grpc 1.69.0 → 1.70.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +251 -249
- data/include/grpc/support/atm.h +0 -13
- data/src/core/call/request_buffer.cc +224 -0
- data/src/core/call/request_buffer.h +192 -0
- data/src/core/client_channel/client_channel.cc +2 -3
- data/src/core/client_channel/client_channel_args.h +21 -0
- data/src/core/client_channel/client_channel_filter.h +1 -3
- data/src/core/client_channel/retry_interceptor.cc +406 -0
- data/src/core/client_channel/retry_interceptor.h +157 -0
- data/src/core/client_channel/retry_service_config.h +13 -0
- data/src/core/client_channel/retry_throttle.cc +33 -18
- data/src/core/client_channel/retry_throttle.h +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
- data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
- data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
- data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
- data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
- data/src/core/filter/filter_args.h +112 -0
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
- data/src/core/lib/channel/promise_based_filter.h +5 -79
- data/src/core/lib/debug/trace_flags.cc +2 -0
- data/src/core/lib/debug/trace_flags.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
- data/src/core/lib/experiments/experiments.cc +90 -39
- data/src/core/lib/experiments/experiments.h +43 -24
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
- data/src/core/lib/promise/activity.cc +2 -0
- data/src/core/lib/promise/activity.h +29 -8
- data/src/core/lib/promise/map.h +42 -0
- data/src/core/lib/promise/party.cc +36 -1
- data/src/core/lib/promise/party.h +13 -5
- data/src/core/lib/promise/sleep.h +1 -0
- data/src/core/lib/promise/status_flag.h +10 -0
- data/src/core/lib/resource_quota/arena.h +8 -0
- data/src/core/lib/resource_quota/connection_quota.h +4 -0
- data/src/core/lib/surface/call_utils.h +2 -0
- data/src/core/lib/surface/client_call.cc +43 -35
- data/src/core/lib/surface/client_call.h +5 -0
- data/src/core/lib/surface/event_string.cc +7 -1
- data/src/core/lib/surface/init_internally.h +13 -2
- data/src/core/lib/surface/server_call.cc +100 -85
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/call_filters.cc +10 -4
- data/src/core/lib/transport/call_filters.h +8 -0
- data/src/core/lib/transport/call_spine.cc +36 -71
- data/src/core/lib/transport/call_spine.h +131 -7
- data/src/core/lib/transport/call_state.h +132 -39
- data/src/core/lib/transport/interception_chain.cc +8 -0
- data/src/core/lib/transport/interception_chain.h +9 -0
- data/src/core/load_balancing/endpoint_list.cc +10 -0
- data/src/core/load_balancing/endpoint_list.h +13 -6
- data/src/core/load_balancing/lb_policy.h +0 -8
- data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
- data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
- data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
- data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
- data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
- data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
- data/src/core/resolver/xds/xds_resolver.cc +28 -47
- data/src/core/server/server.cc +290 -24
- data/src/core/server/server.h +199 -61
- data/src/core/server/xds_server_config_fetcher.cc +78 -142
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/util/backoff.cc +15 -4
- data/src/core/util/http_client/httpcli.cc +66 -18
- data/src/core/util/http_client/httpcli.h +14 -4
- data/src/core/util/matchers.h +5 -10
- data/src/core/util/ref_counted.h +1 -0
- data/src/core/util/ref_counted_ptr.h +1 -1
- data/src/core/util/useful.h +9 -11
- data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
- data/src/core/xds/grpc/xds_metadata.h +8 -0
- data/src/core/xds/xds_client/xds_api.cc +0 -223
- data/src/core/xds/xds_client/xds_api.h +1 -133
- data/src/core/xds/xds_client/xds_client.cc +599 -466
- data/src/core/xds/xds_client/xds_client.h +107 -26
- data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
- data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
- data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
- data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
- data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
- data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
- data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
- data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
- data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
- data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
- metadata +339 -339
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
- data/src/core/util/atm.cc +0 -34
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
|
@@ -117,6 +117,8 @@
|
|
|
117
117
|
#include <limits.h>
|
|
118
118
|
#include <string.h>
|
|
119
119
|
|
|
120
|
+
#include <algorithm>
|
|
121
|
+
|
|
120
122
|
#include <openssl/err.h>
|
|
121
123
|
#include <openssl/evp.h>
|
|
122
124
|
#include <openssl/mem.h>
|
|
@@ -140,33 +142,153 @@ static const unsigned int kMinMTU = 256 - 28;
|
|
|
140
142
|
// the underlying BIO supplies one.
|
|
141
143
|
static const unsigned int kDefaultMTU = 1500 - 28;
|
|
142
144
|
|
|
145
|
+
// BitRange returns a |uint8_t| with bits |start|, inclusive, to |end|,
|
|
146
|
+
// exclusive, set.
|
|
147
|
+
static uint8_t BitRange(size_t start, size_t end) {
|
|
148
|
+
assert(start <= end && end <= 8);
|
|
149
|
+
return static_cast<uint8_t>(~((1u << start) - 1) & ((1u << end) - 1));
|
|
150
|
+
}
|
|
143
151
|
|
|
144
|
-
//
|
|
152
|
+
// FirstUnmarkedRangeInByte returns the first unmarked range in bits |b|.
