grpc 1.66.0 → 1.67.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +19 -10
- data/include/grpc/credentials.h +1 -1
- data/include/grpc/event_engine/README.md +1 -1
- data/include/grpc/event_engine/internal/slice_cast.h +1 -1
- data/include/grpc/event_engine/slice.h +0 -1
- data/include/grpc/event_engine/slice_buffer.h +0 -1
- data/include/grpc/grpc_crl_provider.h +1 -1
- data/include/grpc/impl/channel_arg_names.h +1 -1
- data/include/grpc/support/log.h +34 -32
- data/include/grpc/support/sync_generic.h +2 -4
- data/src/core/channelz/channelz.cc +0 -1
- data/src/core/channelz/channelz_registry.cc +0 -1
- data/src/core/client_channel/client_channel.cc +10 -7
- data/src/core/client_channel/client_channel.h +1 -1
- data/src/core/client_channel/client_channel_filter.cc +21 -18
- data/src/core/client_channel/client_channel_filter.h +1 -1
- data/src/core/client_channel/client_channel_internal.h +0 -2
- data/src/core/client_channel/config_selector.h +0 -1
- data/src/core/client_channel/dynamic_filters.cc +0 -2
- data/src/core/client_channel/local_subchannel_pool.cc +0 -2
- data/src/core/client_channel/retry_filter.h +0 -1
- data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
- data/src/core/client_channel/subchannel.cc +21 -27
- data/src/core/client_channel/subchannel_stream_client.cc +1 -1
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
- data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
- data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
- data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
- data/src/core/handshaker/handshaker.cc +21 -29
- data/src/core/handshaker/security/secure_endpoint.cc +3 -3
- data/src/core/handshaker/security/security_handshaker.cc +60 -72
- data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
- data/src/core/lib/backoff/backoff.cc +7 -10
- data/src/core/lib/backoff/backoff.h +4 -6
- data/src/core/lib/channel/channel_stack.cc +0 -1
- data/src/core/lib/channel/channel_stack.h +0 -1
- data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
- data/src/core/lib/channel/connected_channel.cc +0 -1
- data/src/core/lib/channel/promise_based_filter.cc +146 -194
- data/src/core/lib/channel/promise_based_filter.h +1 -1
- data/src/core/lib/compression/compression_internal.cc +0 -1
- data/src/core/lib/config/config_vars.cc +11 -1
- data/src/core/lib/config/config_vars.h +8 -0
- data/src/core/lib/config/core_configuration.cc +0 -1
- data/src/core/lib/config/core_configuration.h +0 -1
- data/src/core/lib/debug/event_log.cc +0 -1
- data/src/core/lib/debug/trace_flags.cc +4 -18
- data/src/core/lib/debug/trace_flags.h +2 -5
- data/src/core/lib/debug/trace_impl.h +6 -0
- data/src/core/lib/event_engine/ares_resolver.cc +89 -56
- data/src/core/lib/event_engine/ares_resolver.h +0 -9
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
- data/src/core/lib/event_engine/forkable.cc +0 -1
- data/src/core/lib/event_engine/forkable.h +0 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
- data/src/core/lib/event_engine/resolved_address.cc +0 -1
- data/src/core/lib/event_engine/slice.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
- data/src/core/lib/experiments/config.cc +12 -10
- data/src/core/lib/experiments/experiments.cc +45 -66
- data/src/core/lib/experiments/experiments.h +22 -27
- data/src/core/lib/gprpp/chunked_vector.h +0 -1
- data/src/core/lib/gprpp/down_cast.h +0 -1
- data/src/core/lib/gprpp/host_port.cc +0 -1
- data/src/core/lib/gprpp/load_file.cc +0 -1
- data/src/core/lib/gprpp/mpscq.h +0 -1
- data/src/core/lib/gprpp/single_set_ptr.h +0 -1
- data/src/core/lib/gprpp/status_helper.cc +0 -1
- data/src/core/lib/gprpp/sync.h +0 -1
- data/src/core/lib/gprpp/table.h +28 -0
- data/src/core/lib/gprpp/thd.h +0 -1
- data/src/core/lib/gprpp/time.h +0 -1
- data/src/core/lib/gprpp/time_util.cc +0 -1
- data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
- data/src/core/lib/gprpp/windows/thd.cc +0 -1
- data/src/core/lib/gprpp/work_serializer.cc +23 -34
- data/src/core/lib/iomgr/buffer_list.cc +0 -1
- data/src/core/lib/iomgr/call_combiner.h +6 -8
- data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
- data/src/core/lib/iomgr/closure.h +5 -8
- data/src/core/lib/iomgr/combiner.cc +6 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +13 -18
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
- data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
- data/src/core/lib/iomgr/ev_posix.cc +55 -44
- data/src/core/lib/iomgr/ev_posix.h +0 -5
- data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.cc +6 -9
- data/src/core/lib/iomgr/exec_ctx.h +26 -16
- data/src/core/lib/iomgr/executor.cc +43 -33
- data/src/core/lib/iomgr/fork_windows.cc +0 -1
- data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
- data/src/core/lib/iomgr/iocp_windows.cc +0 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
- data/src/core/lib/iomgr/lockfree_event.cc +7 -11
- data/src/core/lib/iomgr/polling_entity.cc +10 -3
- data/src/core/lib/iomgr/pollset_windows.cc +0 -2
- data/src/core/lib/iomgr/resolve_address.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_mutator.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
- data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
- data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
- data/src/core/lib/iomgr/tcp_posix.cc +32 -68
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
- data/src/core/lib/iomgr/tcp_windows.cc +4 -12
- data/src/core/lib/iomgr/timer_generic.cc +46 -65
- data/src/core/lib/iomgr/timer_manager.cc +4 -5
- data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
- data/src/core/lib/iomgr/vsock.cc +0 -1
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
- data/src/core/lib/promise/activity.h +0 -1
- data/src/core/lib/promise/context.h +0 -1
- data/src/core/lib/promise/detail/join_state.h +44 -44
- data/src/core/lib/promise/detail/seq_state.h +1101 -1356
- data/src/core/lib/promise/for_each.h +8 -15
- data/src/core/lib/promise/interceptor_list.h +17 -27
- data/src/core/lib/promise/latch.h +16 -24
- data/src/core/lib/promise/map.h +1 -1
- data/src/core/lib/promise/party.cc +238 -114
- data/src/core/lib/promise/party.h +105 -308
- data/src/core/lib/promise/pipe.h +3 -4
- data/src/core/lib/promise/poll.h +0 -1
- data/src/core/lib/promise/status_flag.h +0 -1
- data/src/core/lib/resource_quota/connection_quota.cc +0 -1
- data/src/core/lib/resource_quota/memory_quota.cc +11 -19
- data/src/core/lib/resource_quota/memory_quota.h +2 -4
- data/src/core/lib/resource_quota/periodic_update.cc +2 -3
- data/src/core/lib/resource_quota/thread_quota.cc +0 -1
- data/src/core/lib/security/authorization/audit_logging.cc +0 -1
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
- data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
- data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.h +1 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
- data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
- data/src/core/lib/slice/percent_encoding.cc +0 -1
- data/src/core/lib/slice/slice.cc +0 -1
- data/src/core/lib/slice/slice.h +0 -1
- data/src/core/lib/slice/slice_buffer.cc +0 -1
- data/src/core/lib/slice/slice_internal.h +0 -1
- data/src/core/lib/slice/slice_refcount.h +6 -8
- data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
- data/src/core/lib/surface/call.cc +3 -5
- data/src/core/lib/surface/call_utils.h +0 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel_create.cc +0 -1
- data/src/core/lib/surface/channel_init.h +0 -1
