grpc 1.69.0 → 1.70.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +251 -249
- data/include/grpc/support/atm.h +0 -13
- data/src/core/call/request_buffer.cc +224 -0
- data/src/core/call/request_buffer.h +192 -0
- data/src/core/client_channel/client_channel.cc +2 -3
- data/src/core/client_channel/client_channel_args.h +21 -0
- data/src/core/client_channel/client_channel_filter.h +1 -3
- data/src/core/client_channel/retry_interceptor.cc +406 -0
- data/src/core/client_channel/retry_interceptor.h +157 -0
- data/src/core/client_channel/retry_service_config.h +13 -0
- data/src/core/client_channel/retry_throttle.cc +33 -18
- data/src/core/client_channel/retry_throttle.h +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
- data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
- data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
- data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
- data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
- data/src/core/filter/filter_args.h +112 -0
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
- data/src/core/lib/channel/promise_based_filter.h +5 -79
- data/src/core/lib/debug/trace_flags.cc +2 -0
- data/src/core/lib/debug/trace_flags.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
- data/src/core/lib/experiments/experiments.cc +90 -39
- data/src/core/lib/experiments/experiments.h +43 -24
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
- data/src/core/lib/promise/activity.cc +2 -0
- data/src/core/lib/promise/activity.h +29 -8
- data/src/core/lib/promise/map.h +42 -0
- data/src/core/lib/promise/party.cc +36 -1
- data/src/core/lib/promise/party.h +13 -5
- data/src/core/lib/promise/sleep.h +1 -0
- data/src/core/lib/promise/status_flag.h +10 -0
- data/src/core/lib/resource_quota/arena.h +8 -0
- data/src/core/lib/resource_quota/connection_quota.h +4 -0
- data/src/core/lib/surface/call_utils.h +2 -0
- data/src/core/lib/surface/client_call.cc +43 -35
- data/src/core/lib/surface/client_call.h +5 -0
- data/src/core/lib/surface/event_string.cc +7 -1
- data/src/core/lib/surface/init_internally.h +13 -2
- data/src/core/lib/surface/server_call.cc +100 -85
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/call_filters.cc +10 -4
- data/src/core/lib/transport/call_filters.h +8 -0
- data/src/core/lib/transport/call_spine.cc +36 -71
- data/src/core/lib/transport/call_spine.h +131 -7
- data/src/core/lib/transport/call_state.h +132 -39
- data/src/core/lib/transport/interception_chain.cc +8 -0
- data/src/core/lib/transport/interception_chain.h +9 -0
- data/src/core/load_balancing/endpoint_list.cc +10 -0
- data/src/core/load_balancing/endpoint_list.h +13 -6
- data/src/core/load_balancing/lb_policy.h +0 -8
- data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
- data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
- data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
- data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
- data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
- data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
- data/src/core/resolver/xds/xds_resolver.cc +28 -47
- data/src/core/server/server.cc +290 -24
- data/src/core/server/server.h +199 -61
- data/src/core/server/xds_server_config_fetcher.cc +78 -142
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/util/backoff.cc +15 -4
- data/src/core/util/http_client/httpcli.cc +66 -18
- data/src/core/util/http_client/httpcli.h +14 -4
- data/src/core/util/matchers.h +5 -10
- data/src/core/util/ref_counted.h +1 -0
- data/src/core/util/ref_counted_ptr.h +1 -1
- data/src/core/util/useful.h +9 -11
- data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
- data/src/core/xds/grpc/xds_metadata.h +8 -0
- data/src/core/xds/xds_client/xds_api.cc +0 -223
- data/src/core/xds/xds_client/xds_api.h +1 -133
- data/src/core/xds/xds_client/xds_client.cc +599 -466
- data/src/core/xds/xds_client/xds_client.h +107 -26
- data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
- data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
- data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
- data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
- data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
- data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
- data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
- data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
- data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
- data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
- metadata +339 -339
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
- data/src/core/util/atm.cc +0 -34
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
|
@@ -154,8 +154,8 @@
|
|
|
154
154
|
#include <openssl/mem.h>
|
|
155
155
|
#include <openssl/rand.h>
|
|
156
156
|
|
|
157
|
-
#include "internal.h"
|
|
158
157
|
#include "../crypto/internal.h"
|
|
158
|
+
#include "internal.h"
|
|
159
159
|
|
|
160
160
|
#if defined(OPENSSL_WINDOWS)
|
|
161
161
|
#include <sys/timeb.h>
|
|
@@ -213,7 +213,7 @@ void ssl_reset_error_state(SSL *ssl) {
|
|
|
213
213
|
ERR_clear_system_error();
|
|
214
214
|
}
|
|
215
215
|
|
|
216
|
-
void ssl_set_read_error(SSL*
|
|
216
|
+
void ssl_set_read_error(SSL *ssl) {
|
|
217
217
|
ssl->s3->read_shutdown = ssl_shutdown_error;
|
|
218
218
|
ssl->s3->read_error.reset(ERR_save_state());
|
|
219
219
|
}
|
|
@@ -287,7 +287,7 @@ static uint8_t hex_char_consttime(uint8_t b) {
|
|
|
287
287
|
|
|
288
288
|
static bool cbb_add_hex_consttime(CBB *cbb, Span<const uint8_t> in) {
|
|
289
289
|
uint8_t *out;
|
|
290
|
-
if (!CBB_add_space(cbb, &out, in.size() * 2)) {
|
|
290
|
+
if (!CBB_add_space(cbb, &out, in.size() * 2)) {
|
|
291
291
|
return false;
|
|
292
292
|
}
|
|
293
293
|
|
|
@@ -364,14 +364,7 @@ void ssl_do_msg_callback(const SSL *ssl, int is_write, int content_type,
|
|
|
364
364
|
const_cast<SSL *>(ssl), ssl->msg_callback_arg);
|
|
365
365
|
}
|
|
366
366
|
|
|
367
|
-
|
|
368
|
-
// TODO(martinkr): Change callers to |ssl_ctx_get_current_time| and drop the
|
|
369
|
-
// |ssl| arg from |current_time_cb| if possible.