|
|
153
|
+
static DTLSMessageBitmap::Range FirstUnmarkedRangeInByte(uint8_t b) {
|
|
154
|
+
size_t start, end;
|
|
155
|
+
for (start = 0; start < 8; start++) {
|
|
156
|
+
if ((b & (1u << start)) == 0) {
|
|
157
|
+
break;
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
for (end = start; end < 8; end++) {
|
|
161
|
+
if ((b & (1u << end)) != 0) {
|
|
162
|
+
break;
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
return DTLSMessageBitmap::Range{start, end};
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
bool DTLSMessageBitmap::Init(size_t num_bits) {
|
|
169
|
+
if (num_bits + 7 < num_bits) {
|
|
170
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
|
|
171
|
+
return false;
|
|
172
|
+
}
|
|
173
|
+
size_t num_bytes = (num_bits + 7) / 8;
|
|
174
|
+
size_t bits_rounded = num_bytes * 8;
|
|
175
|
+
if (!bytes_.Init(num_bytes)) {
|
|
176
|
+
return false;
|
|
177
|
+
}
|
|
178
|
+
MarkRange(num_bits, bits_rounded);
|
|
179
|
+
first_unmarked_byte_ = 0;
|
|
180
|
+
return true;
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
void DTLSMessageBitmap::MarkRange(size_t start, size_t end) {
|
|
184
|
+
assert(start <= end);
|
|
185
|
+
// Don't bother touching bytes that have already been marked.
|
|
186
|
+
start = std::max(start, first_unmarked_byte_ << 3);
|
|
187
|
+
// Clamp everything within range.
|
|
188
|
+
start = std::min(start, bytes_.size() << 3);
|
|
189
|
+
end = std::min(end, bytes_.size() << 3);
|
|
190
|
+
if (start >= end) {
|
|
191
|
+
return;
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
if ((start >> 3) == (end >> 3)) {
|
|
195
|
+
bytes_[start >> 3] |= BitRange(start & 7, end & 7);
|
|
196
|
+
} else {
|
|
197
|
+
bytes_[start >> 3] |= BitRange(start & 7, 8);
|
|
198
|
+
for (size_t i = (start >> 3) + 1; i < (end >> 3); i++) {
|
|
199
|
+
bytes_[i] = 0xff;
|
|
200
|
+
}
|
|
201
|
+
if ((end & 7) != 0) {
|
|
202
|
+
bytes_[end >> 3] |= BitRange(0, end & 7);
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
|
|
206
|
+
// Maintain the |first_unmarked_byte_| invariant. This work is amortized
|
|
207
|
+
// across all |MarkRange| calls.
|
|
208
|
+
while (first_unmarked_byte_ < bytes_.size() &&
|
|
209
|
+
bytes_[first_unmarked_byte_] == 0xff) {
|
|
210
|
+
first_unmarked_byte_++;
|
|
211
|
+
}
|
|
212
|
+
// If the whole message is marked, we no longer need to spend memory on the
|
|
213
|
+
// bitmap.
|
|
214
|
+
if (first_unmarked_byte_ >= bytes_.size()) {
|
|
215
|
+
bytes_.Reset();
|
|
216
|
+
first_unmarked_byte_ = 0;
|
|
217
|
+
}
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
DTLSMessageBitmap::Range DTLSMessageBitmap::NextUnmarkedRange(
|
|
221
|
+
size_t start) const {
|
|
222
|
+
// Don't bother looking at bytes that are known to be fully marked.
|
|
223
|
+
start = std::max(start, first_unmarked_byte_ << 3);
|
|
224
|
+
|
|
225
|
+
size_t idx = start >> 3;
|
|
226
|
+
if (idx >= bytes_.size()) {
|
|
227
|
+
return Range{0, 0};
|
|
228
|
+
}
|
|
229
|
+
|
|
230
|
+
// Look at the bits from |start| up to a byte boundary.
|
|
231
|
+
uint8_t byte = bytes_[idx] | BitRange(0, start & 7);
|
|
232
|
+
if (byte == 0xff) {
|
|
233
|
+
// Nothing unmarked at this byte. Keep searching for an unmarked bit.
|
|
234
|
+
for (idx = idx + 1; idx < bytes_.size(); idx++) {
|
|
235
|
+
if (bytes_[idx] != 0xff) {
|
|
236
|
+
byte = bytes_[idx];
|
|
237
|
+
break;
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
if (idx >= bytes_.size()) {
|
|
241
|
+
return Range{0, 0};
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
Range range = FirstUnmarkedRangeInByte(byte);
|
|
246
|
+
assert(!range.empty());
|
|
247
|
+
bool should_extend = range.end == 8;
|
|
248
|
+
range.start += idx << 3;
|
|
249
|
+
range.end += idx << 3;
|
|
250
|
+
if (!should_extend) {
|
|
251
|
+
// The range did not end at a byte boundary. We're done.
|
|
252
|
+
return range;
|
|
253
|
+
}
|
|
145
254
|
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
255
|
+
// Collect all fully unmarked bytes.
|
|
256
|
+
for (idx = idx + 1; idx < bytes_.size(); idx++) {
|
|
257
|
+
if (bytes_[idx] != 0) {
|
|
258
|
+
break;
|
|
259
|
+
}
|
|
260
|
+
}
|
|
261
|
+
range.end = idx << 3;
|
|
262
|
+
|
|
263
|
+
// Add any bits from the remaining byte, if any.
|
|
264
|
+
if (idx < bytes_.size()) {
|
|
265
|
+
Range extra = FirstUnmarkedRangeInByte(bytes_[idx]);
|
|
266
|
+
if (extra.start == 0) {
|
|
267
|
+
range.end += extra.end;
|
|
268
|
+
}
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
return range;
|
|
149
272
|
}
|
|
150
273
|
|
|
151
|
-
|
|
274
|
+
// Receiving handshake messages.
|
|
275
|
+
|
|
276
|
+
static UniquePtr<DTLSIncomingMessage> dtls_new_incoming_message(
|
|
152
277
|
const struct hm_header_st *msg_hdr) {
|
|
153
278
|
ScopedCBB cbb;
|
|
154
|
-
UniquePtr<
|
|
279
|
+
UniquePtr<DTLSIncomingMessage> frag = MakeUnique<DTLSIncomingMessage>();
|
|
155
280
|
if (!frag) {
|
|
156
281
|
return nullptr;
|
|
157
282
|
}
|
|
158
283
|
frag->type = msg_hdr->type;
|
|
159
284
|
frag->seq = msg_hdr->seq;
|
|
160
|
-
frag->msg_len = msg_hdr->msg_len;
|
|
161
285
|
|
|
162
286
|
// Allocate space for the reassembled message and fill in the header.
