427
 
267
- assert(epoch == ssl->d1->w_epoch);
428
+ BSSL_CHECK(epoch == ssl->d1->w_epoch);
268
429
  return ssl->s3->aead_write_ctx.get();
269
430
  }
270
431
 
432
+ static bool use_dtls13_record_header(const SSL *ssl, uint16_t epoch) {
433
+ // Plaintext records in DTLS 1.3 also use the DTLSPlaintext structure for
434
+ // backwards compatibility.
435
+ return ssl->s3->have_version && ssl_protocol_version(ssl) > TLS1_2_VERSION &&
436
+ epoch > 0;
437
+ }
438
+
439
+ size_t dtls_record_header_write_len(const SSL *ssl, uint16_t epoch) {
440
+ if (!use_dtls13_record_header(ssl, epoch)) {
441
+ return DTLS_PLAINTEXT_RECORD_HEADER_LENGTH;
442
+ }
443
+ // The DTLS 1.3 has a variable length record header. We never send Connection
444
+ // ID, we always send 16-bit sequence numbers, and we send a length. (Length
445
+ // can be omitted, but only for the last record of a packet. Since we send
446
+ // multiple records in one packet, it's easier to implement always sending the
447
+ // length.)
448
+ return DTLS1_3_RECORD_HEADER_WRITE_LENGTH;
449
+ }
450
+
271
451
  size_t dtls_max_seal_overhead(const SSL *ssl,
272
452
  uint16_t epoch) {
273
- return DTLS1_RT_HEADER_LENGTH + get_write_aead(ssl, epoch)->MaxOverhead();
453
+ size_t ret = dtls_record_header_write_len(ssl, epoch) +
454
+ get_write_aead(ssl, epoch)->MaxOverhead();
455
+ if (use_dtls13_record_header(ssl, epoch)) {
456
+ // Add 1 byte for the encrypted record type.
457
+ ret++;
458
+ }
459
+ return ret;
274
460
  }
275
461
 
276
462
  size_t dtls_seal_prefix_len(const SSL *ssl, uint16_t epoch) {
277
- return DTLS1_RT_HEADER_LENGTH +
463
+ return dtls_record_header_write_len(ssl, epoch) +
278
464
  get_write_aead(ssl, epoch)->ExplicitNonceLen();
279
465
  }
280
466
 
@@ -289,26 +475,15 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
289
475
  }
290
476
 
291
477
  // Determine the parameters for the current epoch.
292
- SSLAEADContext *aead = ssl->s3->aead_write_ctx.get();
478
+ SSLAEADContext *aead = get_write_aead(ssl, epoch);
293
479
  uint64_t *seq = &ssl->s3->write_sequence;
294
480
  if (epoch < ssl->d1->w_epoch) {
295
- assert(epoch + 1 == ssl->d1->w_epoch);
296
- aead = ssl->d1->last_aead_write_ctx.get();
297
481
  seq = &ssl->d1->last_write_sequence;
298
- } else {
299
- assert(epoch == ssl->d1->w_epoch);
300
482
  }
483
+ // TODO(crbug.com/boringssl/715): If epoch is initial or handshake, the value
484
+ // of seq is probably wrong for a retransmission.
301
485
 
302
- if (max_out < DTLS1_RT_HEADER_LENGTH) {
303
- OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
304
- return false;
305
- }
306
-
307
- out[0] = type;
308
-
309
- uint16_t record_version = ssl->s3->aead_write_ctx->RecordVersion();
310
- out[1] = record_version >> 8;
311
- out[2] = record_version & 0xff;
486
+ const size_t record_header_len = dtls_record_header_write_len(ssl, epoch);
312
487
 
313
488
  // Ensure the sequence number update does not overflow.
314
489
  const uint64_t kMaxSequenceNumber = (uint64_t{1} << 48) - 1;
@@ -317,28 +492,87 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
317
492
  return false;
318
493
  }
319
494
 
495
+ uint16_t record_version = ssl->s3->aead_write_ctx->RecordVersion();
320
496
  uint64_t seq_with_epoch = (uint64_t{epoch} << 48) | *seq;
321
- CRYPTO_store_u64_be(&out[3], seq_with_epoch);
497
+
498
+ bool dtls13_header = use_dtls13_record_header(ssl, epoch);
499
+ uint8_t *extra_in = NULL;
500
+ size_t extra_in_len = 0;
501
+ if (dtls13_header) {
502
+ extra_in = &type;
503
+ extra_in_len = 1;
504
+ }
322
505
 