- data/src/core/lib/surface/client_call.cc +0 -1
- data/src/core/lib/surface/client_call.h +0 -1
- data/src/core/lib/surface/completion_queue.cc +28 -4
- data/src/core/lib/surface/completion_queue_factory.cc +0 -1
- data/src/core/lib/surface/filter_stack_call.cc +9 -9
- data/src/core/lib/surface/filter_stack_call.h +0 -1
- data/src/core/lib/surface/lame_client.cc +0 -1
- data/src/core/lib/surface/server_call.cc +0 -1
- data/src/core/lib/surface/server_call.h +0 -1
- data/src/core/lib/surface/validate_metadata.h +0 -1
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +9 -12
- data/src/core/lib/transport/bdp_estimator.h +6 -8
- data/src/core/lib/transport/call_arena_allocator.cc +2 -16
- data/src/core/lib/transport/call_arena_allocator.h +20 -5
- data/src/core/lib/transport/call_filters.cc +6 -9
- data/src/core/lib/transport/call_spine.h +24 -13
- data/src/core/lib/transport/connectivity_state.cc +34 -42
- data/src/core/lib/transport/metadata_batch.h +41 -1
- data/src/core/lib/transport/timeout_encoding.cc +0 -1
- data/src/core/lib/transport/transport.h +6 -8
- data/src/core/lib/transport/transport_op_string.cc +0 -1
- data/src/core/lib/uri/uri_parser.cc +0 -1
- data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
- data/src/core/load_balancing/health_check_client.cc +31 -42
- data/src/core/load_balancing/oob_backend_metric.cc +2 -4
- data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
- data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
- data/src/core/load_balancing/priority/priority.cc +77 -106
- data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
- data/src/core/load_balancing/rls/rls.cc +142 -187
- data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
- data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
- data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
- data/src/core/load_balancing/xds/cds.cc +26 -43
- data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
- data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
- data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
- data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
- data/src/core/resolver/binder/binder_resolver.cc +0 -2
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
- data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
- data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
- data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
- data/src/core/resolver/endpoint_addresses.cc +0 -1
- data/src/core/resolver/fake/fake_resolver.cc +0 -1
- data/src/core/resolver/polling_resolver.cc +6 -15
- data/src/core/resolver/polling_resolver.h +1 -1
- data/src/core/resolver/xds/xds_config.cc +96 -0
- data/src/core/resolver/xds/xds_config.h +109 -0
- data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
- data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
- data/src/core/resolver/xds/xds_resolver.cc +51 -55
- data/src/core/server/server.cc +2 -2
- data/src/core/server/server_config_selector_filter.cc +0 -1
- data/src/core/server/xds_server_config_fetcher.cc +4 -6
- data/src/core/service_config/service_config_call_data.h +2 -3
- data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
- data/src/core/service_config/service_config_impl.h +0 -1
- data/src/core/telemetry/call_tracer.cc +0 -1
- data/src/core/telemetry/metrics.h +0 -1
- data/src/core/telemetry/stats_data.cc +67 -0
- data/src/core/telemetry/stats_data.h +48 -0
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
- data/src/core/tsi/fake_transport_security.cc +6 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
- data/src/core/util/alloc.cc +0 -1
- data/src/core/util/gcp_metadata_query.cc +0 -1
- data/src/core/util/http_client/httpcli.cc +12 -15
- data/src/core/util/http_client/httpcli.h +16 -11
- data/src/core/util/http_client/parser.cc +3 -4
- data/src/core/util/json/json_reader.cc +0 -1
- data/src/core/util/latent_see.cc +29 -9
- data/src/core/util/latent_see.h +122 -27
- data/src/core/util/log.cc +36 -55
- data/src/core/util/lru_cache.h +104 -0
- data/src/core/util/msys/tmpfile.cc +0 -1
- data/src/core/util/posix/sync.cc +0 -1
- data/src/core/util/posix/time.cc +0 -1
- data/src/core/util/ring_buffer.h +123 -0
- data/src/core/util/spinlock.h +1 -2
- data/src/core/util/string.cc +7 -7
- data/src/core/util/sync.cc +0 -1
- data/src/core/util/sync_abseil.cc +0 -1
- data/src/core/util/time.cc +0 -1
- data/src/core/util/unique_ptr_with_bitset.h +86 -0
- data/src/core/util/useful.h +0 -24
- data/src/core/util/windows/cpu.cc +0 -1
- data/src/core/util/windows/sync.cc +0 -1
- data/src/core/util/windows/time.cc +0 -1
- data/src/core/util/windows/tmpfile.cc +0 -1
- data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
- data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
- data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
- data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
- data/src/core/xds/grpc/xds_cluster.cc +2 -8
- data/src/core/xds/grpc/xds_cluster.h +4 -4
- data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
- data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
- data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
- data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
- data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
- data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
- data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_filter.h +11 -1
- data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
- data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
- data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
- data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
- data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
- data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
- data/src/core/xds/grpc/xds_metadata.cc +62 -0
- data/src/core/xds/grpc/xds_metadata.h +127 -0
- data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
- data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
- data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
- data/src/core/xds/grpc/xds_routing.cc +57 -22
- data/src/core/xds/grpc/xds_routing.h +10 -2
- data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
- data/src/core/xds/xds_client/xds_client.cc +124 -165
- data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
- data/src/ruby/ext/grpc/rb_channel.c +22 -16
- data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc.c +9 -8
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
- data/src/ruby/ext/grpc/rb_server.c +10 -8
- data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/call_spec.rb +53 -40
- data/src/ruby/spec/channel_spec.rb +4 -2
- data/src/ruby/spec/client_server_spec.rb +148 -507
- data/src/ruby/spec/generic/active_call_spec.rb +64 -86
- data/src/ruby/spec/support/services.rb +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
- metadata +113 -87
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
- data/src/core/util/android/log.cc +0 -48
- data/src/core/util/linux/log.cc +0 -69
- data/src/core/util/posix/log.cc +0 -69
- data/src/core/util/windows/log.cc +0 -73
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
|
@@ -172,14 +172,17 @@ int ssl_read_buffer_extend_to(SSL *ssl, size_t len) {
|
|
|
172
172
|
|
|
173
173
|
if (SSL_is_dtls(ssl)) {
|
|
174
174
|
static_assert(
|
|
175
|
-
|
|
175
|
+
DTLS1_RT_MAX_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= 0xffff,
|
|
176
176
|
"DTLS read buffer is too large");
|
|
177
177
|
|
|
178
178
|
// The |len| parameter is ignored in DTLS.