|
|
163
|
-
frag->data
|
|
164
|
-
(uint8_t *)OPENSSL_malloc(DTLS1_HM_HEADER_LENGTH + msg_hdr->msg_len);
|
|
165
|
-
if (frag->data == NULL) {
|
|
287
|
+
if (!frag->data.InitForOverwrite(DTLS1_HM_HEADER_LENGTH + msg_hdr->msg_len)) {
|
|
166
288
|
return nullptr;
|
|
167
289
|
}
|
|
168
290
|
|
|
169
|
-
if (!CBB_init_fixed(cbb.get(), frag->data, DTLS1_HM_HEADER_LENGTH) ||
|
|
291
|
+
if (!CBB_init_fixed(cbb.get(), frag->data.data(), DTLS1_HM_HEADER_LENGTH) ||
|
|
170
292
|
!CBB_add_u8(cbb.get(), msg_hdr->type) ||
|
|
171
293
|
!CBB_add_u24(cbb.get(), msg_hdr->msg_len) ||
|
|
172
294
|
!CBB_add_u16(cbb.get(), msg_hdr->seq) ||
|
|
@@ -176,88 +298,26 @@ static UniquePtr<hm_fragment> dtls1_hm_fragment_new(
|
|
|
176
298
|
return nullptr;
|
|
177
299
|
}
|
|
178
300
|
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
// Initialize reassembly bitmask.
|
|
182
|
-
if (msg_hdr->msg_len + 7 < msg_hdr->msg_len) {
|
|
183
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
|
|
184
|
-
return nullptr;
|
|
185
|
-
}
|
|
186
|
-
size_t bitmask_len = (msg_hdr->msg_len + 7) / 8;
|
|
187
|
-
frag->reassembly = (uint8_t *)OPENSSL_zalloc(bitmask_len);
|
|
188
|
-
if (frag->reassembly == NULL) {
|
|
189
|
-
return nullptr;
|
|
190
|
-
}
|
|
301
|
+
if (!frag->reassembly.Init(msg_hdr->msg_len)) {
|
|
302
|
+
return nullptr;
|
|
191
303
|
}
|
|
192
304
|
|
|
193
305
|
return frag;
|
|
194
306
|
}
|
|
195
307
|
|
|
196
|
-
// bit_range returns a |uint8_t| with bits |start|, inclusive, to |end|,
|
|
197
|
-
// exclusive, set.
|
|
198
|
-
static uint8_t bit_range(size_t start, size_t end) {
|
|
199
|
-
return (uint8_t)(~((1u << start) - 1) & ((1u << end) - 1));
|
|
200
|
-
}
|
|
201
|
-
|
|
202
|
-
// dtls1_hm_fragment_mark marks bytes |start|, inclusive, to |end|, exclusive,
|
|
203
|
-
// as received in |frag|. If |frag| becomes complete, it clears
|
|
204
|
-
// |frag->reassembly|. The range must be within the bounds of |frag|'s message
|
|
205
|
-
// and |frag->reassembly| must not be NULL.
|
|
206
|
-
static void dtls1_hm_fragment_mark(hm_fragment *frag, size_t start,
|
|
207
|
-
size_t end) {
|
|
208
|
-
size_t msg_len = frag->msg_len;
|
|
209
|
-
|
|
210
|
-
if (frag->reassembly == NULL || start > end || end > msg_len) {
|
|
211
|
-
assert(0);
|
|
212
|
-
return;
|
|
213
|
-
}
|
|
214
|
-
// A zero-length message will never have a pending reassembly.
|
|
215
|
-
assert(msg_len > 0);
|
|
216
|
-
|
|
217
|
-
if (start == end) {
|
|
218
|
-
return;
|
|
219
|
-
}
|
|
220
|
-
|
|
221
|
-
if ((start >> 3) == (end >> 3)) {
|
|
222
|
-
frag->reassembly[start >> 3] |= bit_range(start & 7, end & 7);
|
|
223
|
-
} else {
|
|
224
|
-
frag->reassembly[start >> 3] |= bit_range(start & 7, 8);
|
|
225
|
-
for (size_t i = (start >> 3) + 1; i < (end >> 3); i++) {
|
|
226
|
-
frag->reassembly[i] = 0xff;
|
|
227
|
-
}
|
|
228
|
-
if ((end & 7) != 0) {
|
|
229
|
-
frag->reassembly[end >> 3] |= bit_range(0, end & 7);
|
|
230
|
-
}
|
|
231
|
-
}
|
|
232
|
-
|
|
233
|
-
// Check if the fragment is complete.
|
|
234
|
-
for (size_t i = 0; i < (msg_len >> 3); i++) {
|
|
235
|
-
if (frag->reassembly[i] != 0xff) {
|
|
236
|
-
return;
|
|
237
|
-
}
|
|
238
|
-
}
|
|
239
|
-
if ((msg_len & 7) != 0 &&
|
|
240
|
-
frag->reassembly[msg_len >> 3] != bit_range(0, msg_len & 7)) {
|
|
241
|
-
return;
|
|
242
|
-
}
|
|
243
|
-
|
|
244
|
-
OPENSSL_free(frag->reassembly);
|
|
245
|
-
frag->reassembly = NULL;
|
|
246
|
-
}
|
|
247
|
-
|
|
248
308
|
// dtls1_is_current_message_complete returns whether the current handshake
|
|
249
309
|
// message is complete.