|
|
370
|
-
ssl_ctx_get_current_time(ssl->ctx.get(), out_clock);
|
|
371
|
-
}
|
|
372
|
-
|
|
373
|
-
void ssl_ctx_get_current_time(const SSL_CTX *ctx,
|
|
374
|
-
struct OPENSSL_timeval *out_clock) {
|
|
367
|
+
OPENSSL_timeval ssl_ctx_get_current_time(const SSL_CTX *ctx) {
|
|
375
368
|
if (ctx->current_time_cb != NULL) {
|
|
376
369
|
// TODO(davidben): Update current_time_cb to use OPENSSL_timeval. See
|
|
377
370
|
// https://crbug.com/boringssl/155.
|
|
@@ -379,54 +372,47 @@ void ssl_ctx_get_current_time(const SSL_CTX *ctx,
|
|
|
379
372
|
ctx->current_time_cb(nullptr /* ssl */, &clock);
|
|
380
373
|
if (clock.tv_sec < 0) {
|
|
381
374
|
assert(0);
|
|
382
|
-
|
|
383
|
-
out_clock->tv_usec = 0;
|
|
375
|
+
return {0, 0};
|
|
384
376
|
} else {
|
|
385
|
-
|
|
386
|
-
|
|
377
|
+
return {static_cast<uint64_t>(clock.tv_sec),
|
|
378
|
+
static_cast<uint32_t>(clock.tv_usec)};
|
|
387
379
|
}
|
|
388
|
-
return;
|
|
389
380
|
}
|
|
390
381
|
|
|
391
382
|
#if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE)
|
|
392
|
-
|
|
393
|
-
out_clock->tv_usec = 1234;
|
|
383
|
+
return {1234, 1234};
|
|
394
384
|
#elif defined(OPENSSL_WINDOWS)
|
|
395
385
|
struct _timeb time;
|
|
396
386
|
_ftime(&time);
|
|
397
387
|
if (time.time < 0) {
|
|
398
388
|
assert(0);
|
|
399
|
-
|
|
400
|
-
out_clock->tv_usec = 0;
|
|
389
|
+
return {0, 0};
|
|
401
390
|
} else {
|
|
402
|
-
|
|
403
|
-
|
|
391
|
+
return {static_cast<uint64_t>(time.time),
|
|
392
|
+
static_cast<uint32_t>(time.millitm * 1000)};
|
|
404
393
|
}
|
|
405
394
|
#else
|
|
406
395
|
struct timeval clock;
|
|
407
396
|
gettimeofday(&clock, NULL);
|
|
408
397
|
if (clock.tv_sec < 0) {
|
|
409
398
|
assert(0);
|
|
410
|
-
|
|
411
|
-
out_clock->tv_usec = 0;
|
|
399
|
+
return {0, 0};
|
|
412
400
|
} else {
|
|
413
|
-
|
|
414
|
-
|
|
401
|
+
return {static_cast<uint64_t>(clock.tv_sec),
|
|
402
|
+
static_cast<uint32_t>(clock.tv_usec)};
|
|
415
403
|
}
|
|
416
404
|
#endif
|
|
417
405
|
}
|
|
418
406
|
|
|
419
|
-
void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) {
|
|
420
|
-
ctx->handoff = on;
|
|
421
|
-
}
|
|
407
|
+
void SSL_CTX_set_handoff_mode(SSL_CTX *ctx, bool on) { ctx->handoff = on; }
|
|
422
408
|
|
|
423
409
|
static bool ssl_can_renegotiate(const SSL *ssl) {
|
|
424
410
|
if (ssl->server || SSL_is_dtls(ssl)) {
|
|
425
411
|
return false;
|
|
426
412
|
}
|
|
427
413
|
|
|
428
|
-
if (ssl->s3->
|
|
429
|
-
ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
414
|
+
if (ssl->s3->version != 0 //
|
|
415
|
+
&& ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
430
416
|
return false;
|
|
431
417
|
}
|
|
432
418
|
|
|
@@ -452,9 +438,9 @@ static bool ssl_can_renegotiate(const SSL *ssl) {
|
|
|
452
438
|
}
|
|
453
439
|
|
|
454
440
|
static void ssl_maybe_shed_handshake_config(SSL *ssl) {
|
|
455
|
-
if (ssl->s3->hs != nullptr ||
|
|
456
|
-
ssl->config == nullptr ||
|
|
457
|
-
!ssl->config->shed_handshake_config ||
|
|
441
|
+
if (ssl->s3->hs != nullptr || //
|
|
442
|
+
ssl->config == nullptr || //
|
|
443
|
+
!ssl->config->shed_handshake_config || //
|
|
458
444
|
ssl_can_renegotiate(ssl)) {
|
|
459
445
|
return;
|
|
460
446
|
}
|
|
@@ -472,8 +458,10 @@ void SSL_set_handoff_mode(SSL *ssl, bool on) {
|
|
|
472
458
|
bool SSL_get_traffic_secrets(const SSL *ssl,
|
|
473
459
|
Span<const uint8_t> *out_read_traffic_secret,
|
|
474
460
|
Span<const uint8_t> *out_write_traffic_secret) {
|
|
475
|
-
|
|
476
|
-
|
|
461
|
+
// This API is not well-defined for DTLS 1.3 (see https://crbug.com/42290608)
|
|
462
|
+
// or QUIC, where multiple epochs may be alive at once.