|
|
179
|
-
len =
|
|
179
|
+
len = DTLS1_RT_MAX_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
|
|
180
180
|
}
|
|
181
181
|
|
|
182
|
-
|
|
182
|
+
// The DTLS record header can have a variable length, so the |header_len|
|
|
183
|
+
// value provided for buffer alignment only works if the header is the maximum
|
|
184
|
+
// length.
|
|
185
|
+
if (!ssl->s3->read_buffer.EnsureCap(DTLS1_RT_MAX_HEADER_LENGTH, len)) {
|
|
183
186
|
return -1;
|
|
184
187
|
}
|
|
185
188
|
|
|
@@ -252,7 +255,7 @@ static_assert(SSL3_RT_HEADER_LENGTH * 2 +
|
|
|
252
255
|
0xffff,
|
|
253
256
|
"maximum TLS write buffer is too large");
|
|
254
257
|
|
|
255
|
-
static_assert(
|
|
258
|
+
static_assert(DTLS1_RT_MAX_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD +
|
|
256
259
|
SSL3_RT_MAX_PLAIN_LENGTH <=
|
|
257
260
|
0xffff,
|
|
258
261
|
"maximum DTLS write buffer is too large");
|
|
@@ -28,6 +28,7 @@
|
|
|
28
28
|
#include <openssl/experimental/kyber.h>
|
|
29
29
|
#include <openssl/hrss.h>
|
|
30
30
|
#include <openssl/mem.h>
|
|
31
|
+
#include <openssl/mlkem.h>
|
|
31
32
|
#include <openssl/nid.h>
|
|
32
33
|
#include <openssl/rand.h>
|
|
33
34
|
#include <openssl/span.h>
|
|
@@ -192,6 +193,7 @@ class X25519KeyShare : public SSLKeyShare {
|
|
|
192
193
|
uint8_t private_key_[32];
|
|
193
194
|
};
|
|
194
195
|
|
|
196
|
+
// draft-tls-westerbaan-xyber768d00-03
|
|
195
197
|
class X25519Kyber768KeyShare : public SSLKeyShare {
|
|
196
198
|
public:
|
|
197
199
|
X25519Kyber768KeyShare() {}
|
|
@@ -225,9 +227,7 @@ class X25519Kyber768KeyShare : public SSLKeyShare {
|
|
|
225
227
|
uint8_t x25519_public_key[32];
|
|
226
228
|
X25519_keypair(x25519_public_key, x25519_private_key_);
|
|
227
229
|
KYBER_public_key peer_kyber_pub;
|
|
228
|
-
CBS peer_key_cbs;
|
|
229
|
-
CBS peer_x25519_cbs;
|
|
230
|
-
CBS peer_kyber_cbs;
|
|
230
|
+
CBS peer_key_cbs, peer_x25519_cbs, peer_kyber_cbs;
|
|
231
231
|
CBS_init(&peer_key_cbs, peer_key.data(), peer_key.size());
|
|
232
232
|
if (!CBS_get_bytes(&peer_key_cbs, &peer_x25519_cbs, 32) ||
|
|
233
233
|
!CBS_get_bytes(&peer_key_cbs, &peer_kyber_cbs,
|
|
@@ -282,6 +282,97 @@ class X25519Kyber768KeyShare : public SSLKeyShare {
|
|
|
282
282
|
KYBER_private_key kyber_private_key_;
|
|
283
283
|
};
|
|
284
284
|
|
|
285
|
+
// draft-kwiatkowski-tls-ecdhe-mlkem-01
|
|
286
|
+
class X25519MLKEM768KeyShare : public SSLKeyShare {
|
|
287
|
+
public:
|
|
288
|
+
X25519MLKEM768KeyShare() {}
|
|
289
|
+
|
|
290
|
+
uint16_t GroupID() const override { return SSL_GROUP_X25519_MLKEM768; }
|
|
291
|
+
|
|
292
|
+
bool Generate(CBB *out) override {
|
|
293
|
+
uint8_t mlkem_public_key[MLKEM768_PUBLIC_KEY_BYTES];
|
|
294
|
+
MLKEM768_generate_key(mlkem_public_key, /*optional_out_seed=*/nullptr,
|
|
295
|
+
&mlkem_private_key_);
|
|
296
|
+
|
|
297
|
+
uint8_t x25519_public_key[X25519_PUBLIC_VALUE_LEN];
|
|
298
|
+
X25519_keypair(x25519_public_key, x25519_private_key_);
|
|
299
|
+
|
|
300
|
+
if (!CBB_add_bytes(out, mlkem_public_key, sizeof(mlkem_public_key)) ||
|
|
301
|
+
!CBB_add_bytes(out, x25519_public_key, sizeof(x25519_public_key))) {
|
|
302
|
+
return false;
|
|
303
|
+
}
|
|
304
|
+
|
|
305
|
+
return true;
|
|
306
|
+
}
|
|
307
|
+
|
|
308
|
+
bool Encap(CBB *out_ciphertext, Array<uint8_t> *out_secret,
|
|
309
|
+
uint8_t *out_alert, Span<const uint8_t> peer_key) override {
|
|
310
|
+
Array<uint8_t> secret;
|
|
311
|
+
if (!secret.Init(MLKEM_SHARED_SECRET_BYTES + X25519_SHARED_KEY_LEN)) {
|
|
312
|
+
return false;
|
|
313
|
+
}
|
|
314
|
+
|
|
315
|
+
MLKEM768_public_key peer_mlkem_pub;
|
|
316
|
+
uint8_t x25519_public_key[X25519_PUBLIC_VALUE_LEN];
|
|
317
|
+
X25519_keypair(x25519_public_key, x25519_private_key_);
|
|
318
|
+
CBS peer_key_cbs, peer_mlkem_cbs, peer_x25519_cbs;
|
|
319
|
+
CBS_init(&peer_key_cbs, peer_key.data(), peer_key.size());
|
|
320
|
+
if (!CBS_get_bytes(&peer_key_cbs, &peer_mlkem_cbs,
|
|
321
|
+
MLKEM768_PUBLIC_KEY_BYTES) ||
|
|
322
|
+
!MLKEM768_parse_public_key(&peer_mlkem_pub, &peer_mlkem_cbs) ||
|
|
323
|
+
!CBS_get_bytes(&peer_key_cbs, &peer_x25519_cbs,
|
|
324
|
+
X25519_PUBLIC_VALUE_LEN) ||
|
|
325
|
+
CBS_len(&peer_key_cbs) != 0 ||
|
|
326
|
+
!X25519(secret.data() + MLKEM_SHARED_SECRET_BYTES, x25519_private_key_,
|
|
327
|
+
CBS_data(&peer_x25519_cbs))) {
|
|
328
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
329
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
|
|
330
|
+
return false;
|
|
331
|
+
}
|
|
332
|
+
|
|
333
|
+
uint8_t mlkem_ciphertext[MLKEM768_CIPHERTEXT_BYTES];