|
|
250
310
|
static bool dtls1_is_current_message_complete(const SSL *ssl) {
|
|
251
311
|
size_t idx = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
|
|
252
|
-
|
|
253
|
-
return frag !=
|
|
312
|
+
DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get();
|
|
313
|
+
return frag != nullptr && frag->reassembly.IsComplete();
|
|
254
314
|
}
|
|
255
315
|
|
|
256
316
|
// dtls1_get_incoming_message returns the incoming message corresponding to
|
|
257
317
|
// |msg_hdr|. If none exists, it creates a new one and inserts it in the
|
|
258
318
|
// queue. Otherwise, it checks |msg_hdr| is consistent with the existing one. It
|
|
259
319
|
// returns NULL on failure. The caller does not take ownership of the result.
|
|
260
|
-
static
|
|
320
|
+
static DTLSIncomingMessage *dtls1_get_incoming_message(
|
|
261
321
|
SSL *ssl, uint8_t *out_alert, const struct hm_header_st *msg_hdr) {
|
|
262
322
|
if (msg_hdr->seq < ssl->d1->handshake_read_seq ||
|
|
263
323
|
msg_hdr->seq - ssl->d1->handshake_read_seq >= SSL_MAX_HANDSHAKE_FLIGHT) {
|
|
@@ -266,13 +326,13 @@ static hm_fragment *dtls1_get_incoming_message(
|
|
|
266
326
|
}
|
|
267
327
|
|
|
268
328
|
size_t idx = msg_hdr->seq % SSL_MAX_HANDSHAKE_FLIGHT;
|
|
269
|
-
|
|
329
|
+
DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get();
|
|
270
330
|
if (frag != NULL) {
|
|
271
331
|
assert(frag->seq == msg_hdr->seq);
|
|
272
332
|
// The new fragment must be compatible with the previous fragments from this
|
|
273
333
|
// message.
|
|
274
|
-
if (frag->type != msg_hdr->type ||
|
|
275
|
-
frag->msg_len != msg_hdr->msg_len) {
|
|
334
|
+
if (frag->type != msg_hdr->type || //
|
|
335
|
+
frag->msg_len() != msg_hdr->msg_len) {
|
|
276
336
|
OPENSSL_PUT_ERROR(SSL, SSL_R_FRAGMENT_MISMATCH);
|
|
277
337
|
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
278
338
|
return NULL;
|
|
@@ -281,7 +341,7 @@ static hm_fragment *dtls1_get_incoming_message(
|
|
|
281
341
|
}
|
|
282
342
|
|
|
283
343
|
// This is the first fragment from this message.
|
|
284
|
-
ssl->d1->incoming_messages[idx] =
|
|
344
|
+
ssl->d1->incoming_messages[idx] = dtls_new_incoming_message(msg_hdr);
|
|
285
345
|
if (!ssl->d1->incoming_messages[idx]) {
|
|
286
346
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
287
347
|
return NULL;
|
|
@@ -289,115 +349,184 @@ static hm_fragment *dtls1_get_incoming_message(
|
|
|
289
349
|
return ssl->d1->incoming_messages[idx].get();
|
|
290
350
|
}
|
|
291
351
|
|
|
352
|
+
bool dtls1_process_handshake_fragments(SSL *ssl, uint8_t *out_alert,
|
|
353
|
+
DTLSRecordNumber record_number,
|
|
354
|
+
Span<const uint8_t> record) {
|
|
355
|
+
bool implicit_ack = false;
|
|
356
|
+
bool skipped_fragments = false;
|
|
357
|
+
CBS cbs = record;
|
|
358
|
+
while (CBS_len(&cbs) > 0) {
|
|
359
|
+
// Read a handshake fragment.
|
|
360
|
+
struct hm_header_st msg_hdr;
|
|
361
|
+
CBS body;
|
|
362
|
+
if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
|
|
363
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
|
|
364
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
365
|
+
return false;
|
|
366
|
+
}
|
|
367
|
+
|
|
368
|
+
const size_t frag_off = msg_hdr.frag_off;
|
|
369
|
+
const size_t frag_len = msg_hdr.frag_len;
|
|
370
|
+
const size_t msg_len = msg_hdr.msg_len;
|
|
371
|
+
if (frag_off > msg_len || frag_len > msg_len - frag_off) {
|
|
372
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
|
|
373
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
374
|
+
return false;
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
if (msg_hdr.seq < ssl->d1->handshake_read_seq ||
|
|
378
|
+
ssl->d1->handshake_read_overflow) {
|
|
379
|
+
// Ignore fragments from the past. This is a retransmit of data we already
|
|
380
|
+
// received.
|
|
381
|
+
//
|
|
382
|
+
// TODO(crbug.com/42290594): Use this to drive retransmits.
|
|
383
|
+
continue;
|
|
384
|
+
}
|
|
385
|
+
|
|
386
|
+
if (record_number.epoch() != ssl->d1->read_epoch.epoch ||
|
|
387
|
+
ssl->d1->next_read_epoch != nullptr) {
|
|
388
|
+
// New messages can only arrive in the latest epoch. This can fail if the
|
|
389
|
+
// record came from |prev_read_epoch|, or if it came from |read_epoch| but
|
|
390
|
+
// |next_read_epoch| exists. (It cannot come from |next_read_epoch|
|
|
391
|
+
// because |next_read_epoch| becomes |read_epoch| once it receives a
|
|
392
|
+
// record.)
|
|
393
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
|
394
|
+
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
|
|
395
|
+
return false;
|
|
396
|
+
}
|
|
397
|
+
|
|
398
|
+
if (msg_len > ssl_max_handshake_message_len(ssl)) {
|
|
399
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
|
|
400
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
401
|
+
return false;
|
|
402
|
+
}
|
|
403
|
+
|
|
404
|
+
if (SSL_in_init(ssl) && ssl_has_final_version(ssl) &&
|
|
405
|
+
ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
406
|
+
// During the handshake, if we receive any portion of the next flight, the
|
|
407
|
+
// peer must have received our most recent flight. In DTLS 1.3, this is an
|
|
408
|
+
// implicit ACK. See RFC 9147, Section 7.1.