|
|
463
|
+
if (SSL_is_dtls(ssl) || SSL_is_quic(ssl)) {
|
|
464
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
477
465
|
return false;
|
|
478
466
|
}
|
|
479
467
|
|
|
@@ -482,11 +470,13 @@ bool SSL_get_traffic_secrets(const SSL *ssl,
|
|
|
482
470
|
return false;
|
|
483
471
|
}
|
|
484
472
|
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
473
|
+
if (SSL_version(ssl) < TLS1_3_VERSION) {
|
|
474
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
|
|
475
|
+
return false;
|
|
476
|
+
}
|
|
489
477
|
|
|
478
|
+
*out_read_traffic_secret = ssl->s3->read_traffic_secret;
|
|
479
|
+
*out_write_traffic_secret = ssl->s3->write_traffic_secret;
|
|
490
480
|
return true;
|
|
491
481
|
}
|
|
492
482
|
|
|
@@ -512,16 +502,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
|
|
|
512
502
|
}
|
|
513
503
|
|
|
514
504
|
static uint32_t ssl_session_hash(const SSL_SESSION *sess) {
|
|
515
|
-
return ssl_hash_session_id(
|
|
516
|
-
MakeConstSpan(sess->session_id, sess->session_id_length));
|
|
505
|
+
return ssl_hash_session_id(sess->session_id);
|
|
517
506
|
}
|
|
518
507
|
|
|
519
508
|
static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
|
|
520
|
-
|
|
521
|
-
return 1;
|
|
522
|
-
}
|
|
523
|
-
|
|
524
|
-
return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
|
|
509
|
+
return MakeConstSpan(a->session_id) == b->session_id ? 0 : 1;
|
|
525
510
|
}
|
|
526
511
|
|
|
527
512
|
ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
|
|
@@ -572,10 +557,12 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
|
|
|
572
557
|
ret->cert = MakeUnique<CERT>(method->x509_method);
|
|
573
558
|
ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
|
|
574
559
|
ret->client_CA.reset(sk_CRYPTO_BUFFER_new_null());
|
|
560
|
+
ret->CA_names.reset(sk_CRYPTO_BUFFER_new_null());
|
|
575
561
|
if (ret->cert == nullptr || //
|
|
576
562
|
!ret->cert->is_valid() || //
|
|
577
563
|
ret->sessions == nullptr || //
|
|
578
564
|
ret->client_CA == nullptr || //
|
|
565
|
+
ret->CA_names == nullptr || //
|
|
579
566
|
!ret->x509_method->ssl_ctx_new(ret.get())) {
|
|
580
567
|
return nullptr;
|
|
581
568
|
}
|
|
@@ -720,9 +707,7 @@ SSL_CONFIG::~SSL_CONFIG() {
|
|
|
720
707
|
}
|
|
721
708
|
}
|
|
722
709
|
|
|
723
|
-
void SSL_free(SSL *ssl) {
|
|
724
|
-
Delete(ssl);
|
|
725
|
-
}
|
|
710
|
+
void SSL_free(SSL *ssl) { Delete(ssl); }
|
|
726
711
|
|
|
727
712
|
void SSL_set_connect_state(SSL *ssl) {
|
|
728
713
|
ssl->server = false;
|
|
@@ -734,13 +719,9 @@ void SSL_set_accept_state(SSL *ssl) {
|
|
|
734
719
|
ssl->do_handshake = ssl_server_handshake;
|
|
735
720
|
}
|
|
736
721
|
|
|
737
|
-
void SSL_set0_rbio(SSL *ssl, BIO *rbio) {
|
|
738
|
-
ssl->rbio.reset(rbio);
|
|
739
|
-
}
|
|
722
|
+
void SSL_set0_rbio(SSL *ssl, BIO *rbio) { ssl->rbio.reset(rbio); }
|
|
740
723
|
|
|
741
|
-
void SSL_set0_wbio(SSL *ssl, BIO *wbio) {
|
|
742
|
-
ssl->wbio.reset(wbio);
|
|
743
|
-
}
|
|
724
|
+
void SSL_set0_wbio(SSL *ssl, BIO *wbio) { ssl->wbio.reset(wbio); }
|
|
744
725
|
|
|
745
726
|
void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio) {
|
|
746
727
|
// For historical reasons, this function has many different cases in ownership
|
|
@@ -803,8 +784,8 @@ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
|
|
|
803
784
|
} else {
|
|
804
785
|
// Clients may receive both Certificate message and a CertificateRequest
|
|
805
786
|
// message.
|
|
806
|
-
if (2*ssl->max_cert_list > kDefaultLimit) {
|
|
807
|
-
return 2*ssl->max_cert_list;
|
|
787
|
+
if (2 * ssl->max_cert_list > kDefaultLimit) {
|
|
788
|
+
return 2 * ssl->max_cert_list;
|
|
808
789
|
}
|
|
809
790
|
}
|
|
810
791
|
return kDefaultLimit;
|
|
@@ -819,21 +800,23 @@ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
|
|
|
819
800
|
}
|
|
820
801
|
|
|
821
802
|
enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl) {
|
|
822
|
-
|
|
803
|
+
assert(SSL_is_quic(ssl));
|
|
804
|
+
return ssl->s3->quic_read_level;
|
|
823
805
|
}
|
|
824
806
|
|
|
825
807
|
enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl) {
|
|
826
|
-
|
|
808
|
+
assert(SSL_is_quic(ssl));
|
|
809
|
+
return ssl->s3->quic_write_level;
|
|
827
810
|
}
|
|
828
811
|
|
|
829
812
|
int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
|
|
830
813
|
const uint8_t *data, size_t len) {
|
|
831
|
-
if (ssl
|
|
814
|
+
if (!SSL_is_quic(ssl)) {
|
|
832
815
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
833
816
|
return 0;
|
|
834
817
|
}
|
|
835
818
|
|
|
836
|
-
if (level != ssl->s3->
|
|
819
|
+
if (level != ssl->s3->quic_read_level) {
|
|
837
820
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
|
|
838
821
|
return 0;
|
|
839
822
|
}
|
|
@@ -937,7 +920,7 @@ static int ssl_do_post_handshake(SSL *ssl, const SSLMessage &msg) {
|
|
|
937
920
|
int SSL_process_quic_post_handshake(SSL *ssl) {
|
|
938
921
|
ssl_reset_error_state(ssl);
|
|
939
922
|
|
|
940
|
-
if (SSL_in_init(ssl)) {
|
|
923
|
+
if (!SSL_is_quic(ssl) || SSL_in_init(ssl)) {
|
|
941
924
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
942
925
|
return 0;
|
|
943
926
|
}
|
|
@@ -980,6 +963,15 @@ static int ssl_read_impl(SSL *ssl) {
|
|
|
980
963
|
return -1;
|
|
981
964
|
}
|
|
982
965
|
|
|
966
|
+
// If a read triggered a DTLS ACK or retransmit, resolve that before reading
|
|
967
|
+
// more.
