grpc 1.69.0 → 1.70.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +251 -249
- data/include/grpc/support/atm.h +0 -13
- data/src/core/call/request_buffer.cc +224 -0
- data/src/core/call/request_buffer.h +192 -0
- data/src/core/client_channel/client_channel.cc +2 -3
- data/src/core/client_channel/client_channel_args.h +21 -0
- data/src/core/client_channel/client_channel_filter.h +1 -3
- data/src/core/client_channel/retry_interceptor.cc +406 -0
- data/src/core/client_channel/retry_interceptor.h +157 -0
- data/src/core/client_channel/retry_service_config.h +13 -0
- data/src/core/client_channel/retry_throttle.cc +33 -18
- data/src/core/client_channel/retry_throttle.h +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
- data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
- data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
- data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
- data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
- data/src/core/filter/filter_args.h +112 -0
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
- data/src/core/lib/channel/promise_based_filter.h +5 -79
- data/src/core/lib/debug/trace_flags.cc +2 -0
- data/src/core/lib/debug/trace_flags.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
- data/src/core/lib/experiments/experiments.cc +90 -39
- data/src/core/lib/experiments/experiments.h +43 -24
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
- data/src/core/lib/promise/activity.cc +2 -0
- data/src/core/lib/promise/activity.h +29 -8
- data/src/core/lib/promise/map.h +42 -0
- data/src/core/lib/promise/party.cc +36 -1
- data/src/core/lib/promise/party.h +13 -5
- data/src/core/lib/promise/sleep.h +1 -0
- data/src/core/lib/promise/status_flag.h +10 -0
- data/src/core/lib/resource_quota/arena.h +8 -0
- data/src/core/lib/resource_quota/connection_quota.h +4 -0
- data/src/core/lib/surface/call_utils.h +2 -0
- data/src/core/lib/surface/client_call.cc +43 -35
- data/src/core/lib/surface/client_call.h +5 -0
- data/src/core/lib/surface/event_string.cc +7 -1
- data/src/core/lib/surface/init_internally.h +13 -2
- data/src/core/lib/surface/server_call.cc +100 -85
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/call_filters.cc +10 -4
- data/src/core/lib/transport/call_filters.h +8 -0
- data/src/core/lib/transport/call_spine.cc +36 -71
- data/src/core/lib/transport/call_spine.h +131 -7
- data/src/core/lib/transport/call_state.h +132 -39
- data/src/core/lib/transport/interception_chain.cc +8 -0
- data/src/core/lib/transport/interception_chain.h +9 -0
- data/src/core/load_balancing/endpoint_list.cc +10 -0
- data/src/core/load_balancing/endpoint_list.h +13 -6
- data/src/core/load_balancing/lb_policy.h +0 -8
- data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
- data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
- data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
- data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
- data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
- data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
- data/src/core/resolver/xds/xds_resolver.cc +28 -47
- data/src/core/server/server.cc +290 -24
- data/src/core/server/server.h +199 -61
- data/src/core/server/xds_server_config_fetcher.cc +78 -142
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/util/backoff.cc +15 -4
- data/src/core/util/http_client/httpcli.cc +66 -18
- data/src/core/util/http_client/httpcli.h +14 -4
- data/src/core/util/matchers.h +5 -10
- data/src/core/util/ref_counted.h +1 -0
- data/src/core/util/ref_counted_ptr.h +1 -1
- data/src/core/util/useful.h +9 -11
- data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
- data/src/core/xds/grpc/xds_metadata.h +8 -0
- data/src/core/xds/xds_client/xds_api.cc +0 -223
- data/src/core/xds/xds_client/xds_api.h +1 -133
- data/src/core/xds/xds_client/xds_client.cc +599 -466
- data/src/core/xds/xds_client/xds_client.h +107 -26
- data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
- data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
- data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
- data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
- data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
- data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
- data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
- data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
- data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
- data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
- metadata +339 -339
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
- data/src/core/util/atm.cc +0 -34
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
|
@@ -154,8 +154,8 @@
|
|
|
154
154
|
#include <openssl/mem.h>
|
|
155
155
|
#include <openssl/rand.h>
|
|
156
156
|
|
|
157
|
-
#include "internal.h"
|
|
158
157
|
#include "../crypto/internal.h"
|
|
158
|
+
#include "internal.h"
|
|
159
159
|
|
|
160
160
|
#if defined(OPENSSL_WINDOWS)
|
|
161
161
|
#include <sys/timeb.h>
|
|
@@ -213,7 +213,7 @@ void ssl_reset_error_state(SSL *ssl) {
|
|
|
213
213
|
ERR_clear_system_error();
|
|
214
214
|
}
|
|
215
215
|
|
|
216
|
-
void ssl_set_read_error(SSL*
|
|
216
|
+
void ssl_set_read_error(SSL *ssl) {
|
|
217
217
|
ssl->s3->read_shutdown = ssl_shutdown_error;
|
|
218
218
|
ssl->s3->read_error.reset(ERR_save_state());
|
|
219
219
|
}
|
|
@@ -287,7 +287,7 @@ static uint8_t hex_char_consttime(uint8_t b) {
|
|
|
287
287
|
|
|
288
288
|
static bool cbb_add_hex_consttime(CBB *cbb, Span<const uint8_t> in) {
|
|
289
289
|
uint8_t *out;
|
|
290
|
-
if (!CBB_add_space(cbb, &out, in.size() * 2)) {
|
|
290
|
+
if (!CBB_add_space(cbb, &out, in.size() * 2)) {
|
|
291
291
|
return false;
|
|
292
292
|
}
|
|
293
293
|
|
|
@@ -364,14 +364,7 @@ void ssl_do_msg_callback(const SSL *ssl, int is_write, int content_type,
|
|
|
364
364
|
const_cast<SSL *>(ssl), ssl->msg_callback_arg);
|
|
365
365
|
}
|
|
366
366
|
|
|
367
|
-
|
|
368
|
-
// TODO(martinkr): Change callers to |ssl_ctx_get_current_time| and drop the
|
|
369
|
-
// |ssl| arg from |current_time_cb| if possible.