|
|
409
|
+
//
|
|
410
|
+
// This only applies during the handshake. After the handshake, the next
|
|
411
|
+
// message may be part of a post-handshake transaction. It also does not
|
|
412
|
+
// apply immediately after the handshake. As a client, receiving a
|
|
413
|
+
// KeyUpdate or NewSessionTicket does not imply the server has received
|
|
414
|
+
// our Finished. The server may have sent those messages in half-RTT.
|
|
415
|
+
implicit_ack = true;
|
|
416
|
+
}
|
|
417
|
+
|
|
418
|
+
if (msg_hdr.seq - ssl->d1->handshake_read_seq > SSL_MAX_HANDSHAKE_FLIGHT) {
|
|
419
|
+
// Ignore fragments too far in the future.
|
|
420
|
+
skipped_fragments = true;
|
|
421
|
+
continue;
|
|
422
|
+
}
|
|
423
|
+
|
|
424
|
+
DTLSIncomingMessage *frag =
|
|
425
|
+
dtls1_get_incoming_message(ssl, out_alert, &msg_hdr);
|
|
426
|
+
if (frag == nullptr) {
|
|
427
|
+
return false;
|
|
428
|
+
}
|
|
429
|
+
assert(frag->msg_len() == msg_len);
|
|
430
|
+
|
|
431
|
+
if (frag->reassembly.IsComplete()) {
|
|
432
|
+
// The message is already assembled.
|
|
433
|
+
continue;
|
|
434
|
+
}
|
|
435
|
+
assert(msg_len > 0);
|
|
436
|
+
|
|
437
|
+
// Copy the body into the fragment.
|
|
438
|
+
Span<uint8_t> dest = frag->msg().subspan(frag_off, CBS_len(&body));
|
|
439
|
+
OPENSSL_memcpy(dest.data(), CBS_data(&body), CBS_len(&body));
|
|
440
|
+
frag->reassembly.MarkRange(frag_off, frag_off + frag_len);
|
|
441
|
+
}
|
|
442
|
+
|
|
443
|
+
if (implicit_ack) {
|
|
444
|
+
dtls1_stop_timer(ssl);
|
|
445
|
+
dtls_clear_outgoing_messages(ssl);
|
|
446
|
+
}
|
|
447
|
+
|
|
448
|
+
if (!skipped_fragments) {
|
|
449
|
+
ssl->d1->records_to_ack.PushBack(record_number);
|
|
450
|
+
|
|
451
|
+
if (ssl_has_final_version(ssl) &&
|
|
452
|
+
ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
|
|
453
|
+
!ssl->d1->ack_timer.IsSet() && !ssl->d1->sending_ack) {
|
|
454
|
+
// Schedule sending an ACK. The delay serves several purposes:
|
|
455
|
+
// - If there are more records to come, we send only one ACK.
|
|
456
|
+
// - If there are more records to come and the flight is now complete, we
|
|
457
|
+
// will send the reply (which implicitly ACKs the previous flight) and
|
|
458
|
+
// cancel the timer.
|
|
459
|
+
// - If there are more records to come, the flight is now complete, but
|
|
460
|
+
// generating the response is delayed (e.g. a slow, async private key),
|
|
461
|
+
// the timer will fire and we send an ACK anyway.
|
|
462
|
+
OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get());
|
|
463
|
+
ssl->d1->ack_timer.StartMicroseconds(
|
|
464
|
+
now, uint64_t{ssl->d1->timeout_duration_ms} * 1000 / 4);
|
|
465
|
+
}
|
|
466
|
+
}
|
|
467
|
+
|
|
468
|
+
return true;
|
|
469
|
+
}
|
|
470
|
+
|
|
292
471
|
ssl_open_record_t dtls1_open_handshake(SSL *ssl, size_t *out_consumed,
|
|
293
472
|
uint8_t *out_alert, Span<uint8_t> in) {
|
|
294
473
|
uint8_t type;
|
|
474
|
+
DTLSRecordNumber record_number;
|
|
295
475
|
Span<uint8_t> record;
|
|
296
|
-
auto ret = dtls_open_record(ssl, &type, &record, out_consumed,
|
|
476
|
+
auto ret = dtls_open_record(ssl, &type, &record_number, &record, out_consumed,
|
|
477
|
+
out_alert, in);
|
|
297
478
|
if (ret != ssl_open_record_success) {
|
|
298
479
|
return ret;
|
|
299
480
|
}
|
|
300
481
|
|
|
301
482
|
switch (type) {
|
|
302
483
|
case SSL3_RT_APPLICATION_DATA:
|
|
303
|
-
//
|
|
304
|
-
|
|
305
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
|
|
306
|
-
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
|
|
307
|
-
return ssl_open_record_error;
|
|
308
|
-
}
|
|
309
|
-
|
|
310
|
-
// Out-of-order application data may be received between ChangeCipherSpec
|
|
311
|
-
// and finished. Discard it.
|
|
484
|
+
// In DTLS 1.2, out-of-order application data may be received between
|
|
485
|
+
// ChangeCipherSpec and Finished. Discard it.
|
|
312
486
|
return ssl_open_record_discard;
|
|
313
487
|
|
|
314
488
|
case SSL3_RT_CHANGE_CIPHER_SPEC:
|
|
489
|
+
if (record.size() != 1u || record[0] != SSL3_MT_CCS) {
|
|
490
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_CHANGE_CIPHER_SPEC);
|
|
491
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
492
|
+
return ssl_open_record_error;
|
|
493
|
+
}
|
|
494
|
+
|
|
315
495
|
// We do not support renegotiation, so encrypted ChangeCipherSpec records
|
|
316
496
|
// are illegal.