|
|
968
|
+
if (SSL_is_dtls(ssl)) {
|
|
969
|
+
int ret = ssl->method->flush(ssl);
|
|
970
|
+
if (ret <= 0) {
|
|
971
|
+
return ret;
|
|
972
|
+
}
|
|
973
|
+
}
|
|
974
|
+
|
|
983
975
|
// Complete the current handshake, if any. False Start will cause
|
|
984
976
|
// |SSL_do_handshake| to return mid-handshake, so this may require multiple
|
|
985
977
|
// iterations.
|
|
@@ -1047,7 +1039,7 @@ int SSL_read(SSL *ssl, void *buf, int num) {
|
|
|
1047
1039
|
}
|
|
1048
1040
|
|
|
1049
1041
|
int SSL_peek(SSL *ssl, void *buf, int num) {
|
|
1050
|
-
if (ssl
|
|
1042
|
+
if (SSL_is_quic(ssl)) {
|
|
1051
1043
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
1052
1044
|
return -1;
|
|
1053
1045
|
}
|
|
@@ -1068,7 +1060,7 @@ int SSL_peek(SSL *ssl, void *buf, int num) {
|
|
|
1068
1060
|
int SSL_write(SSL *ssl, const void *buf, int num) {
|
|
1069
1061
|
ssl_reset_error_state(ssl);
|
|
1070
1062
|
|
|
1071
|
-
if (ssl
|
|
1063
|
+
if (SSL_is_quic(ssl)) {
|
|
1072
1064
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
1073
1065
|
return -1;
|
|
1074
1066
|
}
|
|
@@ -1114,7 +1106,7 @@ int SSL_key_update(SSL *ssl, int request_type) {
|
|
|
1114
1106
|
return 0;
|
|
1115
1107
|
}
|
|
1116
1108
|
|
|
1117
|
-
if (ssl
|
|
1109
|
+
if (SSL_is_quic(ssl)) {
|
|
1118
1110
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
1119
1111
|
return 0;
|
|
1120
1112
|
}
|
|
@@ -1129,12 +1121,7 @@ int SSL_key_update(SSL *ssl, int request_type) {
|
|
|
1129
1121
|
return 0;
|
|
1130
1122
|
}
|
|
1131
1123
|
|
|
1132
|
-
|
|
1133
|
-
!tls13_add_key_update(ssl, request_type)) {
|
|
1134
|
-
return 0;
|
|
1135
|
-
}
|
|
1136
|
-
|
|
1137
|
-
return 1;
|
|
1124
|
+
return tls13_add_key_update(ssl, request_type);
|
|
1138
1125
|
}
|
|
1139
1126
|
|
|
1140
1127
|
int SSL_shutdown(SSL *ssl) {
|
|
@@ -1255,7 +1242,7 @@ int SSL_early_data_accepted(const SSL *ssl) {
|
|
|
1255
1242
|
|
|
1256
1243
|
void SSL_reset_early_data_reject(SSL *ssl) {
|
|
1257
1244
|
SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
|
1258
|
-
if (hs == NULL ||
|
|
1245
|
+
if (hs == NULL || //
|
|
1259
1246
|
hs->wait != ssl_hs_early_data_rejected) {
|
|
1260
1247
|
abort();
|
|
1261
1248
|
}
|
|
@@ -1360,7 +1347,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
|
|
|
1360
1347
|
return ssl->s3->rwstate;
|
|
1361
1348
|
|
|
1362
1349
|
case SSL_ERROR_WANT_READ: {
|
|
1363
|
-
if (ssl
|
|
1350
|
+
if (SSL_is_quic(ssl)) {
|
|
1364
1351
|
return SSL_ERROR_WANT_READ;
|
|
1365
1352
|
}
|
|
1366
1353
|
BIO *bio = SSL_get_rbio(ssl);
|
|
@@ -1515,36 +1502,31 @@ int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len,
|
|
|
1515
1502
|
// The tls-unique value is the first Finished message in the handshake, which
|
|
1516
1503
|
// is the client's in a full handshake and the server's for a resumption. See
|
|
1517
1504
|
// https://tools.ietf.org/html/rfc5929#section-3.1.
|
|
1518
|
-
const uint8_t
|
|
1519
|
-
size_t finished_len = ssl->s3->previous_client_finished_len;
|
|
1505
|
+
Span<const uint8_t> finished = ssl->s3->previous_client_finished;
|
|
1520
1506
|
if (ssl->session != NULL) {
|
|
1521
1507
|
// tls-unique is broken for resumed sessions unless EMS is used.
|
|
1522
1508
|
if (!ssl->session->extended_master_secret) {
|
|
1523
1509
|
return 0;
|
|
1524
1510
|
}
|
|
1525
1511
|
finished = ssl->s3->previous_server_finished;
|
|
1526
|
-
finished_len = ssl->s3->previous_server_finished_len;
|
|
1527
1512
|
}
|
|
1528
1513
|
|
|
1529
|
-
*out_len =
|
|
1530
|
-
if (
|
|
1514
|
+
*out_len = finished.size();
|
|
1515
|
+
if (finished.size() > max_out) {
|
|
1531
1516
|
*out_len = max_out;
|
|
1532
1517
|
}
|
|
1533
1518
|
|
|
1534
|
-
OPENSSL_memcpy(out, finished, *out_len);
|
|
1519
|
+
OPENSSL_memcpy(out, finished.data(), *out_len);
|
|
1535
1520
|
return 1;
|
|
1536
1521
|
}
|
|
1537
1522
|
|
|
1538
1523
|
static int set_session_id_context(CERT *cert, const uint8_t *sid_ctx,
|
|
1539
|
-
|
|
1540
|
-
if (
|
|
1524
|
+
size_t sid_ctx_len) {
|
|
1525
|
+
if (!cert->sid_ctx.TryCopyFrom(MakeConstSpan(sid_ctx, sid_ctx_len))) {
|
|
1541
1526
|
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
|
|
1542
1527
|