|
|
334
|
+
MLKEM768_encap(mlkem_ciphertext, secret.data(), &peer_mlkem_pub);
|
|
335
|
+
|
|
336
|
+
if (!CBB_add_bytes(out_ciphertext, mlkem_ciphertext,
|
|
337
|
+
sizeof(mlkem_ciphertext)) ||
|
|
338
|
+
!CBB_add_bytes(out_ciphertext, x25519_public_key,
|
|
339
|
+
sizeof(x25519_public_key))) {
|
|
340
|
+
return false;
|
|
341
|
+
}
|
|
342
|
+
|
|
343
|
+
*out_secret = std::move(secret);
|
|
344
|
+
return true;
|
|
345
|
+
}
|
|
346
|
+
|
|
347
|
+
bool Decap(Array<uint8_t> *out_secret, uint8_t *out_alert,
|
|
348
|
+
Span<const uint8_t> ciphertext) override {
|
|
349
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
350
|
+
|
|
351
|
+
Array<uint8_t> secret;
|
|
352
|
+
if (!secret.Init(MLKEM_SHARED_SECRET_BYTES + X25519_SHARED_KEY_LEN)) {
|
|
353
|
+
return false;
|
|
354
|
+
}
|
|
355
|
+
|
|
356
|
+
if (ciphertext.size() !=
|
|
357
|
+
MLKEM768_CIPHERTEXT_BYTES + X25519_PUBLIC_VALUE_LEN ||
|
|
358
|
+
!MLKEM768_decap(secret.data(), ciphertext.data(),
|
|
359
|
+
MLKEM768_CIPHERTEXT_BYTES, &mlkem_private_key_) ||
|
|
360
|
+
!X25519(secret.data() + MLKEM_SHARED_SECRET_BYTES, x25519_private_key_,
|
|
361
|
+
ciphertext.data() + MLKEM768_CIPHERTEXT_BYTES)) {
|
|
362
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
363
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECPOINT);
|
|
364
|
+
return false;
|
|
365
|
+
}
|
|
366
|
+
|
|
367
|
+
*out_secret = std::move(secret);
|
|
368
|
+
return true;
|
|
369
|
+
}
|
|
370
|
+
|
|
371
|
+
private:
|
|
372
|
+
uint8_t x25519_private_key_[32];
|
|
373
|
+
MLKEM768_private_key mlkem_private_key_;
|
|
374
|
+
};
|
|
375
|
+
|
|
285
376
|
constexpr NamedGroup kNamedGroups[] = {
|
|
286
377
|
{NID_secp224r1, SSL_GROUP_SECP224R1, "P-224", "secp224r1"},
|
|
287
378
|
{NID_X9_62_prime256v1, SSL_GROUP_SECP256R1, "P-256", "prime256v1"},
|
|
@@ -290,6 +381,7 @@ constexpr NamedGroup kNamedGroups[] = {
|
|
|
290
381
|
{NID_X25519, SSL_GROUP_X25519, "X25519", "x25519"},
|
|
291
382
|
{NID_X25519Kyber768Draft00, SSL_GROUP_X25519_KYBER768_DRAFT00,
|
|
292
383
|
"X25519Kyber768Draft00", ""},
|
|
384
|
+
{NID_X25519MLKEM768, SSL_GROUP_X25519_MLKEM768, "X25519MLKEM768", ""},
|
|
293
385
|
};
|
|
294
386
|
|
|
295
387
|
} // namespace
|
|
@@ -312,6 +404,8 @@ UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
|
|
|
312
404
|
return MakeUnique<X25519KeyShare>();
|
|
313
405
|
case SSL_GROUP_X25519_KYBER768_DRAFT00:
|
|
314
406
|
return MakeUnique<X25519Kyber768KeyShare>();
|
|
407
|
+
case SSL_GROUP_X25519_MLKEM768:
|
|
408
|
+
return MakeUnique<X25519MLKEM768KeyShare>();
|
|
315
409
|
default:
|
|
316
410
|
return nullptr;
|
|
317
411
|
}
|
|
@@ -2954,8 +2954,18 @@ int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
|
|
|
2954
2954
|
|
|
2955
2955
|
uint64_t SSL_get_read_sequence(const SSL *ssl) {
|
|
2956
2956
|
if (SSL_is_dtls(ssl)) {
|
|
2957
|
-
//
|
|
2958
|
-
|
|
2957
|
+
// TODO(crbug.com/42290608): The API for read sequences in DTLS 1.3 needs to
|
|
2958
|
+
// reworked. In DTLS 1.3, the read epoch is updated once new keys are
|
|
2959
|
+
// derived (before we receive a message encrypted with those keys), which
|
|
2960
|
+
// results in the read epoch being ahead of the highest record received.
|
|
2961
|
+
// Additionally, when we process a KeyUpdate, we will install new read keys
|
|
2962
|
+
// for the new epoch, but we may receive messages from the old epoch for
|
|
2963
|
+
// some time if the ACK gets lost or there is reordering.
|
|
2964
|
+
|
|
2965
|
+
// max_seq_num already includes the epoch. However, the current epoch may
|
|
2966
|
+
// be one ahead of the highest record received, immediately after a key
|
|
2967
|
+
// change.
|
|
2968
|
+
assert(ssl->d1->r_epoch >= ssl->d1->bitmap.max_seq_num >> 48);
|
|
2959
2969
|
return ssl->d1->bitmap.max_seq_num;
|
|
2960
2970
|
}
|
|
2961
2971
|
return ssl->s3->read_sequence;
|
|
@@ -3393,6 +3403,21 @@ static int Configure(SSL *ssl) {
|
|
|
3393
3403
|
|
|
3394
3404
|
} // namespace wpa202304
|
|
3395
3405
|
|
|
3406
|
+
namespace cnsa202407 {
|
|
3407
|
+
|
|
3408
|
+
static int Configure(SSL_CTX *ctx) {
|
|
3409
|
+
ctx->tls13_cipher_policy = ssl_compliance_policy_cnsa_202407;
|
|
3410
|
+
return 1;
|
|
3411
|
+
}
|
|
3412
|
+
|
|
3413
|
+
static int Configure(SSL *ssl) {
|
|
3414
|
+
ssl->config->tls13_cipher_policy =
|
|
3415
|
+
ssl_compliance_policy_cnsa_202407;
|
|
3416
|
+
return 1;
|
|
3417
|
+
}
|
|
3418
|
+
|
|
3419
|
+
}
|
|
3420
|
+
|
|
3396
3421
|
int SSL_CTX_set_compliance_policy(SSL_CTX *ctx,
|
|
3397