|
|
317
|
-
if (
|
|
497
|
+
if (record_number.epoch() != 0) {
|
|
318
498
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
|
|
319
499
|
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
|
|
320
500
|
return ssl_open_record_error;
|
|
321
501
|
}
|
|
322
502
|
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
return ssl_open_record_error;
|
|
503
|
+
// Ignore ChangeCipherSpec from a previous epoch.
|
|
504
|
+
if (record_number.epoch() != ssl->d1->read_epoch.epoch) {
|
|
505
|
+
return ssl_open_record_discard;
|
|
327
506
|
}
|
|
328
507
|
|
|
329
508
|
// Flag the ChangeCipherSpec for later.
|
|
509
|
+
// TODO(crbug.com/42290594): Should we reject this in DTLS 1.3?
|
|
330
510
|
ssl->d1->has_change_cipher_spec = true;
|
|
331
511
|
ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_CHANGE_CIPHER_SPEC,
|
|
332
512
|
record);
|
|
333
513
|
return ssl_open_record_success;
|
|
334
514
|
|
|
515
|
+
case SSL3_RT_ACK:
|
|
516
|
+
return dtls1_process_ack(ssl, out_alert, record_number, record);
|
|
517
|
+
|
|
335
518
|
case SSL3_RT_HANDSHAKE:
|
|
336
|
-
|
|
337
|
-
|
|
519
|
+
if (!dtls1_process_handshake_fragments(ssl, out_alert, record_number,
|
|
520
|
+
record)) {
|
|
521
|
+
return ssl_open_record_error;
|
|
522
|
+
}
|
|
523
|
+
return ssl_open_record_success;
|
|
338
524
|
|
|
339
525
|
default:
|
|
340
526
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
|
|
341
527
|
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
|
|
342
528
|
return ssl_open_record_error;
|
|
343
529
|
}
|
|
344
|
-
|
|
345
|
-
CBS cbs;
|
|
346
|
-
CBS_init(&cbs, record.data(), record.size());
|
|
347
|
-
while (CBS_len(&cbs) > 0) {
|
|
348
|
-
// Read a handshake fragment.
|
|
349
|
-
struct hm_header_st msg_hdr;
|
|
350
|
-
CBS body;
|
|
351
|
-
if (!dtls1_parse_fragment(&cbs, &msg_hdr, &body)) {
|
|
352
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_HANDSHAKE_RECORD);
|
|
353
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
|
354
|
-
return ssl_open_record_error;
|
|
355
|
-
}
|
|
356
|
-
|
|
357
|
-
const size_t frag_off = msg_hdr.frag_off;
|
|
358
|
-
const size_t frag_len = msg_hdr.frag_len;
|
|
359
|
-
const size_t msg_len = msg_hdr.msg_len;
|
|
360
|
-
if (frag_off > msg_len || frag_off + frag_len < frag_off ||
|
|
361
|
-
frag_off + frag_len > msg_len ||
|
|
362
|
-
msg_len > ssl_max_handshake_message_len(ssl)) {
|
|
363
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESSIVE_MESSAGE_SIZE);
|
|
364
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
365
|
-
return ssl_open_record_error;
|
|
366
|
-
}
|
|
367
|
-
|
|
368
|
-
// The encrypted epoch in DTLS has only one handshake message.
|
|
369
|
-
if (ssl->d1->r_epoch == 1 && msg_hdr.seq != ssl->d1->handshake_read_seq) {
|
|
370
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
|
|
371
|
-
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
|
|
372
|
-
return ssl_open_record_error;
|
|
373
|
-
}
|
|
374
|
-
|
|
375
|
-
if (msg_hdr.seq < ssl->d1->handshake_read_seq ||
|
|
376
|
-
msg_hdr.seq >
|
|
377
|
-
(unsigned)ssl->d1->handshake_read_seq + SSL_MAX_HANDSHAKE_FLIGHT) {
|
|
378
|
-
// Ignore fragments from the past, or ones too far in the future.
|
|
379
|
-
continue;
|
|
380
|
-
}
|
|
381
|
-
|
|
382
|
-
hm_fragment *frag = dtls1_get_incoming_message(ssl, out_alert, &msg_hdr);
|
|
383
|
-
if (frag == NULL) {
|
|
384
|
-
return ssl_open_record_error;
|
|
385
|
-
}
|
|
386
|
-
assert(frag->msg_len == msg_len);
|
|
387
|
-
|
|
388
|
-
if (frag->reassembly == NULL) {
|
|
389
|
-
// The message is already assembled.
|
|
390
|
-
continue;
|
|
391
|
-
}
|
|
392
|
-
assert(msg_len > 0);
|
|
393
|
-
|
|
394
|
-
// Copy the body into the fragment.