return 0;
|
|
1543
1528
|
}
|
|
1544
1529
|
|
|
1545
|
-
static_assert(sizeof(cert->sid_ctx) < 256, "sid_ctx too large");
|
|
1546
|
-
cert->sid_ctx_length = (uint8_t)sid_ctx_len;
|
|
1547
|
-
OPENSSL_memcpy(cert->sid_ctx, sid_ctx, sid_ctx_len);
|
|
1548
1530
|
return 1;
|
|
1549
1531
|
}
|
|
1550
1532
|
|
|
@@ -1567,8 +1549,8 @@ const uint8_t *SSL_get0_session_id_context(const SSL *ssl, size_t *out_len) {
|
|
|
1567
1549
|
*out_len = 0;
|
|
1568
1550
|
return NULL;
|
|
1569
1551
|
}
|
|
1570
|
-
*out_len = ssl->config->cert->
|
|
1571
|
-
return ssl->config->cert->sid_ctx;
|
|
1552
|
+
*out_len = ssl->config->cert->sid_ctx.size();
|
|
1553
|
+
return ssl->config->cert->sid_ctx.data();
|
|
1572
1554
|
}
|
|
1573
1555
|
|
|
1574
1556
|
int SSL_get_fd(const SSL *ssl) { return SSL_get_rfd(ssl); }
|
|
@@ -1643,13 +1625,12 @@ int SSL_set_rfd(SSL *ssl, int fd) {
|
|
|
1643
1625
|
}
|
|
1644
1626
|
#endif // !OPENSSL_NO_SOCK
|
|
1645
1627
|
|
|
1646
|
-
static size_t copy_finished(void *out, size_t out_len, const uint8_t
|
|
1647
|
-
|
|
1648
|
-
|
|
1649
|
-
out_len = in_len;
|
|
1628
|
+
static size_t copy_finished(void *out, size_t out_len, Span<const uint8_t> in) {
|
|
1629
|
+
if (out_len > in.size()) {
|
|
1630
|
+
out_len = in.size();
|
|
1650
1631
|
}
|
|
1651
|
-
OPENSSL_memcpy(out, in, out_len);
|
|
1652
|
-
return
|
|
1632
|
+
OPENSSL_memcpy(out, in.data(), out_len);
|
|
1633
|
+
return in.size();
|
|
1653
1634
|
}
|
|
1654
1635
|
|
|
1655
1636
|
size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
|
|
@@ -1659,12 +1640,10 @@ size_t SSL_get_finished(const SSL *ssl, void *buf, size_t count) {
|
|
|
1659
1640
|
}
|
|
1660
1641
|
|
|
1661
1642
|
if (ssl->server) {
|
|
1662
|
-
return copy_finished(buf, count, ssl->s3->previous_server_finished
|
|
1663
|
-
ssl->s3->previous_server_finished_len);
|
|
1643
|
+
return copy_finished(buf, count, ssl->s3->previous_server_finished);
|
|
1664
1644
|
}
|
|
1665
1645
|
|
|
1666
|
-
return copy_finished(buf, count, ssl->s3->previous_client_finished
|
|
1667
|
-
ssl->s3->previous_client_finished_len);
|
|
1646
|
+
return copy_finished(buf, count, ssl->s3->previous_client_finished);
|
|
1668
1647
|
}
|
|
1669
1648
|
|
|
1670
1649
|
size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
|
|
@@ -1674,12 +1653,10 @@ size_t SSL_get_peer_finished(const SSL *ssl, void *buf, size_t count) {
|
|
|
1674
1653
|
}
|
|
1675
1654
|
|
|
1676
1655
|
if (ssl->server) {
|
|
1677
|
-
return copy_finished(buf, count, ssl->s3->previous_client_finished
|
|
1678
|
-
ssl->s3->previous_client_finished_len);
|
|
1656
|
+
return copy_finished(buf, count, ssl->s3->previous_client_finished);
|
|
1679
1657
|
}
|
|
1680
1658
|
|
|
1681
|
-
return copy_finished(buf, count, ssl->s3->previous_server_finished
|
|
1682
|
-
ssl->s3->previous_server_finished_len);
|
|
1659
|
+
return copy_finished(buf, count, ssl->s3->previous_server_finished);
|
|
1683
1660
|
}
|
|
1684
1661
|
|
|
1685
1662
|
int SSL_get_verify_mode(const SSL *ssl) {
|
|
@@ -1693,7 +1670,7 @@ int SSL_get_verify_mode(const SSL *ssl) {
|
|
|
1693
1670
|
int SSL_get_extms_support(const SSL *ssl) {
|
|
1694
1671
|
// TLS 1.3 does not require extended master secret and always reports as
|
|
1695
1672
|
// supporting it.
|
|
1696
|
-
if (
|
|
1673
|
+
if (ssl->s3->version == 0) {
|
|
1697
1674
|
return 0;
|
|
1698
1675
|
}
|
|
1699
1676
|
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
@@ -1748,7 +1725,7 @@ static bool has_cert_and_key(const SSL_CREDENTIAL *cred) {
|
|
|
1748
1725
|
int SSL_CTX_check_private_key(const SSL_CTX *ctx) {
|
|
1749
1726
|
// There is no need to actually check consistency because inconsistent values
|
|
1750
1727
|
// can never be configured.
|
|
1751
|
-
return has_cert_and_key(ctx->cert->
|
|
1728
|
+
return has_cert_and_key(ctx->cert->legacy_credential.get());
|
|
1752
1729
|
}
|
|
1753
1730
|
|
|
1754
1731
|
int SSL_check_private_key(const SSL *ssl) {
|
|
@@ -1758,7 +1735,7 @@ int SSL_check_private_key(const SSL *ssl) {
|
|
|
1758
1735
|
|
|
1759
1736
|
// There is no need to actually check consistency because inconsistent values
|
|
1760
1737
|
// can never be configured.