3422
|
enum ssl_compliance_policy_t policy) {
|
|
3398
3423
|
switch (policy) {
|
|
@@ -3400,6 +3425,8 @@ int SSL_CTX_set_compliance_policy(SSL_CTX *ctx,
|
|
|
3400
3425
|
return fips202205::Configure(ctx);
|
|
3401
3426
|
case ssl_compliance_policy_wpa3_192_202304:
|
|
3402
3427
|
return wpa202304::Configure(ctx);
|
|
3428
|
+
case ssl_compliance_policy_cnsa_202407:
|
|
3429
|
+
return cnsa202407::Configure(ctx);
|
|
3403
3430
|
default:
|
|
3404
3431
|
return 0;
|
|
3405
3432
|
}
|
|
@@ -3411,6 +3438,8 @@ int SSL_set_compliance_policy(SSL *ssl, enum ssl_compliance_policy_t policy) {
|
|
|
3411
3438
|
return fips202205::Configure(ssl);
|
|
3412
3439
|
case ssl_compliance_policy_wpa3_192_202304:
|
|
3413
3440
|
return wpa202304::Configure(ssl);
|
|
3441
|
+
case ssl_compliance_policy_cnsa_202407:
|
|
3442
|
+
return cnsa202407::Configure(ssl);
|
|
3414
3443
|
default:
|
|
3415
3444
|
return 0;
|
|
3416
3445
|
}
|
|
@@ -46,6 +46,10 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
|
|
|
46
46
|
*out = TLS1_2_VERSION;
|
|
47
47
|
return true;
|
|
48
48
|
|
|
49
|
+
case DTLS1_3_EXPERIMENTAL_VERSION:
|
|
50
|
+
*out = TLS1_3_VERSION;
|
|
51
|
+
return true;
|
|
52
|
+
|
|
49
53
|
default:
|
|
50
54
|
return false;
|
|
51
55
|
}
|
|
@@ -62,6 +66,7 @@ static const uint16_t kTLSVersions[] = {
|
|
|
62
66
|
};
|
|
63
67
|
|
|
64
68
|
static const uint16_t kDTLSVersions[] = {
|
|
69
|
+
DTLS1_3_EXPERIMENTAL_VERSION,
|
|
65
70
|
DTLS1_2_VERSION,
|
|
66
71
|
DTLS1_VERSION,
|
|
67
72
|
};
|
|
@@ -99,6 +104,7 @@ static const VersionInfo kVersionNames[] = {
|
|
|
99
104
|
{TLS1_VERSION, "TLSv1"},
|
|
100
105
|
{DTLS1_VERSION, "DTLSv1"},
|
|
101
106
|
{DTLS1_2_VERSION, "DTLSv1.2"},
|
|
107
|
+
{DTLS1_3_EXPERIMENTAL_VERSION, "DTLSv1.3"},
|
|
102
108
|
};
|
|
103
109
|
|
|
104
110
|
static const char *ssl_version_to_string(uint16_t version) {
|
|
@@ -107,11 +107,24 @@ static bool parse_server_hello_tls13(const SSL_HANDSHAKE *hs,
|
|
|
107
107
|
if (!ssl_parse_server_hello(out, out_alert, msg)) {
|
|
108
108
|
return false;
|
|
109
109
|
}
|
|
110
|
+
uint16_t server_hello_version = TLS1_2_VERSION;
|
|
111
|
+
if (SSL_is_dtls(hs->ssl)) {
|
|
112
|
+
server_hello_version = DTLS1_2_VERSION;
|
|
113
|
+
}
|
|
114
|
+
// DTLS 1.3 disables "compatibility mode" (RFC 8446, appendix D.4). When
|
|
115
|
+
// disabled, servers MUST NOT echo the legacy_session_id (RFC 9147, section
|
|
116
|
+
// 5). The client could have sent a session ID indicating its willingness to
|
|
117
|
+
// resume a DTLS 1.2 session, so just checking that the session IDs match is
|
|
118
|
+
// incorrect.
|
|
119
|
+
bool session_id_match =
|
|
120
|
+
(SSL_is_dtls(hs->ssl) && CBS_len(&out->session_id) == 0) ||
|
|
121
|
+
(!SSL_is_dtls(hs->ssl) &&
|
|
122
|
+
CBS_mem_equal(&out->session_id, hs->session_id, hs->session_id_len));
|
|
123
|
+
|
|
110
124
|
// The RFC8446 version of the structure fixes some legacy values.
|
|
111
125
|
// Additionally, the session ID must echo the original one.
|
|
112
|
-
if (out->legacy_version !=
|
|
113
|
-
out->compression_method != 0 ||
|
|
114
|
-
!CBS_mem_equal(&out->session_id, hs->session_id, hs->session_id_len) ||
|
|
126
|
+
if (out->legacy_version != server_hello_version ||
|
|
127
|
+
out->compression_method != 0 || !session_id_match ||
|
|
115
128
|
CBS_len(&out->extensions) == 0) {
|
|
116
129
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
117
130
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
@@ -1117,7 +1130,8 @@ UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl, CBS *body) {
|
|
|
1117
1130
|
session->timeout = server_timeout;
|
|
1118
1131
|
}
|
|
1119
1132
|
|
|
1120
|
-
if (!tls13_derive_session_psk(session.get(), ticket_nonce
|
|
1133
|
+
if (!tls13_derive_session_psk(session.get(), ticket_nonce,
|
|
1134
|
+
SSL_is_dtls(ssl))) {
|
|
1121
1135
|
return nullptr;
|
|
1122
1136
|
}
|
|
1123
1137
|
|
|
@@ -92,10 +92,50 @@ static Span<const char> label_to_span(const char *label) {
|
|
|
92
92
|
return MakeConstSpan(label, strlen(label));
|
|
93
93
|
}
|
|
94
94
|
|
|
95
|
+
static bool hkdf_expand_label_with_prefix(Span<uint8_t> out,
|
|
96
|
+
const EVP_MD *digest,
|
|
97
|
+
Span<const uint8_t> secret,
|
|
98
|
+
Span<const uint8_t> label_prefix,
|
|
99
|
+
Span<const char> label,
|
|
100
|
+
Span<const uint8_t> hash) {
|
|
101
|
+
// This is a copy of CRYPTO_tls13_hkdf_expand_label, but modified to take an
|
|
102
|
+
// arbitrary prefix for the label instead of using the hardcoded "tls13 "
|
|
103
|
+
// prefix.