|
|
395
|
-
OPENSSL_memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off,
|
|
396
|
-
CBS_data(&body), CBS_len(&body));
|
|
397
|
-
dtls1_hm_fragment_mark(frag, frag_off, frag_off + frag_len);
|
|
398
|
-
}
|
|
399
|
-
|
|
400
|
-
return ssl_open_record_success;
|
|
401
530
|
}
|
|
402
531
|
|
|
403
532
|
bool dtls1_get_message(const SSL *ssl, SSLMessage *out) {
|
|
@@ -406,10 +535,10 @@ bool dtls1_get_message(const SSL *ssl, SSLMessage *out) {
|
|
|
406
535
|
}
|
|
407
536
|
|
|
408
537
|
size_t idx = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
|
|
409
|
-
|
|
538
|
+
const DTLSIncomingMessage *frag = ssl->d1->incoming_messages[idx].get();
|
|
410
539
|
out->type = frag->type;
|
|
411
|
-
|
|
412
|
-
|
|
540
|
+
out->raw = CBS(frag->data);
|
|
541
|
+
out->body = CBS(frag->msg());
|
|
413
542
|
out->is_v2_hello = false;
|
|
414
543
|
if (!ssl->s3->has_message) {
|
|
415
544
|
ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HANDSHAKE, out->raw);
|
|
@@ -424,6 +553,9 @@ void dtls1_next_message(SSL *ssl) {
|
|
|
424
553
|
size_t index = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
|
|
425
554
|
ssl->d1->incoming_messages[index].reset();
|
|
426
555
|
ssl->d1->handshake_read_seq++;
|
|
556
|
+
if (ssl->d1->handshake_read_seq == 0) {
|
|
557
|
+
ssl->d1->handshake_read_overflow = true;
|
|
558
|
+
}
|
|
427
559
|
ssl->s3->has_message = false;
|
|
428
560
|
// If we previously sent a flight, mark it as having a reply, so
|
|
429
561
|
// |on_handshake_complete| can manage post-handshake retransmission.
|
|
@@ -483,26 +615,41 @@ ssl_open_record_t dtls1_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
|
|
|
483
615
|
|
|
484
616
|
// Sending handshake messages.
|
|
485
617
|
|
|
486
|
-
void DTLS_OUTGOING_MESSAGE::Clear() { data.Reset(); }
|
|
487
|
-
|
|
488
618
|
void dtls_clear_outgoing_messages(SSL *ssl) {
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
}
|
|
492
|
-
ssl->d1->outgoing_messages_len = 0;
|
|
619
|
+
ssl->d1->outgoing_messages.clear();
|
|
620
|
+
ssl->d1->sent_records = nullptr;
|
|
493
621
|
ssl->d1->outgoing_written = 0;
|
|
494
622
|
ssl->d1->outgoing_offset = 0;
|
|
495
623
|
ssl->d1->outgoing_messages_complete = false;
|
|
496
624
|
ssl->d1->flight_has_reply = false;
|
|
625
|
+
ssl->d1->sending_flight = false;
|
|
626
|
+
dtls_clear_unused_write_epochs(ssl);
|
|
627
|
+
}
|
|
628
|
+
|
|
629
|
+
void dtls_clear_unused_write_epochs(SSL *ssl) {
|
|
630
|
+
ssl->d1->extra_write_epochs.EraseIf(
|
|
631
|
+
[ssl](const UniquePtr<DTLSWriteEpoch> &write_epoch) -> bool {
|
|
632
|
+
// Non-current epochs may be discarded once there are no incomplete
|
|
633
|
+
// outgoing messages that reference them.
|
|
634
|
+
//
|
|
635
|
+
// TODO(crbug.com/42290594): Epoch 1 (0-RTT) should be retained until
|
|
636
|
+
// epoch 3 (app data) is available.
|
|
637
|
+
for (const auto &msg : ssl->d1->outgoing_messages) {
|
|
638
|
+
if (msg.epoch == write_epoch->epoch() && !msg.IsFullyAcked()) {
|
|
639
|
+
return false;
|
|
640
|
+
}
|
|
641
|
+
}
|
|
642
|
+
return true;
|
|
643
|
+
});
|
|
497
644
|
}
|
|
498
645
|
|
|
499
646
|
bool dtls1_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
|
|
500
647
|
// Pick a modest size hint to save most of the |realloc| calls.
|
|
501
|
-
if (!CBB_init(cbb, 64) ||
|
|
502
|
-
!CBB_add_u8(cbb, type) ||
|
|
503
|
-
!CBB_add_u24(cbb, 0 /* length (filled in later) */) ||
|
|
504
|
-
!CBB_add_u16(cbb, ssl->d1->handshake_write_seq) ||
|
|
505
|
-
!CBB_add_u24(cbb, 0 /* offset */) ||
|
|
648
|
+
if (!CBB_init(cbb, 64) || //
|
|
649
|
+
!CBB_add_u8(cbb, type) || //
|
|
650
|
+
!CBB_add_u24(cbb, 0 /* length (filled in later) */) || //
|
|
651
|
+
!CBB_add_u16(cbb, ssl->d1->handshake_write_seq) || //
|
|
652
|
+
!CBB_add_u24(cbb, 0 /* offset */) || //
|
|
506
653
|
!CBB_add_u24_length_prefixed(cbb, body)) {
|
|
507
654
|
return false;
|
|
508
655
|
}
|
|
@@ -524,20 +671,6 @@ bool dtls1_finish_message(const SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
|
|
|
524
671
|
return true;
|
|
525
672
|
}
|
|
526
673
|
|
|
527
|
-
// ssl_size_t_greater_than_32_bits returns whether |v| exceeds the bounds of a
|
|
528
|
-
// 32-bit value. The obvious thing doesn't work because, in some 32-bit build
|
|
529
|
-
// configurations, the compiler warns that the test is always false and breaks
|
|
530
|
-
// the build.
|
|
531
|
-
static bool ssl_size_t_greater_than_32_bits(size_t v) {
|
|
532
|
-
#if defined(OPENSSL_64_BIT)
|
|
533
|
-
return v > 0xffffffff;
|
|
534
|
-
#elif defined(OPENSSL_32_BIT)
|
|
535
|
-
return false;
|
|
536
|
-
#else
|
|
537
|
-
#error "Building for neither 32- nor 64-bits."
|
|
538
|
-
#endif
|
|
539
|
-
}
|
|
540
|
-
|
|
541
674
|
// add_outgoing adds a new handshake message or ChangeCipherSpec to the current
|
|
542
675
|
// outgoing flight. It returns true on success and false on error.