|
|
1761
|
-
return has_cert_and_key(ssl->config->cert->
|
|
1738
|
+
return has_cert_and_key(ssl->config->cert->legacy_credential.get());
|
|
1762
1739
|
}
|
|
1763
1740
|
|
|
1764
1741
|
long SSL_get_default_timeout(const SSL *ssl) {
|
|
@@ -1824,9 +1801,7 @@ void SSL_CTX_set_max_cert_list(SSL_CTX *ctx, size_t max_cert_list) {
|
|
|
1824
1801
|
ctx->max_cert_list = (uint32_t)max_cert_list;
|
|
1825
1802
|
}
|
|
1826
1803
|
|
|
1827
|
-
size_t SSL_get_max_cert_list(const SSL *ssl) {
|
|
1828
|
-
return ssl->max_cert_list;
|
|
1829
|
-
}
|
|
1804
|
+
size_t SSL_get_max_cert_list(const SSL *ssl) { return ssl->max_cert_list; }
|
|
1830
1805
|
|
|
1831
1806
|
void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list) {
|
|
1832
1807
|
if (max_cert_list > kMaxHandshakeSize) {
|
|
@@ -1868,7 +1843,7 @@ int SSL_set_mtu(SSL *ssl, unsigned mtu) {
|
|
|
1868
1843
|
}
|
|
1869
1844
|
|
|
1870
1845
|
int SSL_get_secure_renegotiation_support(const SSL *ssl) {
|
|
1871
|
-
if (
|
|
1846
|
+
if (ssl->s3->version == 0) {
|
|
1872
1847
|
return 0;
|
|
1873
1848
|
}
|
|
1874
1849
|
return ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
|
|
@@ -1949,9 +1924,9 @@ int SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, const void *in, size_t len) {
|
|
|
1949
1924
|
}
|
|
1950
1925
|
|
|
1951
1926
|
int SSL_CTX_set_tlsext_ticket_key_cb(
|
|
1952
|
-
SSL_CTX *ctx,
|
|
1953
|
-
|
|
1954
|
-
|
|
1927
|
+
SSL_CTX *ctx,
|
|
1928
|
+
int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
|
|
1929
|
+
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx, int encrypt)) {
|
|
1955
1930
|
ctx->ticket_key_cb = callback;
|
|
1956
1931
|
return 1;
|
|
1957
1932
|
}
|
|
@@ -1985,7 +1960,7 @@ int SSL_set1_group_ids(SSL *ssl, const uint16_t *group_ids,
|
|
|
1985
1960
|
static bool ssl_nids_to_group_ids(Array<uint16_t> *out_group_ids,
|
|
1986
1961
|
Span<const int> nids) {
|
|
1987
1962
|
Array<uint16_t> group_ids;
|
|
1988
|
-
if (!group_ids.
|
|
1963
|
+
if (!group_ids.InitForOverwrite(nids.size())) {
|
|
1989
1964
|
return false;
|
|
1990
1965
|
}
|
|
1991
1966
|
|
|
@@ -2027,7 +2002,7 @@ static bool ssl_str_to_group_ids(Array<uint16_t> *out_group_ids,
|
|
|
2027
2002
|
} while (col);
|
|
2028
2003
|
|
|
2029
2004
|
Array<uint16_t> group_ids;
|
|
2030
|
-
if (!group_ids.
|
|
2005
|
+
if (!group_ids.InitForOverwrite(count)) {
|
|
2031
2006
|
return false;
|
|
2032
2007
|
}
|
|
2033
2008
|
|
|
@@ -2078,13 +2053,9 @@ int SSL_get_negotiated_group(const SSL *ssl) {
|
|
|
2078
2053
|
return ssl_group_id_to_nid(group_id);
|
|
2079
2054
|
}
|
|
2080
2055
|
|
|
2081
|
-
int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) {
|
|
2082
|
-
return 1;
|
|
2083
|
-
}
|
|
2056
|
+
int SSL_CTX_set_tmp_dh(SSL_CTX *ctx, const DH *dh) { return 1; }
|
|
2084
2057
|
|
|
2085
|
-
int SSL_set_tmp_dh(SSL *ssl, const DH *dh) {
|
|
2086
|
-
return 1;
|
|
2087
|
-
}
|
|
2058
|
+
int SSL_set_tmp_dh(SSL *ssl, const DH *dh) { return 1; }
|
|
2088
2059
|
|
|
2089
2060
|
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
|
|
2090
2061
|
return ctx->cipher_list->ciphers.get();
|
|
@@ -2107,7 +2078,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl) {
|
|
|
2107
2078
|
}
|
|
2108
2079
|
|
|
2109
2080
|
return ssl->config->cipher_list ? ssl->config->cipher_list->ciphers.get()
|
|
2110
|
-
|
|
2081
|
+
: ssl->ctx->cipher_list->ciphers.get();
|
|
2111
2082
|
}
|
|
2112
2083
|
|
|
2113
2084
|
const char *SSL_get_cipher_list(const SSL *ssl, int n) {
|
|
@@ -2343,10 +2314,12 @@ void SSL_CTX_set_next_protos_advertised_cb(
|
|
|
2343
2314
|
ctx->next_protos_advertised_cb_arg = arg;
|
|
2344
2315
|
}
|
|
2345
2316
|
|
|
2346
|
-
void SSL_CTX_set_next_proto_select_cb(
|
|
2347
|
-
|
|
2348
|
-
|
|
2349
|
-
|
|
2317
|
+
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx,
|
|
2318
|
+
int (*cb)(SSL *ssl, uint8_t **out,
|
|
2319
|
+
uint8_t *out_len,
|
|
2320
|
+
const uint8_t *in,
|
|
2321
|
+
unsigned in_len, void *arg),
|
|
2322
|
+
void *arg) {
|
|
2350
2323
|
ctx->next_proto_select_cb = cb;
|
|
2351
2324
|
ctx->next_proto_select_cb_arg = arg;
|
|
2352
2325
|
}
|
|
@@ -2480,9 +2453,8 @@ int SSL_enable_tls_channel_id(SSL *ssl) {
|
|
|
2480
2453
|
|
|
2481
2454
|
static int is_p256_key(EVP_PKEY *private_key) {
|
|
2482
2455
|
const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(private_key);
|
|
2483
|
-
return ec_key != NULL &&
|
|
2484
|
-
|
|
2485
|
-
NID_X9_62_prime256v1;
|
|
2456
|
+
return ec_key != NULL && EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) ==
|
|
2457
|
+
NID_X9_62_prime256v1;
|
|
2486
2458
|
}
|
|
2487
2459
|
|
|
2488
2460
|