|
|
104
|
+
CBB cbb, child;
|
|
105
|
+
uint8_t *hkdf_label = NULL;
|
|
106
|
+
size_t hkdf_label_len;
|
|
107
|
+
CBB_zero(&cbb);
|
|
108
|
+
if (!CBB_init(&cbb,
|
|
109
|
+
2 + 1 + label_prefix.size() + label.size() + 1 + hash.size()) ||
|
|
110
|
+
!CBB_add_u16(&cbb, out.size()) ||
|
|
111
|
+
!CBB_add_u8_length_prefixed(&cbb, &child) ||
|
|
112
|
+
!CBB_add_bytes(&child, label_prefix.data(), label_prefix.size()) ||
|
|
113
|
+
!CBB_add_bytes(&child, reinterpret_cast<const uint8_t *>(label.data()),
|
|
114
|
+
label.size()) ||
|
|
115
|
+
!CBB_add_u8_length_prefixed(&cbb, &child) ||
|
|
116
|
+
!CBB_add_bytes(&child, hash.data(), hash.size()) ||
|
|
117
|
+
!CBB_finish(&cbb, &hkdf_label, &hkdf_label_len)) {
|
|
118
|
+
CBB_cleanup(&cbb);
|
|
119
|
+
return false;
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
const int ret = HKDF_expand(out.data(), out.size(), digest, secret.data(),
|
|
123
|
+
secret.size(), hkdf_label, hkdf_label_len);
|
|
124
|
+
OPENSSL_free(hkdf_label);
|
|
125
|
+
return ret == 1;
|
|
126
|
+
}
|
|
127
|
+
|
|
95
128
|
static bool hkdf_expand_label(Span<uint8_t> out, const EVP_MD *digest,
|
|
96
129
|
Span<const uint8_t> secret,
|
|
97
|
-
Span<const char> label,
|
|
98
|
-
|
|
130
|
+
Span<const char> label, Span<const uint8_t> hash,
|
|
131
|
+
bool is_dtls) {
|
|
132
|
+
if (is_dtls) {
|
|
133
|
+
static const uint8_t kDTLS13LabelPrefix[] = "dtls13";
|
|
134
|
+
return hkdf_expand_label_with_prefix(
|
|
135
|
+
out, digest, secret,
|
|
136
|
+
MakeConstSpan(kDTLS13LabelPrefix, sizeof(kDTLS13LabelPrefix) - 1),
|
|
137
|
+
label, hash);
|
|
138
|
+
}
|
|
99
139
|
return CRYPTO_tls13_hkdf_expand_label(
|
|
100
140
|
out.data(), out.size(), digest, secret.data(), secret.size(),
|
|
101
141
|
reinterpret_cast<const uint8_t *>(label.data()), label.size(),
|
|
@@ -111,7 +151,8 @@ bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, Span<const uint8_t> in) {
|
|
|
111
151
|
hs->transcript.Digest(), nullptr) &&
|
|
112
152
|
hkdf_expand_label(hs->secret(), hs->transcript.Digest(), hs->secret(),
|
|
113
153
|
label_to_span(kTLS13LabelDerived),
|
|
114
|
-
MakeConstSpan(derive_context, derive_context_len)
|
|
154
|
+
MakeConstSpan(derive_context, derive_context_len),
|
|
155
|
+
SSL_is_dtls(hs->ssl)) &&
|
|
115
156
|
hkdf_extract_to_secret(hs, hs->transcript, in);
|
|
116
157
|
}
|
|
117
158
|
|
|
@@ -129,7 +170,8 @@ static bool derive_secret_with_transcript(const SSL_HANDSHAKE *hs,
|
|
|
129
170
|
}
|
|
130
171
|
|
|
131
172
|
return hkdf_expand_label(out, transcript.Digest(), hs->secret(), label,
|
|
132
|
-
MakeConstSpan(context_hash, context_hash_len)
|
|
173
|
+
MakeConstSpan(context_hash, context_hash_len),
|
|
174
|
+
SSL_is_dtls(hs->ssl));
|
|
133
175
|
}
|
|
134
176
|
|
|
135
177
|
static bool derive_secret(SSL_HANDSHAKE *hs, Span<uint8_t> out,
|
|
@@ -142,6 +184,8 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
|
|
142
184
|
const SSL_SESSION *session,
|
|
143
185
|
Span<const uint8_t> traffic_secret) {
|
|
144
186
|
uint16_t version = ssl_session_protocol_version(session);
|
|
187
|
+
const EVP_MD *digest = ssl_session_get_digest(session);
|
|
188
|
+
bool is_dtls = SSL_is_dtls(ssl);
|
|
145
189
|
UniquePtr<SSLAEADContext> traffic_aead;
|
|
146
190
|
Span<const uint8_t> secret_for_quic;
|
|
147
191
|
if (ssl->quic_method != nullptr) {
|
|
@@ -155,18 +199,16 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
|
|
155
199
|
const EVP_AEAD *aead;
|
|
156
200
|
size_t discard;
|
|
157
201
|
if (!ssl_cipher_get_evp_aead(&aead, &discard, &discard, session->cipher,
|
|
158
|
-
version,
|
|
202
|
+
version, is_dtls)) {
|
|
159
203
|
return false;
|
|
160
204
|
}
|
|
161
205
|
|
|
162
|
-
const EVP_MD *digest = ssl_session_get_digest(session);
|
|
163
|
-
|
|
164
206
|
// Derive the key.
|
|
165
207
|
size_t key_len = EVP_AEAD_key_length(aead);
|
|
166
208
|
uint8_t key_buf[EVP_AEAD_MAX_KEY_LENGTH];
|
|
167
209
|
auto key = MakeSpan(key_buf, key_len);
|
|
168
210
|
if (!hkdf_expand_label(key, digest, traffic_secret, label_to_span("key"),
|
|
169
|
-
{})) {
|
|
211
|
+
{}, is_dtls)) {
|
|
170
212
|
return false;
|
|
171
213
|
}
|
|
172
214
|
|
|
@@ -174,20 +216,35 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
|
|
174
216
|
size_t iv_len = EVP_AEAD_nonce_length(aead);
|
|
175
217
|
uint8_t iv_buf[EVP_AEAD_MAX_NONCE_LENGTH];
|
|
176
218
|
auto iv = MakeSpan(iv_buf, iv_len);
|
|
177
|
-
if (!hkdf_expand_label(iv, digest, traffic_secret, label_to_span("iv"),
|
|
178
|
-
|
|
219
|
+
if (!hkdf_expand_label(iv, digest, traffic_secret, label_to_span("iv"), {},
|
|
220
|
+
is_dtls)) {
|
|
179
221
|
return false;
|
|
180
222
|
}
|
|
181
223
|
|
|
182
|
-
traffic_aead =
|
|
183
|
-
|
|
184
|
-
|
|
224
|
+
traffic_aead =
|
|
225
|
+
SSLAEADContext::Create(direction, session->ssl_version, is_dtls,
|
|
226
|
+
session->cipher, key, Span<const uint8_t>(), iv);
|
|
185
227
|
}
|
|
186
228
|
|
|
187
229
|
if (!traffic_aead) {
|
|
188
230
|
return false;
|
|
189
231
|
}
|
|
190
232
|
|
|
233
|
+
if (is_dtls) {
|
|
234
|
+
RecordNumberEncrypter *rn_encrypter =
|
|
235
|
+
traffic_aead->GetRecordNumberEncrypter();
|
|
236
|
+
if (!rn_encrypter) {
|
|
237
|
+
return false;
|
|
238
|
+
}
|
|
239
|
+
Array<uint8_t> rne_key;
|
|
240
|
+
if (!rne_key.Init(rn_encrypter->KeySize()) ||
|
|
241
|
+
!hkdf_expand_label(MakeSpan(rne_key), digest, traffic_secret,
|
|
242
|
+
label_to_span("sn"), {}, is_dtls) ||
|
|
243
|
+
!rn_encrypter->SetKey(MakeSpan(rne_key))) {
|
|
244
|
+
return false;
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
|
|
191
248
|
if (traffic_secret.size() >
|
|
192
249
|
OPENSSL_ARRAY_SIZE(ssl->s3->read_traffic_secret) ||
|
|
193
250
|
traffic_secret.size() >
|
|