|
|
370
|
-
ssl_ctx_get_current_time(ssl->ctx.get(), out_clock);
|
|
371
|
-
}
|
|
372
|
-
|
|
373
|
-
void ssl_ctx_get_current_time(const SSL_CTX *ctx,
|
|
374
|
-
struct OPENSSL_timeval *out_clock) {
|
|
367
|
+
OPENSSL_timeval ssl_ctx_get_current_time(const SSL_CTX *ctx) {
|
|
375
368
|
if (ctx->current_time_cb != NULL) {
|
|
376
369
|
// TODO(davidben): Update current_time_cb to use OPENSSL_timeval. See
|
|
377
370
|
// https://crbug.com/boringssl/155.
|
|
@@ -379,54 +372,47 @@ void ssl_ctx_get_current_time(const SSL_CTX *ctx,
|
|
|
379
372
|
ctx->current_time_cb(nullptr /* ssl */, &clock);
|
|
380
373
|
if (clock.tv_sec < 0) {
|
|
381
374
|
assert(0);
|
|
382
|
-
|
|
383
|
-
out_clock->tv_usec = 0;
|
|
375
|
+
return {0, 0};
|
|
384
376
|
} else {
|
|
385
|
-
|
|
386
|
-
|
|
377
|
+
return {static_cast<uint64_t>(clock.tv_sec),
|
|
378
|
+
static_cast<uint32_t>(clock.tv_usec)};
|
|
387
379
|
}
|
|
388
|
-
return;
|
|
389
380
|
}
|
|
390
381
|
|
|
391
382
|
#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
|
392
|
-
|
|
393
|
-
out_clock->tv_usec = 1234;
|
|
383
|
+
return {1234, 1234};
|
|
394
384
|
#elif defined(OPENSSL_WINDOWS)
|
|
395
385
|
struct _timeb time;
|
|
396
386
|
_ftime(&time);
|
|
397
387
|
if (time.time < 0) {
|
|
398
388
|
assert(0);
|
|
399
|
-
|
|
400
|
-
out_clock->tv_usec = 0;
|
|
389
|
+
return {0, 0};
|
|
401
390
|
} else {
|
|
402
|
-
|
|
403
|
-
|
|
391
|
+
return {static_cast<uint64_t>(time.time),
|
|
392
|
+
static_cast<uint32_t>(time.millitm * 1000)};
|
|
404
393
|
}
|
|
405
394
|
#else
|
|
406
395
|
struct timeval clock;
|
|
407
396
|
gettimeofday(&clock, NULL);
|
|
408
397
|
if (clock.tv_sec < 0) {
|
|
409
398
|
assert(0);
|
|
410
|
-
|
|
411
|
-
out_clock->tv_usec = 0;
|
|
399
|
+
return {0, 0};
|
|
412
400
|
} else {
|
|
413
|
-
|
|
414
|
-
|
|
401
|
+
return {static_cast<uint64_t>(clock.tv_sec),
|
|
402
|
+
static_cast<uint32_t>(clock.tv_usec)};
|
|
415
403
|
}
|
|
416
404
|
#endif
|
|
417
405
|
}
|
|
418
406
|
|
|
419
|
-
void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) {
|
|
420
|
-
ctx->handoff = on;
|
|
421
|
-
}
|
|
407
|
+
void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) { ctx->handoff = on; }
|
|
422
408
|
|
|
423
409
|
static bool ssl_can_renegotiate(const SSL *ssl) {
|
|
424
410
|
if (ssl->server || SSL_is_dtls(ssl)) {
|
|
425
411
|
return false;
|
|
426
412
|
}
|
|
427
413
|
|
|
428
|
-
if (ssl->s3->
|
|
429
|
-
ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
414
|
+
if (ssl->s3->version != 0 //
|
|
415
|
+
&& ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
430
416
|
return false;
|
|
431
417
|
}
|
|
432
418
|
|
|
@@ -452,9 +438,9 @@ static bool ssl_can_renegotiate(const SSL *ssl) {
|
|
|
452
438
|
}
|
|
453
439
|
|
|
454
440
|
static void ssl_maybe_shed_handshake_config(SSL *ssl) {
|
|
455
|
-
if (ssl->s3->hs != nullptr ||
|
|
456
|
-
ssl->config == nullptr ||
|
|
457
|
-
!ssl->config->shed_handshake_config ||
|
|
441
|
+
if (ssl->s3->hs != nullptr || //
|
|
442
|
+
ssl->config == nullptr || //
|
|
443
|
+
!ssl->config->shed_handshake_config || //
|
|
458
444
|
ssl_can_renegotiate(ssl)) {
|
|
459
445
|
return;
|
|
460
446
|
}
|
|
@@ -472,8 +458,10 @@ void SSL_set_handoff_mode(SSL *ssl, bool on) {
|
|
|
472
458
|
bool SSL_get_traffic_secrets(const SSL *ssl,
|
|
473
459
|
Span<const uint8_t> *out_read_traffic_secret,
|
|
474
460
|
Span<const uint8_t> *out_write_traffic_secret) {
|
|
475
|
-
|
|
476
|
-
|
|
461
|
+
// This API is not well-defined for DTLS 1.3 (see https://crbug.com/42290608)
|
|
462
|
+
// or QUIC, where multiple epochs may be alive at once.