int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
|
|
@@ -2536,7 +2508,7 @@ size_t SSL_get0_peer_verify_algorithms(const SSL *ssl,
|
|
|
2536
2508
|
}
|
|
2537
2509
|
|
|
2538
2510
|
size_t SSL_get0_peer_delegation_algorithms(const SSL *ssl,
|
|
2539
|
-
const uint16_t **out_sigalgs){
|
|
2511
|
+
const uint16_t **out_sigalgs) {
|
|
2540
2512
|
Span<const uint16_t> sigalgs;
|
|
2541
2513
|
if (ssl->s3->hs != nullptr) {
|
|
2542
2514
|
sigalgs = ssl->s3->hs->peer_delegated_credential_sigalgs;
|
|
@@ -2550,11 +2522,11 @@ EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
|
|
|
2550
2522
|
assert(ssl->config);
|
|
2551
2523
|
return nullptr;
|
|
2552
2524
|
}
|
|
2553
|
-
return ssl->config->cert->
|
|
2525
|
+
return ssl->config->cert->legacy_credential->privkey.get();
|
|
2554
2526
|
}
|
|
2555
2527
|
|
|
2556
2528
|
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) {
|
|
2557
|
-
return ctx->cert->
|
|
2529
|
+
return ctx->cert->legacy_credential->privkey.get();
|
|
2558
2530
|
}
|
|
2559
2531
|
|
|
2560
2532
|
const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl) {
|
|
@@ -2658,7 +2630,7 @@ int SSL_state(const SSL *ssl) {
|
|
|
2658
2630
|
return SSL_in_init(ssl) ? SSL_ST_INIT : SSL_ST_OK;
|
|
2659
2631
|
}
|
|
2660
2632
|
|
|
2661
|
-
void SSL_set_state(SSL *ssl, int state) {
|
|
2633
|
+
void SSL_set_state(SSL *ssl, int state) {}
|
|
2662
2634
|
|
|
2663
2635
|
char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
|
|
2664
2636
|
if (len <= 0) {
|
|
@@ -2707,7 +2679,7 @@ int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
|
|
|
2707
2679
|
CRYPTO_EX_dup *dup_unused,
|
|
2708
2680
|
CRYPTO_EX_free *free_func) {
|
|
2709
2681
|
return CRYPTO_get_ex_new_index_ex(&g_ex_data_class_ssl_ctx, argl, argp,
|
|
2710
|
-
|
|
2682
|
+
free_func);
|
|
2711
2683
|
}
|
|
2712
2684
|
|
|
2713
2685
|
int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *data) {
|
|
@@ -2814,9 +2786,10 @@ void SSL_CTX_set_psk_client_callback(
|
|
|
2814
2786
|
ctx->psk_client_callback = cb;
|
|
2815
2787
|
}
|
|
2816
2788
|
|
|
2817
|
-
void SSL_set_psk_server_callback(
|
|
2818
|
-
|
|
2819
|
-
|
|
2789
|
+
void SSL_set_psk_server_callback(SSL *ssl,
|
|
2790
|
+
unsigned (*cb)(SSL *ssl, const char *identity,
|
|
2791
|
+
uint8_t *psk,
|
|
2792
|
+
unsigned max_psk_len)) {
|
|
2820
2793
|
if (!ssl->config) {
|
|
2821
2794
|
return;
|
|
2822
2795
|
}
|
|
@@ -2824,8 +2797,8 @@ void SSL_set_psk_server_callback(
|
|
|
2824
2797
|
}
|
|
2825
2798
|
|
|
2826
2799
|
void SSL_CTX_set_psk_server_callback(
|
|
2827
|
-
SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity,
|
|
2828
|
-
|
|
2800
|
+
SSL_CTX *ctx, unsigned (*cb)(SSL *ssl, const char *identity, uint8_t *psk,
|
|
2801
|
+
unsigned max_psk_len)) {
|
|
2829
2802
|
ctx->psk_server_callback = cb;
|
|
2830
2803
|
}
|
|
2831
2804
|
|
|
@@ -2878,9 +2851,7 @@ int SSL_can_release_private_key(const SSL *ssl) {
|
|
|
2878
2851
|
return !ssl->s3->hs || ssl->s3->hs->can_release_private_key;
|
|
2879
2852
|
}
|
|
2880
2853
|
|
|
2881
|
-
int SSL_is_init_finished(const SSL *ssl) {
|
|
2882
|
-
return !SSL_in_init(ssl);
|
|
2883
|
-
}
|
|
2854
|
+
int SSL_is_init_finished(const SSL *ssl) { return !SSL_in_init(ssl); }
|
|
2884
2855
|
|
|
2885
2856
|
int SSL_in_init(const SSL *ssl) {
|
|
2886
2857
|
// This returns false once all the handshake state has been finalized, to
|
|
@@ -2897,14 +2868,14 @@ int SSL_in_false_start(const SSL *ssl) {
|
|
|
2897
2868
|
return ssl->s3->hs->in_false_start;
|
|
2898
2869
|
}
|
|
2899
2870
|
|
|
2900
|
-
int SSL_cutthrough_complete(const SSL *ssl) {
|
|
2901
|
-
return SSL_in_false_start(ssl);
|
|
2902
|
-
}
|
|
2871
|
+
int SSL_cutthrough_complete(const SSL *ssl) { return SSL_in_false_start(ssl); }
|
|
2903
2872
|
|
|
2904
2873
|
int SSL_is_server(const SSL *ssl) { return ssl->server; }
|
|
2905
2874
|
|
|
2906
2875
|
int SSL_is_dtls(const SSL *ssl) { return ssl->method->is_dtls; }
|
|
2907
2876
|
|
|
2877
|
+
int SSL_is_quic(const SSL *ssl) { return ssl->quic_method != nullptr; }
|
|
2878
|
+
|
|
2908
2879
|
void SSL_CTX_set_select_certificate_cb(
|
|
2909
2880
|
SSL_CTX *ctx,
|
|
2910
2881
|
enum ssl_select_cert_result_t (*cb)(const SSL_CLIENT_HELLO *)) {
|
|
@@ -2942,6 +2913,13 @@ void SSL_set_renegotiate_mode(SSL *ssl, enum ssl_renegotiate_mode_t mode) {
|
|
|
2942
2913
|
|
|
2943
2914
|
int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
|
|
2944
2915
|
const uint8_t **out_write_iv, size_t *out_iv_len) {
|
|
2916
|
+
// No cipher suites maintain stateful internal IVs in DTLS. It would not be
|
|
2917
|
+
// compatible with reordering.