@@ -297,7 +354,8 @@ bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) {
|
|
|
297
354
|
const SSL_SESSION *session = SSL_get_session(ssl);
|
|
298
355
|
const EVP_MD *digest = ssl_session_get_digest(session);
|
|
299
356
|
return hkdf_expand_label(secret, digest, secret,
|
|
300
|
-
label_to_span(kTLS13LabelApplicationTraffic), {}
|
|
357
|
+
label_to_span(kTLS13LabelApplicationTraffic), {},
|
|
358
|
+
SSL_is_dtls(ssl)) &&
|
|
301
359
|
tls13_set_traffic_key(ssl, ssl_encryption_application, direction,
|
|
302
360
|
session, secret);
|
|
303
361
|
}
|
|
@@ -323,12 +381,12 @@ static const char kTLS13LabelFinished[] = "finished";
|
|
|
323
381
|
static bool tls13_verify_data(uint8_t *out, size_t *out_len,
|
|
324
382
|
const EVP_MD *digest, uint16_t version,
|
|
325
383
|
Span<const uint8_t> secret,
|
|
326
|
-
Span<const uint8_t> context) {
|
|
384
|
+
Span<const uint8_t> context, bool is_dtls) {
|
|
327
385
|
uint8_t key_buf[EVP_MAX_MD_SIZE];
|
|
328
386
|
auto key = MakeSpan(key_buf, EVP_MD_size(digest));
|
|
329
387
|
unsigned len;
|
|
330
388
|
if (!hkdf_expand_label(key, digest, secret,
|
|
331
|
-
label_to_span(kTLS13LabelFinished), {}) ||
|
|
389
|
+
label_to_span(kTLS13LabelFinished), {}, is_dtls) ||
|
|
332
390
|
HMAC(digest, key.data(), key.size(), context.data(), context.size(), out,
|
|
333
391
|
&len) == nullptr) {
|
|
334
392
|
return false;
|
|
@@ -347,7 +405,8 @@ bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
|
|
|
347
405
|
if (!hs->transcript.GetHash(context_hash, &context_hash_len) ||
|
|
348
406
|
!tls13_verify_data(out, out_len, hs->transcript.Digest(),
|
|
349
407
|
hs->ssl->version, traffic_secret,
|
|
350
|
-
MakeConstSpan(context_hash, context_hash_len)
|
|
408
|
+
MakeConstSpan(context_hash, context_hash_len),
|
|
409
|
+
SSL_is_dtls(hs->ssl))) {
|
|
351
410
|
return false;
|
|
352
411
|
}
|
|
353
412
|
return true;
|
|
@@ -355,13 +414,15 @@ bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
|
|
|
355
414
|
|
|
356
415
|
static const char kTLS13LabelResumptionPSK[] = "resumption";
|
|
357
416
|
|
|
358
|
-
bool tls13_derive_session_psk(SSL_SESSION *session, Span<const uint8_t> nonce
|
|
417
|
+
bool tls13_derive_session_psk(SSL_SESSION *session, Span<const uint8_t> nonce,
|
|
418
|
+
bool is_dtls) {
|
|
359
419
|
const EVP_MD *digest = ssl_session_get_digest(session);
|
|
360
420
|
// The session initially stores the resumption_master_secret, which we
|
|
361
421
|
// override with the PSK.
|
|
362
422
|
auto session_secret = MakeSpan(session->secret, session->secret_length);
|
|
363
423
|
return hkdf_expand_label(session_secret, digest, session_secret,
|
|
364
|
-
label_to_span(kTLS13LabelResumptionPSK), nonce
|
|
424
|
+
label_to_span(kTLS13LabelResumptionPSK), nonce,
|
|
425
|
+
is_dtls);
|
|
365
426
|
}
|
|
366
427
|
|
|
367
428
|
static const char kTLS13LabelExportKeying[] = "exporter";
|
|
@@ -394,9 +455,10 @@ bool tls13_export_keying_material(SSL *ssl, Span<uint8_t> out,
|
|
|
394
455
|
uint8_t derived_secret_buf[EVP_MAX_MD_SIZE];
|
|
395
456
|
auto derived_secret = MakeSpan(derived_secret_buf, EVP_MD_size(digest));
|
|
396
457
|
return hkdf_expand_label(derived_secret, digest, secret, label,
|
|
397
|
-
export_context) &&
|
|
458
|
+
export_context, SSL_is_dtls(ssl)) &&
|
|
398
459
|
hkdf_expand_label(out, digest, derived_secret,
|
|
399
|
-
label_to_span(kTLS13LabelExportKeying), hash
|
|
460
|
+
label_to_span(kTLS13LabelExportKeying), hash,
|
|
461
|
+
SSL_is_dtls(ssl));
|
|
400
462
|
}
|
|
401
463
|
|
|
402
464
|
static const char kTLS13LabelPSKBinder[] = "res binder";
|
|
@@ -405,7 +467,7 @@ static bool tls13_psk_binder(uint8_t *out, size_t *out_len,
|
|
|
405
467
|
const SSL_SESSION *session,
|
|
406
468
|
const SSLTranscript &transcript,
|
|
407
469
|
Span<const uint8_t> client_hello,
|
|
408
|
-
size_t binders_len) {
|
|
470
|
+
size_t binders_len, bool is_dtls) {
|
|
409
471
|
const EVP_MD *digest = ssl_session_get_digest(session);
|
|
410
472
|
|
|
411
473
|
// Compute the binder key.
|
|
@@ -422,10 +484,10 @@ static bool tls13_psk_binder(uint8_t *out, size_t *out_len,
|
|
|
422
484
|
nullptr) ||
|
|
423
485
|
!HKDF_extract(early_secret, &early_secret_len, digest, session->secret,
|
|
424
486
|
session->secret_length, nullptr, 0) ||
|
|
425
|
-
!hkdf_expand_label(
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
487
|
+
!hkdf_expand_label(
|
|
488
|
+
binder_key, digest, MakeConstSpan(early_secret, early_secret_len),
|
|
489
|
+
label_to_span(kTLS13LabelPSKBinder),
|
|
490
|
+
MakeConstSpan(binder_context, binder_context_len), is_dtls)) {
|
|
429
491
|
return false;
|
|
430
492
|
}
|
|
431
493
|
|
|
@@ -446,7 +508,7 @@ static bool tls13_psk_binder(uint8_t *out, size_t *out_len,
|
|
|
446
508
|
}
|
|
447
509
|
|
|
448
510
|
if (!tls13_verify_data(out, out_len, digest, session->ssl_version, binder_key,
|
|
449
|
-
MakeConstSpan(context, context_len))) {
|
|
511
|
+
MakeConstSpan(context, context_len), is_dtls)) {
|
|
450
512
|
return false;
|
|
451
513
|
}
|
|
452
514
|
|
|
@@ -467,7 +529,7 @@ bool tls13_write_psk_binder(const SSL_HANDSHAKE *hs,
|
|
|
467
529
|
uint8_t verify_data[EVP_MAX_MD_SIZE];
|
|
468
530
|
size_t verify_data_len;
|
|
469
531
|
if (!tls13_psk_binder(verify_data, &verify_data_len, ssl->session.get(),
|
|
470
|
-
transcript, msg, binders_len) ||
|
|
532
|
+
transcript, msg, binders_len, SSL_is_dtls(hs->ssl)) ||
|
|
471
533
|
verify_data_len != hash_len) {
|
|
472
534
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
473
535
|
return false;
|
|
@@ -491,7 +553,7 @@ bool tls13_verify_psk_binder(const SSL_HANDSHAKE *hs,
|
|
|
491
553
|
// prefix removed. The caller is assumed to have parsed |msg|, extracted
|
|
492
554
|
// |binders|, and verified the PSK extension is last.