|
|
463
|
+
if (SSL_is_dtls(ssl) || SSL_is_quic(ssl)) {
|
|
464
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
477
465
|
return false;
|
|
478
466
|
}
|
|
479
467
|
|
|
@@ -482,11 +470,13 @@ bool SSL_get_traffic_secrets(const SSL *ssl,
|
|
|
482
470
|
return false;
|
|
483
471
|
}
|
|
484
472
|
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
473
|
+
if (SSL_version(ssl) < TLS1_3_VERSION) {
|
|
474
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
|
|
475
|
+
return false;
|
|
476
|
+
}
|
|
489
477
|
|
|
478
|
+
*out_read_traffic_secret = ssl->s3->read_traffic_secret;
|
|
479
|
+
*out_write_traffic_secret = ssl->s3->write_traffic_secret;
|
|
490
480
|
return true;
|
|
491
481
|
}
|
|
492
482
|
|
|
@@ -512,16 +502,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
|
|
|
512
502
|
}
|
|
513
503
|
|
|
514
504
|
static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
|
|
515
|
-
return ssl_hash_session_id(
|
|
516
|
-
MakeConstSpan(sess->session_id, sess->session_id_length));
|
|
505
|
+
return ssl_hash_session_id(sess->session_id);
|
|
517
506
|
}
|
|
518
507
|
|
|
519
508
|
static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
|
|
520
|
-
|
|
521
|
-
return 1;
|
|
522
|
-
}
|
|
523
|
-
|
|
524
|
-
return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
|
|
509
|
+
return MakeConstSpan(a->session_id) == b->session_id ? 0 : 1;
|
|
525
510
|
}
|
|
526
511
|
|
|
527
512
|
ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
|
|
@@ -572,10 +557,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
|
|
|
572
557
|
ret->cert = MakeUnique<CERT>(method->x509_method);
|
|
573
558
|
ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
|
|
574
559
|
ret->client_CA.reset(sk_CRYPTO_BUFFER_new_null());
|
|
560
|
+
ret->CA_names.reset(sk_CRYPTO_BUFFER_new_null());
|
|
575
561
|
if (ret->cert == nullptr || //
|
|
576
562
|
!ret->cert->is_valid() || //
|
|
577
563
|
ret->sessions == nullptr || //
|
|
578
564
|
ret->client_CA == nullptr || //
|
|
565
|
+
ret->CA_names == nullptr || //
|
|
579
566
|
!ret->x509_method->ssl_ctx_new(ret.get())) {
|
|
580
567
|
return nullptr;
|
|
581
568
|
}
|
|
@@ -720,9 +707,7 @@ SSL_CONFIG::~SSL_CONFIG() {
|
|
|
720
707
|
}
|
|
721
708
|
}
|
|
722
709
|
|
|
723
|
-
void SSL_free(SSL *ssl) {
|
|
724
|
-
Delete(ssl);
|
|
725
|
-
}
|
|
710
|
+
void SSL_free(SSL *ssl) { Delete(ssl); }
|
|
726
711
|
|
|
727
712
|
void SSL_set_connect_state(SSL *ssl) {
|
|
728
713
|
ssl->server = false;
|
|
@@ -734,13 +719,9 @@ void SSL_set_accept_state(SSL *ssl) {
|
|
|
734
719
|
ssl->do_handshake = ssl_server_handshake;
|
|
735
720
|
}
|
|
736
721
|
|
|
737
|
-
void SSL_set0_rbio(SSL *ssl, BIO *rbio) {
|
|
738
|
-
ssl->rbio.reset(rbio);
|
|
739
|
-
}
|
|
722
|
+
void SSL_set0_rbio(SSL *ssl, BIO *rbio) { ssl->rbio.reset(rbio); }
|
|
740
723
|
|
|
741
|
-
void SSL_set0_wbio(SSL *ssl, BIO *wbio) {
|
|
742
|
-
ssl->wbio.reset(wbio);
|
|
743
|
-
}
|
|
724
|
+
void SSL_set0_wbio(SSL *ssl, BIO *wbio) { ssl->wbio.reset(wbio); }
|
|
744
725
|
|
|
745
726
|
void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
|
|
746
727
|
// For historical reasons, this function has many different cases in ownership
|
|
@@ -803,8 +784,8 @@ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
|
|
|
803
784
|
} else {
|
|
804
785
|
// Clients may receive both Certificate message and a CertificateRequest
|
|
805
786
|
// message.
|
|
806
|
-
if (2*ssl->max_cert_list > kDefaultLimit) {
|
|
807
|
-
return 2*ssl->max_cert_list;
|
|
787
|
+
if (2 * ssl->max_cert_list > kDefaultLimit) {
|
|
788
|
+
return 2 * ssl->max_cert_list;
|
|
808
789
|
}
|
|
809
790
|
}
|
|
810
791
|
return kDefaultLimit;
|
|
@@ -819,21 +800,23 @@ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
|
|
|
819
800
|
}
|
|
820
801
|
|
|
821
802
|
enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl) {
|
|
822
|
-
|
|
803
|
+
assert(SSL_is_quic(ssl));
|
|
804
|
+
return ssl->s3->quic_read_level;
|
|
823
805
|
}
|
|
824
806
|
|
|
825
807
|
enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) {
|
|
826
|
-
|
|
808
|
+
assert(SSL_is_quic(ssl));
|
|
809
|
+
return ssl->s3->quic_write_level;
|
|
827
810
|
}
|
|
828
811
|
|
|
829
812
|
int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
|
|
830
813
|
const uint8_t *data, size_t len) {
|
|
831
|
-
if (ssl
|
|
814
|
+
if (!SSL_is_quic(ssl)) {
|
|
832
815
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
833
816
|
return 0;
|
|
834
817
|
}
|
|
835
818
|
|
|
836
|
-
if (level != ssl->s3->
|
|
819
|
+
if (level != ssl->s3->quic_read_level) {
|
|
837
820
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
|
|
838
821
|
return 0;
|
|
839
822
|
}
|
|
@@ -937,7 +920,7 @@ static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
|
|
|
937
920
|
int SSL_process_quic_post_handshake(SSL *ssl) {
|
|
938
921
|
ssl_reset_error_state(ssl);
|
|
939
922
|
|
|
940
|
-
if (SSL_in_init(ssl)) {
|
|
923
|
+
if (!SSL_is_quic(ssl) || SSL_in_init(ssl)) {
|
|
941
924
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
942
925
|
return 0;
|
|
943
926
|
}
|
|
@@ -980,6 +963,15 @@ static int ssl_read_impl(SSL *ssl) {
|
|
|
980
963
|
return -1;
|
|
981
964
|
}
|
|
982
965
|
|
|
966
|
+
// If a read triggered a DTLS ACK or retransmit, resolve that before reading
|
|
967
|
+
// more.