|
|
2918
|
+
if (SSL_is_dtls(ssl)) {
|
|
2919
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
2920
|
+
return 0;
|
|
2921
|
+
}
|
|
2922
|
+
|
|
2945
2923
|
size_t write_iv_len;
|
|
2946
2924
|
if (!ssl->s3->aead_read_ctx->GetIV(out_read_iv, out_iv_len) ||
|
|
2947
2925
|
!ssl->s3->aead_write_ctx->GetIV(out_write_iv, &write_iv_len) ||
|
|
@@ -2954,30 +2932,30 @@ int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
|
|
|
2954
2932
|
|
|
2955
2933
|
uint64_t SSL_get_read_sequence(const SSL *ssl) {
|
|
2956
2934
|
if (SSL_is_dtls(ssl)) {
|
|
2957
|
-
// TODO(crbug.com/42290608):
|
|
2958
|
-
//
|
|
2959
|
-
//
|
|
2960
|
-
//
|
|
2961
|
-
//
|
|
2962
|
-
//
|
|
2963
|
-
//
|
|
2964
|
-
|
|
2965
|
-
//
|
|
2966
|
-
//
|
|
2967
|
-
//
|
|
2968
|
-
|
|
2969
|
-
return
|
|
2935
|
+
// TODO(crbug.com/42290608): This API needs to reworked.
|
|
2936
|
+
//
|
|
2937
|
+
// In DTLS 1.2, right at an epoch transition, |read_epoch| may not have
|
|
2938
|
+
// received any records. We will then return that sequence 0 is the highest
|
|
2939
|
+
// received, but it's really -1, which is not representable. This is mostly
|
|
2940
|
+
// moot because, after the handshake, we will never be in the state.
|
|
2941
|
+
//
|
|
2942
|
+
// In DTLS 1.3, epochs do not transition until the first record comes in.
|
|
2943
|
+
// This avoids the DTLS 1.2 problem but introduces a different problem:
|
|
2944
|
+
// during a KeyUpdate (which may occur in the steady state), both epochs are
|
|
2945
|
+
// live. We'll likely need a new API for DTLS offload.
|
|
2946
|
+
const DTLSReadEpoch *read_epoch = &ssl->d1->read_epoch;
|
|
2947
|
+
return DTLSRecordNumber(read_epoch->epoch, read_epoch->bitmap.max_seq_num())
|
|
2948
|
+
.combined();
|
|
2970
2949
|
}
|
|
2971
2950
|
return ssl->s3->read_sequence;
|
|
2972
2951
|
}
|
|
2973
2952
|
|
|
2974
2953
|
uint64_t SSL_get_write_sequence(const SSL *ssl) {
|
|
2975
|
-
uint64_t ret = ssl->s3->write_sequence;
|
|
2976
2954
|
if (SSL_is_dtls(ssl)) {
|
|
2977
|
-
|
|
2978
|
-
ret |= uint64_t{ssl->d1->w_epoch} << 48;
|
|
2955
|
+
return ssl->d1->write_epoch.next_record.combined();
|
|
2979
2956
|
}
|
|
2980
|
-
|
|
2957
|
+
|
|
2958
|
+
return ssl->s3->write_sequence;
|
|
2981
2959
|
}
|
|
2982
2960
|
|
|
2983
2961
|
uint16_t SSL_get_peer_signature_algorithm(const SSL *ssl) {
|
|
@@ -3179,8 +3157,8 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
|
|
|
3179
3157
|
|
|
3180
3158
|
SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
|
|
3181
3159
|
size_t buf_len) {
|
|
3182
|
-
if (SSL_in_init(ssl) ||
|
|
3183
|
-
ssl_protocol_version(ssl) != TLS1_3_VERSION ||
|
|
3160
|
+
if (SSL_in_init(ssl) || //
|
|
3161
|
+
ssl_protocol_version(ssl) != TLS1_3_VERSION || //
|
|
3184
3162
|
ssl->server) {
|
|
3185
3163
|
// Only TLS 1.3 clients are supported.
|
|
3186
3164
|
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
@@ -3190,8 +3168,8 @@ SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
|
|
|
3190
3168
|
CBS cbs, body;
|
|
3191
3169
|
CBS_init(&cbs, buf, buf_len);
|
|
3192
3170
|
uint8_t type;
|
|
3193
|
-
if (!CBS_get_u8(&cbs, &type) ||
|
|
3194
|
-
!CBS_get_u24_length_prefixed(&cbs, &body) ||
|
|
3171
|
+
if (!CBS_get_u8(&cbs, &type) || //
|
|
3172
|
+
!CBS_get_u24_length_prefixed(&cbs, &body) || //
|
|
3195
3173
|
CBS_len(&cbs) != 0) {
|
|
3196
3174
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
3197
3175
|
return nullptr;
|
|
@@ -3226,8 +3204,8 @@ int SSL_get_tlsext_status_type(const SSL *ssl) {
|
|
|
3226
3204
|
if (ssl->server) {
|
|
3227
3205
|
SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
|
3228
3206
|
return hs != nullptr && hs->ocsp_stapling_requested
|
|
3229
|
-
|
|
3230
|
-
|
|
3207
|
+
? TLSEXT_STATUSTYPE_ocsp
|
|
3208
|
+
: TLSEXT_STATUSTYPE_nothing;
|
|
3231
3209
|
}
|
|
3232
3210
|
|
|
3233
3211
|
return ssl->config != nullptr && ssl->config->ocsp_stapling_enabled
|
|
@@ -3411,12 +3389,11 @@ static int Configure(SSL_CTX *ctx) {
|
|
|
3411
3389
|
}
|
|
3412
3390
|
|
|
3413
3391
|
static int Configure(SSL *ssl) {
|
|
3414
|
-
ssl->config->tls13_cipher_policy =
|
|
3415
|
-
ssl_compliance_policy_cnsa_202407;
|
|
3392
|
+
ssl->config->tls13_cipher_policy = ssl_compliance_policy_cnsa_202407;
|
|
3416
3393
|
return 1;
|
|
3417
3394
|
}
|
|
3418
3395
|
|
|
3419
|
-
}
|
|
3396
|
+
} // namespace cnsa202407
|
|
3420
3397
|
|
|
3421
3398
|
int SSL_CTX_set_compliance_policy(SSL_CTX *ctx,
|
|
3422
3399
|
enum ssl_compliance_policy_t policy) {
|