|
|
493
555
|
if (!tls13_psk_binder(verify_data, &verify_data_len, session, hs->transcript,
|
|
494
|
-
msg.raw, 2 + CBS_len(binders)) ||
|
|
556
|
+
msg.raw, 2 + CBS_len(binders), SSL_is_dtls(hs->ssl)) ||
|
|
495
557
|
// We only consider the first PSK, so compare against the first binder.
|
|
496
558
|
!CBS_get_u8_length_prefixed(binders, &binder)) {
|
|
497
559
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
@@ -556,11 +618,11 @@ bool ssl_ech_accept_confirmation(const SSL_HANDSHAKE *hs, Span<uint8_t> out,
|
|
|
556
618
|
}
|
|
557
619
|
|
|
558
620
|
assert(out.size() == ECH_CONFIRMATION_SIGNAL_LEN);
|
|
559
|
-
return hkdf_expand_label(
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
621
|
+
return hkdf_expand_label(
|
|
622
|
+
out, transcript.Digest(), MakeConstSpan(secret, secret_len),
|
|
623
|
+
is_hrr ? label_to_span("hrr ech accept confirmation")
|
|
624
|
+
: label_to_span("ech accept confirmation"),
|
|
625
|
+
MakeConstSpan(context, context_len), SSL_is_dtls(hs->ssl));
|
|
564
626
|
}
|
|
565
627
|
|
|
566
628
|
BSSL_NAMESPACE_END
|
|
@@ -175,7 +175,7 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) {
|
|
|
175
175
|
!CBB_add_u8_length_prefixed(&body, &nonce_cbb) ||
|
|
176
176
|
!CBB_add_bytes(&nonce_cbb, nonce, sizeof(nonce)) ||
|
|
177
177
|
!CBB_add_u16_length_prefixed(&body, &ticket) ||
|
|
178
|
-
!tls13_derive_session_psk(session.get(), nonce) ||
|
|
178
|
+
!tls13_derive_session_psk(session.get(), nonce, SSL_is_dtls(ssl)) ||
|
|
179
179
|
!ssl_encrypt_ticket(hs, &ticket, session.get()) ||
|
|
180
180
|
!CBB_add_u16_length_prefixed(&body, &extensions)) {
|
|
181
181
|
return false;
|
|
@@ -244,9 +244,15 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) {
|
|
|
244
244
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
|
245
245
|
return ssl_hs_error;
|
|
246
246
|
}
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
247
|
+
// DTLS 1.3 disables compatibility mode, and even if the client advertised a
|
|
248
|
+
// session ID (for resumption in DTLS 1.2), the server "MUST NOT echo the
|
|
249
|
+
// 'legacy_session_id' value from the client" (RFC 9147, section 5) as it
|
|
250
|
+
// would in a TLS 1.3 handshake.
|
|
251
|
+
if (!SSL_is_dtls(ssl)) {
|
|
252
|
+
OPENSSL_memcpy(hs->session_id, client_hello.session_id,
|
|
253
|
+
client_hello.session_id_len);
|
|
254
|
+
hs->session_id_len = client_hello.session_id_len;
|
|
255
|
+
}
|
|
250
256
|
|
|
251
257
|
Array<SSL_CREDENTIAL *> creds;
|
|
252
258
|
if (!ssl_get_credential_list(hs, &creds)) {
|
|
@@ -792,11 +798,15 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
|
792
798
|
}
|
|
793
799
|
}
|
|
794
800
|
|
|
801
|
+
uint16_t server_hello_version = TLS1_2_VERSION;
|
|
802
|
+
if (SSL_is_dtls(ssl)) {
|
|
803
|
+
server_hello_version = DTLS1_2_VERSION;
|
|
804
|
+
}
|
|
795
805
|
Array<uint8_t> server_hello;
|
|
796
806
|
ScopedCBB cbb;
|
|
797
807
|
CBB body, extensions, session_id;
|
|
798
808
|
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_HELLO) ||
|
|
799
|
-
!CBB_add_u16(&body,
|
|
809
|
+
!CBB_add_u16(&body, server_hello_version) ||
|
|
800
810
|
!CBB_add_bytes(&body, ssl->s3->server_random,
|
|
801
811
|
sizeof(ssl->s3->server_random)) ||
|
|
802
812
|
!CBB_add_u8_length_prefixed(&body, &session_id) ||
|
|
@@ -140,7 +140,7 @@ static const uint8_t kMaxWarningAlerts = 4;
|
|
|
140
140
|
|
|
141
141
|
// ssl_needs_record_splitting returns one if |ssl|'s current outgoing cipher
|
|
142
142
|
// state needs record-splitting and zero otherwise.
|
|
143
|
-
|
|
143
|
+
bool ssl_needs_record_splitting(const SSL *ssl) {
|
|
144
144
|
#if !defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
145
145
|
return !ssl->s3->aead_write_ctx->is_null_cipher() &&
|
|
146
146
|
ssl->s3->aead_write_ctx->ProtocolVersion() < TLS1_1_VERSION &&
|
|
@@ -152,28 +152,8 @@ static bool ssl_needs_record_splitting(const SSL *ssl) {
|
|
|
152
152
|
}
|
|
153
153
|
|
|
154
154
|
size_t ssl_record_prefix_len(const SSL *ssl) {
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
header_len = DTLS1_RT_HEADER_LENGTH;
|
|
158
|
-
} else {
|
|
159
|
-
header_len = SSL3_RT_HEADER_LENGTH;
|
|
160
|
-
}
|
|
161
|
-
|
|
162
|
-
return header_len + ssl->s3->aead_read_ctx->ExplicitNonceLen();
|
|
163
|
-
}
|
|
164
|
-
|
|
165
|
-
size_t ssl_seal_align_prefix_len(const SSL *ssl) {
|
|
166
|
-
if (SSL_is_dtls(ssl)) {
|
|
167
|
-
return DTLS1_RT_HEADER_LENGTH + ssl->s3->aead_write_ctx->ExplicitNonceLen();
|
|
168
|
-
}
|
|
169
|
-
|
|
170
|
-
size_t ret =
|
|
171
|
-
SSL3_RT_HEADER_LENGTH + ssl->s3->aead_write_ctx->ExplicitNonceLen();
|
|
172
|
-
if (ssl_needs_record_splitting(ssl)) {
|
|
173
|
-
ret += SSL3_RT_HEADER_LENGTH;
|
|
174
|
-
ret += ssl_cipher_get_record_split_len(ssl->s3->aead_write_ctx->cipher());
|
|
175
|
-
}
|
|
176
|
-
return ret;
|
|
155
|
+
assert(!SSL_is_dtls(ssl));
|
|
156
|
+
return SSL3_RT_HEADER_LENGTH + ssl->s3->aead_read_ctx->ExplicitNonceLen();
|
|
177
157
|
}
|
|
178
158
|
|
|
179
159
|
static ssl_open_record_t skip_early_data(SSL *ssl, uint8_t *out_alert,
|