|
|
968
|
+
if (SSL_is_dtls(ssl)) {
|
|
969
|
+
int ret = ssl->method->flush(ssl);
|
|
970
|
+
if (ret <= 0) {
|
|
971
|
+
return ret;
|
|
972
|
+
}
|
|
973
|
+
}
|
|
974
|
+
|
|
983
975
|
// Complete the current handshake, if any. False Start will cause
|
|
984
976
|
// |SSL_do_handshake| to return mid-handshake, so this may require multiple
|
|
985
977
|
// iterations.
|
|
@@ -1047,7 +1039,7 @@ int SSL_read(SSL *ssl, void *buf, int num) {
|
|
|
1047
1039
|
}
|
|
1048
1040
|
|
|
1049
1041
|
int SSL_peek(SSL *ssl, void *buf, int num) {
|
|
1050
|
-
if (ssl
|
|
1042
|
+
if (SSL_is_quic(ssl)) {
|
|
1051
1043
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
1052
1044
|
return -1;
|
|
1053
1045
|
}
|
|
@@ -1068,7 +1060,7 @@ int SSL_peek(SSL *ssl, void *buf, int num) {
|
|
|
1068
1060
|
int SSL_write(SSL *ssl, const void *buf, int num) {
|
|
1069
1061
|
ssl_reset_error_state(ssl);
|
|
1070
1062
|
|
|
1071
|
-
if (ssl
|
|
1063
|
+
if (SSL_is_quic(ssl)) {
|
|
1072
1064
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
1073
1065
|
return -1;
|
|
1074
1066
|
}
|
|
@@ -1114,7 +1106,7 @@ int SSL_key_update(SSL *ssl, int request_type) {
|
|
|
1114
1106
|
return 0;
|
|
1115
1107
|
}
|
|
1116
1108
|
|
|
1117
|
-
if (ssl
|
|
1109
|
+
if (SSL_is_quic(ssl)) {
|
|
1118
1110
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
1119
1111
|
return 0;
|
|
1120
1112
|
}
|
|
@@ -1129,12 +1121,7 @@ int SSL_key_update(SSL *ssl, int request_type) {
|
|
|
1129
1121
|
return 0;
|
|
1130
1122
|
}
|
|
1131
1123
|
|
|
1132
|
-
|
|
1133
|
-
!tls13_add_key_update(ssl, request_type)) {
|
|
1134
|
-
return 0;
|
|
1135
|
-
}
|
|
1136
|
-
|
|
1137
|
-
return 1;
|
|
1124
|
+
return tls13_add_key_update(ssl, request_type);
|
|
1138
1125
|
}
|
|
1139
1126
|
|
|
1140
1127
|
int SSL_shutdown(SSL *ssl) {
|
|
@@ -1255,7 +1242,7 @@ int SSL_early_data_accepted(const SSL *ssl) {
|
|
|
1255
1242
|
|
|
1256
1243
|
void SSL_reset_early_data_reject(SSL *ssl) {
|
|
1257
1244
|
SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
|
1258
|
-
if (hs == NULL ||
|
|
1245
|
+
if (hs == NULL || //
|
|
1259
1246
|
hs->wait != ssl_hs_early_data_rejected) {
|
|
1260
1247
|
abort();
|
|
1261
1248
|
}
|
|
@@ -1360,7 +1347,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
|
|
|
1360
1347
|
return ssl->s3->rwstate;
|
|
1361
1348
|
|
|
1362
1349
|
case SSL_ERROR_WANT_READ: {
|
|
1363
|
-
if (ssl
|
|
1350
|
+
if (SSL_is_quic(ssl)) {
|
|
1364
1351
|
return SSL_ERROR_WANT_READ;
|
|
1365
1352
|
}
|
|
1366
1353
|
BIO *bio = SSL_get_rbio(ssl);
|
|
@@ -1515,36 +1502,31 @@ int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
|
|
|
1515
1502
|
// The tls-unique value is the first Finished message in the handshake, which
|
|
1516
1503
|
// is the client's in a full handshake and the server's for a resumption. See
|
|
1517
1504
|
// https://tools.ietf.org/html/rfc5929#section-3.1.
|
|
1518
|
-
const uint8_t
|
|
1519
|
-
size_t finished_len = ssl->s3->previous_client_finished_len;
|
|
1505
|
+
Span<const uint8_t> finished = ssl->s3->previous_client_finished;
|
|
1520
1506
|
if (ssl->session != NULL) {
|
|
1521
1507
|
// tls-unique is broken for resumed sessions unless EMS is used.