323
506
  size_t ciphertext_len;
324
- if (!aead->CiphertextLen(&ciphertext_len, in_len, 0)) {
507
+ if (!aead->CiphertextLen(&ciphertext_len, in_len, extra_in_len)) {
325
508
  OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE);
326
509
  return false;
327
510
  }
328
- out[11] = ciphertext_len >> 8;
329
- out[12] = ciphertext_len & 0xff;
330
- Span<const uint8_t> header = MakeConstSpan(out, DTLS1_RT_HEADER_LENGTH);
511
+ if (max_out < record_header_len + ciphertext_len) {
512
+ OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
513
+ return false;
514
+ }
515
+
516
+ if (dtls13_header) {
517
+ // The first byte of the DTLS 1.3 record header has the following format:
518
+ // 0 1 2 3 4 5 6 7
519
+ // +-+-+-+-+-+-+-+-+
520
+ // |0|0|1|C|S|L|E E|
521
+ // +-+-+-+-+-+-+-+-+
522
+ //
523
+ // We set C=0 (no Connection ID), S=1 (16-bit sequence number), L=1 (length
524
+ // is present), which is a mask of 0x2c. The E E bits are the low-order two
525
+ // bits of the epoch.
526
+ //
527
+ // +-+-+-+-+-+-+-+-+
528
+ // |0|0|1|0|1|1|E E|
529
+ // +-+-+-+-+-+-+-+-+
530
+ out[0] = 0x2c | (epoch & 0x3);
531
+ out[1] = *seq >> 8;
532
+ out[2] = *seq & 0xff;
533
+ out[3] = ciphertext_len >> 8;
534
+ out[4] = ciphertext_len & 0xff;
535
+ // DTLS 1.3 uses the sequence number without the epoch for the AEAD.
536
+ seq_with_epoch = *seq;
537
+ } else {
538
+ out[0] = type;
539
+ out[1] = record_version >> 8;
540
+ out[2] = record_version & 0xff;
541
+ CRYPTO_store_u64_be(&out[3], seq_with_epoch);
542
+ out[11] = ciphertext_len >> 8;
543
+ out[12] = ciphertext_len & 0xff;
544
+ }
545
+ Span<const uint8_t> header = MakeConstSpan(out, record_header_len);
546
+
331
547
 
332
- size_t len_copy;
333
- if (!aead->Seal(out + DTLS1_RT_HEADER_LENGTH, &len_copy,
334
- max_out - DTLS1_RT_HEADER_LENGTH, type, record_version,
335
- seq_with_epoch, header, in, in_len)) {
548
+ if (!aead->SealScatter(out + record_header_len, out + prefix,
549
+ out + prefix + in_len, type, record_version,
550
+ seq_with_epoch, header, in, in_len, extra_in,
551
+ extra_in_len)) {
336
552
  return false;
337
553
  }
338
- assert(ciphertext_len == len_copy);
554
+
555
+ // Perform record number encryption (RFC 9147 section 4.2.3).
556
+ if (dtls13_header) {
557
+ // Record number encryption uses bytes from the ciphertext as a sample to
558
+ // generate the mask used for encryption. For simplicity, pass in the whole
559
+ // ciphertext as the sample - GenerateRecordNumberMask will read only what
560
+ // it needs (and error if |sample| is too short).
561
+ Span<const uint8_t> sample =
562
+ MakeConstSpan(out + record_header_len, ciphertext_len);
563
+ // AES cipher suites require the mask be exactly AES_BLOCK_SIZE; ChaCha20
564
+ // cipher suites have no requirements on the mask size. We only need the
565
+ // first two bytes from the mask.
566
+ uint8_t mask[AES_BLOCK_SIZE];
567
+ if (!aead->GenerateRecordNumberMask(mask, sample)) {
568
+ return false;
569
+ }
570
+ out[1] ^= mask[0];
571
+ out[2] ^= mask[1];
572
+ }
339
573
 
340
574
  (*seq)++;
341
- *out_len = DTLS1_RT_HEADER_LENGTH + ciphertext_len;
575
+ *out_len = record_header_len + ciphertext_len;
342
576
  ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header);
343
577
  return true;
344
578
  }