|
|
1522
1508
|
if (!ssl->session->extended_master_secret) {
|
|
1523
1509
|
return 0;
|
|
1524
1510
|
}
|
|
1525
1511
|
finished = ssl->s3->previous_server_finished;
|
|
1526
|
-
finished_len = ssl->s3->previous_server_finished_len;
|
|
1527
1512
|
}
|
|
1528
1513
|
|
|
1529
|
-
*out_len =
|
|
1530
|
-
if (
|
|
1514
|
+
*out_len = finished.size();
|
|
1515
|
+
if (finished.size() > max_out) {
|
|
1531
1516
|
*out_len = max_out;
|
|
1532
1517
|
}
|
|
1533
1518
|
|
|
1534
|
-
OPENSSL_memcpy(out, finished, *out_len);
|
|
1519
|
+
OPENSSL_memcpy(out, finished.data(), *out_len);
|
|
1535
1520
|
return 1;
|
|
1536
1521
|
}
|
|
1537
1522
|
|
|
1538
1523
|
static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
|
|
1539
|
-
|
|
1540
|
-
if (
|
|
1524
|
+
size_t sid_ctx_len) {
|
|
1525
|
+
if (!cert->sid_ctx.TryCopyFrom(MakeConstSpan(sid_ctx, sid_ctx_len))) {
|
|
1541
1526
|
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
|
|
1542
1527
|
return 0;
|
|
1543
1528
|
}
|
|
1544
1529
|
|
|
1545
|
-
static_assert(sizeof(cert->sid_ctx) < 256, "sid_ctx too large");
|
|
1546
|
-
cert->sid_ctx_length = (uint8_t)sid_ctx_len;
|
|
1547
|
-
OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len);
|
|
1548
1530
|
return 1;
|
|
1549
1531
|
}
|
|
1550
1532
|
|
|
@@ -1567,8 +1549,8 @@ const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) {
|
|
|
1567
1549
|
*out_len = 0;
|
|
1568
1550
|
return NULL;
|
|
1569
1551
|
}
|
|
1570
|
-
*out_len = ssl->config->cert->
|
|
1571
|
-
return ssl->config->cert->sid_ctx;
|
|
1552
|
+
*out_len = ssl->config->cert->sid_ctx.size();
|
|
1553
|
+
return ssl->config->cert->sid_ctx.data();
|
|
1572
1554
|
}
|
|
1573
1555
|
|
|
1574
1556
|
int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
|
|
@@ -1643,13 +1625,12 @@ int SSL_set_rfd(SSL *ssl, int fd) {
|
|
|
1643
1625
|
}
|
|
1644
1626
|
#endif // !OPENSSL_NO_SOCK
|
|
1645
1627
|
|
|
1646
|
-
static size_t copy_finished(void *out, size_t out_len, const uint8_t
|
|
1647
|
-
|
|
1648
|
-
|
|
1649
|
-
out_len = in_len;
|
|
1628
|
+
static size_t copy_finished(void *out, size_t out_len, Span<const uint8_t> in) {
|
|
1629
|
+
if (out_len > in.size()) {
|
|
1630
|
+
out_len = in.size();
|
|
1650
1631
|
}
|
|
1651
|
-
OPENSSL_memcpy(out, in, out_len);
|
|
1652
|
-
return
|
|
1632
|
+
OPENSSL_memcpy(out, in.data(), out_len);
|
|
1633
|
+
return in.size();
|
|
1653
1634
|
}
|
|
1654
1635
|
|
|
1655
1636
|
size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
|
|
@@ -1659,12 +1640,10 @@ size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
|
|
|
1659
1640
|
}
|
|
1660
1641
|
|
|
1661
1642
|
if (ssl->server) {
|
|
1662
|
-
return copy_finished(buf, count, ssl->s3->previous_server_finished
|
|
1663
|
-
ssl->s3->previous_server_finished_len);
|
|
1643
|
+
return copy_finished(buf, count, ssl->s3->previous_server_finished);
|
|
1664
1644
|
}
|
|
1665
1645
|
|
|
1666
|
-
return copy_finished(buf, count, ssl->s3->previous_client_finished
|
|
1667
|
-
ssl->s3->previous_client_finished_len);
|
|
1646
|
+
return copy_finished(buf, count, ssl->s3->previous_client_finished);
|
|
1668
1647
|
}
|
|
1669
1648
|
|
|
1670
1649
|
size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
|
|
@@ -1674,12 +1653,10 @@ size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
|
|
|
1674
1653
|
}
|
|
1675
1654
|
|
|
1676
1655
|
if (ssl->server) {
|
|
1677
|
-
return copy_finished(buf, count, ssl->s3->previous_client_finished
|
|
1678
|
-
ssl->s3->previous_client_finished_len);
|
|
1656
|
+
return copy_finished(buf, count, ssl->s3->previous_client_finished);
|
|
1679
1657
|
}
|
|
1680
1658
|
|
|
1681
|
-
return copy_finished(buf, count, ssl->s3->previous_server_finished
|
|
1682
|
-
ssl->s3->previous_server_finished_len);
|
|
1659
|
+
return copy_finished(buf, count, ssl->s3->previous_server_finished);
|
|
1683
1660
|
}
|
|
1684
1661
|
|
|
1685
1662
|
int SSL_get_verify_mode(const SSL *ssl) {
|
|
@@ -1693,7 +1670,7 @@ int SSL_get_verify_mode(const SSL *ssl) {
|
|
|
1693
1670
|
int SSL_get_extms_support(const SSL *ssl) {
|
|
1694
1671
|
// TLS 1.3 does not require extended master secret and always reports as
|
|
1695
1672
|
// supporting it.
|
|
1696
|
-
if (
|
|
1673
|
+
if (ssl->s3->version == 0) {
|
|
1697
1674
|
return 0;
|
|
1698
1675
|
}
|
|
1699
1676
|
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
@@ -1748,7 +1725,7 @@ static bool has_cert_and_key(const SSL_CREDENTIAL *cred) {
|
|
|
1748
1725
|
int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
|
|
1749
1726
|
// There is no need to actually check consistency because inconsistent values
|
|
1750
1727
|
// can never be configured.
|
|
1751
|
-
return has_cert_and_key(ctx->cert->
|
|
1728
|
+
return has_cert_and_key(ctx->cert->legacy_credential.get());
|
|
1752
1729
|
}
|
|
1753
1730
|
|
|
1754
1731
|
int SSL_check_private_key(const SSL *ssl) {
|
|
@@ -1758,7 +1735,7 @@ int SSL_check_private_key(const SSL *ssl) {
|
|
|
1758
1735
|
|
|
1759
1736
|
// There is no need to actually check consistency because inconsistent values
|
|
1760
1737
|
// can never be configured.
|
|
1761
|
-
return has_cert_and_key(ssl->config->cert->
|
|
1738
|
+
return has_cert_and_key(ssl->config->cert->legacy_credential.get());
|
|
1762
1739
|
}
|
|
1763
1740
|
|
|
1764
1741
|
long SSL_get_default_timeout(const SSL *ssl) {
|
|
@@ -1824,9 +1801,7 @@ void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
|
|
|
1824
1801
|
ctx->max_cert_list = (uint32_t)max_cert_list;
|
|
1825
1802
|
}
|
|
1826
1803
|
|
|
1827
|
-
size_t SSL_get_max_cert_list(const SSL *ssl) {
|
|
1828
|
-
return ssl->max_cert_list;
|
|
1829
|
-
}
|
|
1804
|
+
size_t SSL_get_max_cert_list(const SSL *ssl) { return ssl->max_cert_list; }
|
|
1830
1805
|
|
|
1831
1806
|
void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
|
|
1832
1807
|
if (max_cert_list > kMaxHandshakeSize) {
|
|
@@ -1868,7 +1843,7 @@ int SSL_set_mtu(SSL *ssl, unsigned mtu) {
|
|
|
1868
1843
|
}
|
|
1869
1844
|
|
|
1870
1845
|
int SSL_get_secure_renegotiation_support(const SSL *ssl) {
|
|
1871
|
-
if (
|
|
1846
|
+
if (ssl->s3->version == 0) {
|
|
1872
1847
|
return 0;
|
|
1873
1848
|
}
|
|
1874
1849
|
return ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
|
|
@@ -1949,9 +1924,9 @@ int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) {
|
|
|
1949
1924
|
}
|
|
1950
1925
|
|
|
1951
1926
|
int SSL_CTX_set_tlsext_ticket_key_cb(
|
|
1952
|
-
SSL_CTX *ctx,
|
|
1953
|
-
|
|
1954
|
-
|
|
1927
|
+
SSL_CTX *ctx,
|
|
1928
|
+
int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
|
|
1929
|
+
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, int encrypt)) {
|
|
1955
1930
|
ctx->ticket_key_cb = callback;
|
|
1956
1931
|
return 1;
|
|
1957
1932
|
}
|
|
@@ -1985,7 +1960,7 @@ int SSL_set1_group_ids(SSL *ssl, const uint16_t *group_ids,
|
|
|
1985
1960
|
static bool ssl_nids_to_group_ids(Array<uint16_t> *out_group_ids,
|
|
1986
1961
|
Span<const int> nids) {
|
|
1987
1962
|
Array<uint16_t> group_ids;
|
|
1988
|
-
if (!group_ids.
|
|
1963
|
+
if (!group_ids.InitForOverwrite(nids.size())) {
|
|
1989
1964
|
return false;
|
|
1990
1965
|
}
|
|
1991
1966
|
|
|
@@ -2027,7 +2002,7 @@ static bool ssl_str_to_group_ids(Array<uint16_t> *out_group_ids,
|
|
|
2027
2002
|
} while (col);
|
|
2028
2003
|
|
|
2029
2004
|
Array<uint16_t> group_ids;
|
|
2030
|
-
if (!group_ids.
|
|
2005
|
+
if (!group_ids.InitForOverwrite(count)) {
|
|
2031
2006
|
return false;
|
|
2032
2007
|
}
|
|
2033
2008
|
|
|
@@ -2078,13 +2053,9 @@ int SSL_get_negotiated_group(const SSL *ssl) {
|
|
|
2078
2053
|
return ssl_group_id_to_nid(group_id);
|
|
2079
2054
|
}
|
|
2080
2055
|
|
|
2081
|
-
int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
|
|
2082
|
-
return 1;
|
|
2083
|
-
}
|
|
2056
|
+
int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) { return 1; }
|
|
2084
2057
|
|
|
2085
|
-
int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
|
|
2086
|
-
return 1;
|
|
2087
|
-
}
|
|
2058
|
+
int SSL_set_tmp_dh(SSL *ssl, const DH *dh) { return 1; }
|
|
2088
2059
|
|
|
2089
2060
|
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
|
|
2090
2061
|
return ctx->cipher_list->ciphers.get();
|
|
@@ -2107,7 +2078,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
|
|
|
2107
2078
|
}
|
|
2108
2079
|
|
|
2109
2080
|
return ssl->config->cipher_list ? ssl->config->cipher_list->ciphers.get()
|
|
2110
|
-
|
|
2081
|
+
: ssl->ctx->cipher_list->ciphers.get();
|
|
2111
2082
|
}
|
|
2112
2083
|
|
|
2113
2084
|
const char *SSL_get_cipher_list(const SSL *ssl, int n) {
|
|
@@ -2343,10 +2314,12 @@ void SSL_CTX_set_next_protos_advertised_cb(
|
|
|
2343
2314
|
ctx->next_protos_advertised_cb_arg = arg;
|
|
2344
2315
|
}
|
|
2345
2316
|
|
|
2346
|
-
void SSL_CTX_set_next_proto_select_cb(
|
|
2347
|
-
|
|
2348
|
-
|
|
2349
|
-
|
|
2317
|
+
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
|
|
2318
|
+
int (*cb)(SSL *ssl, uint8_t **out,
|
|
2319
|
+
uint8_t *out_len,
|
|
2320
|
+
const uint8_t *in,
|
|
2321
|
+
unsigned in_len, void *arg),
|
|
2322
|
+
void *arg) {
|
|
2350
2323
|
ctx->next_proto_select_cb = cb;
|
|
2351
2324
|
ctx->next_proto_select_cb_arg = arg;
|
|
2352
2325
|
}
|
|
@@ -2480,9 +2453,8 @@ int SSL_enable_tls_channel_id(SSL *ssl) {
|
|
|
2480
2453
|
|
|
2481
2454
|
static int is_p256_key(EVP_PKEY *private_key) {
|
|
2482
2455
|
const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(private_key);
|
|
2483
|
-
return ec_key != NULL &&
|
|
2484
|
-
|
|
2485
|
-
NID_X9_62_prime256v1;
|
|
2456
|
+
return ec_key != NULL && EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) ==
|
|
2457
|
+
NID_X9_62_prime256v1;
|
|
2486
2458
|
}
|
|
2487
2459
|
|
|
2488
2460
|
int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
|
|
@@ -2536,7 +2508,7 @@ size_t SSL_get0_peer_verify_algorithms(const SSL *ssl,
|
|
|
2536
2508
|
}
|
|
2537
2509
|
|
|
2538
2510
|
size_t SSL_get0_peer_delegation_algorithms(const SSL *ssl,
|
|
2539
|
-
const uint16_t **out_sigalgs){
|
|
2511
|
+
const uint16_t **out_sigalgs) {
|
|
2540
2512
|
Span<const uint16_t> sigalgs;
|
|
2541
2513
|
if (ssl->s3->hs != nullptr) {
|
|
2542
2514
|
sigalgs = ssl->s3->hs->peer_delegated_credential_sigalgs;
|
|
@@ -2550,11 +2522,11 @@ EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
|
|
|
2550
2522
|
assert(ssl->config);
|
|
2551
2523
|
return nullptr;
|
|
2552
2524
|
}
|
|
2553
|
-
return ssl->config->cert->
|
|
2525
|
+
return ssl->config->cert->legacy_credential->privkey.get();
|
|
2554
2526
|
}
|
|
2555
2527
|
|
|
2556
2528
|
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
|
|
2557
|
-
return ctx->cert->
|
|
2529
|
+
return ctx->cert->legacy_credential->privkey.get();
|
|
2558
2530
|
}
|
|
2559
2531
|
|
|
2560
2532
|
const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
|
|
@@ -2658,7 +2630,7 @@ int SSL_state(const SSL *ssl) {
|
|
|
2658
2630
|
return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK;
|
|
2659
2631
|
}
|
|
2660
2632
|
|
|
2661
|
-
void SSL_set_state(SSL *ssl, int state) {
|
|
2633
|
+
void SSL_set_state(SSL *ssl, int state) {}
|
|
2662
2634
|
|
|
2663
2635
|
char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
|
|
2664
2636
|
if (len <= 0) {
|
|
@@ -2707,7 +2679,7 @@ int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
|
|
|
2707
2679
|
CRYPTO_EX_dup *dup_unused,
|
|
2708
2680
|
CRYPTO_EX_free *free_func) {
|
|
2709
2681
|
return CRYPTO_get_ex_new_index_ex(&g_ex_data_class_ssl_ctx, argl, argp,
|
|
2710
|
-
|
|
2682
|
+
free_func);
|
|
2711
2683
|
}
|
|
2712
2684
|
|
|
2713
2685
|
int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data) {
|
|
@@ -2814,9 +2786,10 @@ void SSL_CTX_set_psk_client_callback(
|
|
|
2814
2786
|
ctx->psk_client_callback = cb;
|
|
2815
2787
|
}
|
|
2816
2788
|
|
|
2817
|
-
void SSL_set_psk_server_callback(
|
|
2818
|
-
|
|
2819
|
-
|
|
2789
|
+
void SSL_set_psk_server_callback(SSL *ssl,
|
|
2790
|
+
unsigned (*cb)(SSL *ssl, const char *identity,
|
|
2791
|
+
uint8_t *psk,
|
|
2792
|
+
unsigned max_psk_len)) {
|
|
2820
2793
|
if (!ssl->config) {
|
|
2821
2794
|
return;
|
|
2822
2795
|
}
|
|
@@ -2824,8 +2797,8 @@ void SSL_set_psk_server_callback(
|
|
|
2824
2797
|
}
|
|
2825
2798
|
|
|
2826
2799
|
void SSL_CTX_set_psk_server_callback(
|
|
2827
|
-
SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
|
|
2828
|
-
|
|
2800
|
+
SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
|
|
2801
|
+
unsigned max_psk_len)) {
|
|
2829
2802
|
ctx->psk_server_callback = cb;
|
|
2830
2803
|
}
|
|
2831
2804
|
|
|
@@ -2878,9 +2851,7 @@ int SSL_can_release_private_key(const SSL *ssl) {
|
|
|
2878
2851
|
return !ssl->s3->hs || ssl->s3->hs->can_release_private_key;
|
|
2879
2852
|
}
|
|
2880
2853
|
|
|
2881
|
-
int SSL_is_init_finished(const SSL *ssl) {
|
|
2882
|
-
return !SSL_in_init(ssl);
|
|
2883
|
-
}
|
|
2854
|
+
int SSL_is_init_finished(const SSL *ssl) { return !SSL_in_init(ssl); }
|
|
2884
2855
|
|
|
2885
2856
|
int SSL_in_init(const SSL *ssl) {
|
|
2886
2857
|
// This returns false once all the handshake state has been finalized, to
|
|
@@ -2897,14 +2868,14 @@ int SSL_in_false_start(const SSL *ssl) {
|
|
|
2897
2868
|
return ssl->s3->hs->in_false_start;
|
|
2898
2869
|
}
|
|
2899
2870
|
|
|
2900
|
-
int SSL_cutthrough_complete(const SSL *ssl) {
|
|
2901
|
-
return SSL_in_false_start(ssl);
|
|
2902
|
-
}
|
|
2871
|
+
int SSL_cutthrough_complete(const SSL *ssl) { return SSL_in_false_start(ssl); }
|
|
2903
2872
|
|
|
2904
2873
|
int SSL_is_server(const SSL *ssl) { return ssl->server; }
|
|
2905
2874
|
|
|
2906
2875
|
int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
|
|
2907
2876
|
|
|
2877
|
+
int SSL_is_quic(const SSL *ssl) { return ssl->quic_method != nullptr; }
|
|
2878
|
+
|
|
2908
2879
|
void SSL_CTX_set_select_certificate_cb(
|
|
2909
2880
|
SSL_CTX *ctx,
|
|
2910
2881
|
enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) {
|
|
@@ -2942,6 +2913,13 @@ void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
|
|
|
2942
2913
|
|
|
2943
2914
|
int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
|
|
2944
2915
|
const uint8_t **out_write_iv, size_t *out_iv_len) {
|
|
2916
|
+
// No cipher suites maintain stateful internal IVs in DTLS. It would not be
|
|
2917
|
+
// compatible with reordering.
|
|
2918
|
+
if (SSL_is_dtls(ssl)) {
|
|
2919
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
2920
|
+
return 0;
|
|
2921
|
+
}
|
|
2922
|
+
|
|
2945
2923
|
size_t write_iv_len;
|
|
2946
2924
|
if (!ssl->s3->aead_read_ctx->GetIV(out_read_iv, out_iv_len) ||
|
|
2947
2925
|
!ssl->s3->aead_write_ctx->GetIV(out_write_iv, &write_iv_len) ||
|
|
@@ -2954,30 +2932,30 @@ int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
|
|
|
2954
2932
|
|
|
2955
2933
|
uint64_t SSL_get_read_sequence(const SSL *ssl) {
|
|
2956
2934
|
if (SSL_is_dtls(ssl)) {
|
|
2957
|
-
// TODO(crbug.com/42290608):
|
|
2958
|
-
//
|
|
2959
|
-
//
|
|
2960
|
-
//
|
|
2961
|
-
//
|
|
2962
|
-
//
|
|
2963
|
-
//
|
|
2964
|
-
|
|
2965
|
-
//
|
|
2966
|
-
//
|
|
2967
|
-
//
|
|
2968
|
-
|
|
2969
|
-
return
|
|
2935
|
+
// TODO(crbug.com/42290608): This API needs to reworked.
|
|
2936
|
+
//
|
|
2937
|
+
// In DTLS 1.2, right at an epoch transition, |read_epoch| may not have
|
|
2938
|
+
// received any records. We will then return that sequence 0 is the highest
|
|
2939
|
+
// received, but it's really -1, which is not representable. This is mostly
|
|
2940
|
+
// moot because, after the handshake, we will never be in the state.
|
|
2941
|
+
//
|
|
2942
|
+
// In DTLS 1.3, epochs do not transition until the first record comes in.
|
|
2943
|
+
// This avoids the DTLS 1.2 problem but introduces a different problem:
|
|
2944
|
+
// during a KeyUpdate (which may occur in the steady state), both epochs are
|
|
2945
|
+
// live. We'll likely need a new API for DTLS offload.
|
|
2946
|
+
const DTLSReadEpoch *read_epoch = &ssl->d1->read_epoch;
|
|
2947
|
+
return DTLSRecordNumber(read_epoch->epoch, read_epoch->bitmap.max_seq_num())
|
|
2948
|
+
.combined();
|
|
2970
2949
|
}
|
|
2971
2950
|
return ssl->s3->read_sequence;
|
|
2972
2951
|
}
|
|
2973
2952
|
|
|
2974
2953
|
uint64_t SSL_get_write_sequence(const SSL *ssl) {
|
|
2975
|
-
uint64_t ret = ssl->s3->write_sequence;
|
|
2976
2954
|
if (SSL_is_dtls(ssl)) {
|
|
2977
|
-
|
|
2978
|
-
ret |= uint64_t{ssl->d1->w_epoch} << 48;
|
|
2955
|
+
return ssl->d1->write_epoch.next_record.combined();
|
|
2979
2956
|
}
|
|
2980
|
-
|
|
2957
|
+
|
|
2958
|
+
return ssl->s3->write_sequence;
|
|
2981
2959
|
}
|
|
2982
2960
|
|
|
2983
2961
|
uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) {
|
|
@@ -3179,8 +3157,8 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
|
|
|
3179
3157
|
|
|
3180
3158
|
SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
|
|
3181
3159
|
size_t buf_len) {
|
|
3182
|
-
if (SSL_in_init(ssl) ||
|
|
3183
|
-
ssl_protocol_version(ssl) != TLS1_3_VERSION ||
|
|
3160
|
+
if (SSL_in_init(ssl) || //
|
|
3161
|
+
ssl_protocol_version(ssl) != TLS1_3_VERSION || //
|
|
3184
3162
|
ssl->server) {
|
|
3185
3163
|
// Only TLS 1.3 clients are supported.
|
|
3186
3164
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
@@ -3190,8 +3168,8 @@ SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
|
|
|
3190
3168
|
CBS cbs, body;
|
|
3191
3169
|
CBS_init(&cbs, buf, buf_len);
|
|
3192
3170
|
uint8_t type;
|
|
3193
|
-
if (!CBS_get_u8(&cbs, &type) ||
|
|
3194
|
-
!CBS_get_u24_length_prefixed(&cbs, &body) ||
|
|
3171
|
+
if (!CBS_get_u8(&cbs, &type) || //
|
|
3172
|
+
!CBS_get_u24_length_prefixed(&cbs, &body) || //
|
|
3195
3173
|
CBS_len(&cbs) != 0) {
|
|
3196
3174
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
3197
3175
|
return nullptr;
|
|
@@ -3226,8 +3204,8 @@ int SSL_get_tlsext_status_type(const SSL *ssl) {
|
|
|
3226
3204
|
if (ssl->server) {
|
|
3227
3205
|
SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
|
3228
3206
|
return hs != nullptr && hs->ocsp_stapling_requested
|
|
3229
|
-
|
|
3230
|
-
|
|
3207
|
+
? TLSEXT_STATUSTYPE_ocsp
|
|
3208
|
+
: TLSEXT_STATUSTYPE_nothing;
|
|
3231
3209
|
}
|
|
3232
3210
|
|
|
3233
3211
|
return ssl->config != nullptr && ssl->config->ocsp_stapling_enabled
|
|
@@ -3411,12 +3389,11 @@ static int Configure(SSL_CTX *ctx) {
|
|
|
3411
3389
|
}
|
|
3412
3390
|
|
|
3413
3391
|
static int Configure(SSL *ssl) {
|
|
3414
|
-
ssl->config->tls13_cipher_policy =
|
|
3415
|
-
ssl_compliance_policy_cnsa_202407;
|
|
3392
|
+
ssl->config->tls13_cipher_policy = ssl_compliance_policy_cnsa_202407;
|
|
3416
3393
|
return 1;
|
|
3417
3394
|
}
|
|
3418
3395
|
|
|
3419
|
-
}
|
|
3396
|
+
} // namespace cnsa202407
|
|
3420
3397
|
|
|
3421
3398
|
int SSL_CTX_set_compliance_policy(SSL_CTX *ctx,
|
|
3422
3399
|
enum ssl_compliance_policy_t policy) {
|