|
|
543
676
|
static bool add_outgoing(SSL *ssl, bool is_ccs, Array<uint8_t> data) {
|
|
@@ -548,34 +681,46 @@ static bool add_outgoing(SSL *ssl, bool is_ccs, Array<uint8_t> data) {
|
|
|
548
681
|
dtls_clear_outgoing_messages(ssl);
|
|
549
682
|
}
|
|
550
683
|
|
|
551
|
-
static_assert(SSL_MAX_HANDSHAKE_FLIGHT <
|
|
552
|
-
(1 << 8 * sizeof(ssl->d1->outgoing_messages_len)),
|
|
553
|
-
"outgoing_messages_len is too small");
|
|
554
|
-
if (ssl->d1->outgoing_messages_len >= SSL_MAX_HANDSHAKE_FLIGHT ||
|
|
555
|
-
ssl_size_t_greater_than_32_bits(data.size())) {
|
|
556
|
-
assert(false);
|
|
557
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
558
|
-
return false;
|
|
559
|
-
}
|
|
560
|
-
|
|
561
684
|
if (!is_ccs) {
|
|
685
|
+
if (ssl->d1->handshake_write_overflow) {
|
|
686
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
|
|
687
|
+
return false;
|
|
688
|
+
}
|
|
562
689
|
// TODO(svaldez): Move this up a layer to fix abstraction for SSLTranscript
|
|
563
690
|
// on hs.
|
|
564
|
-
if (ssl->s3->hs != NULL &&
|
|
565
|
-
!ssl->s3->hs->transcript.Update(data)) {
|
|
691
|
+
if (ssl->s3->hs != NULL && !ssl->s3->hs->transcript.Update(data)) {
|
|
566
692
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
567
693
|
return false;
|
|
568
694
|
}
|
|
569
695
|
ssl->d1->handshake_write_seq++;
|
|
696
|
+
if (ssl->d1->handshake_write_seq == 0) {
|
|
697
|
+
ssl->d1->handshake_write_overflow = true;
|
|
698
|
+
}
|
|
570
699
|
}
|
|
571
700
|
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
msg
|
|
575
|
-
msg
|
|
576
|
-
|
|
701
|
+
DTLSOutgoingMessage msg;
|
|
702
|
+
msg.data = std::move(data);
|
|
703
|
+
msg.epoch = ssl->d1->write_epoch.epoch();
|
|
704
|
+
msg.is_ccs = is_ccs;
|
|
705
|
+
// Zero-length messages need 1 bit to track whether the peer has received the
|
|
706
|
+
// message header. (Normally the message header is implicitly received when
|
|
707
|
+
// any fragment of the message is received at all.)
|
|
708
|
+
if (!is_ccs && !msg.acked.Init(std::max(msg.msg_len(), size_t{1}))) {
|
|
709
|
+
return false;
|
|
710
|
+
}
|
|
711
|
+
|
|
712
|
+
// This should not fail if |SSL_MAX_HANDSHAKE_FLIGHT| was sized correctly.
|
|
713
|
+
//
|
|
714
|
+
// TODO(crbug.com/42290594): This can currently fail in DTLS 1.3. The caller
|
|
715
|
+
// can configure how many tickets to send, up to kMaxTickets. Additionally, if
|
|
716
|
+
// we send 0.5-RTT tickets in 0-RTT, we may even have tickets queued up with
|
|
717
|
+
// the server flight.
|
|
718
|
+
if (!ssl->d1->outgoing_messages.TryPushBack(std::move(msg))) {
|
|
719
|
+
assert(false);
|
|
720
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
721
|
+
return false;
|
|
722
|
+
}
|
|
577
723
|
|
|
578
|
-
ssl->d1->outgoing_messages_len++;
|
|
579
724
|
return true;
|
|
580
725
|
}
|
|
581
726
|
|
|
@@ -615,139 +760,207 @@ static void dtls1_update_mtu(SSL *ssl) {
|
|
|
615
760
|
|
|
616
761
|
enum seal_result_t {
|
|
617
762
|
seal_error,
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
seal_success,
|
|
763
|
+
seal_continue,
|
|
764
|
+
seal_flush,
|
|
621
765
|
};
|
|
622
766
|
|
|
623
|
-
//
|
|
624
|
-
//
|
|
767
|
+
// seal_next_record seals one record's worth of messages to |out| and advances
|
|
768
|
+
// |ssl|'s internal state past the data that was sealed. If progress was made,
|
|
769
|
+
// it returns |seal_flush| or |seal_continue| and sets
|
|
625
770
|
// |*out_len| to the number of bytes written.
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
630
|
-
|
|
771
|
+
//
|
|
772
|
+
// If the function stopped because the next message could not be combined into
|
|
773
|
+
// this record, it returns |seal_continue| and the caller should loop again.
|
|
774
|
+
// Otherwise, it returns |seal_flush| and the packet is complete (either because
|
|
775
|
+
// there are no more messages or the packet is full).
|
|
776
|
+
static seal_result_t seal_next_record(SSL *ssl, Span<uint8_t> out,
|
|
777
|
+
size_t *out_len) {
|
|
778
|
+
*out_len = 0;
|
|
779
|
+
|
|
780
|
+
// Skip any fully acked messages.
|
|
781
|
+
while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size() &&
|
|
782
|
+
ssl->d1->outgoing_messages[ssl->d1->outgoing_written].IsFullyAcked()) {
|
|
783
|
+
ssl->d1->outgoing_offset = 0;
|
|
784
|
+
ssl->d1->outgoing_written++;
|
|
785
|
+
}
|
|
631
786
|
|
|
632
|
-
|
|
633
|
-
|
|
787
|
+
// There was nothing left to write.
|
|
788
|
+
if (ssl->d1->outgoing_written >= ssl->d1->outgoing_messages.size()) {
|
|
789
|
+
return seal_flush;
|
|
790
|
+
}
|
|
634
791
|
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
792
|
+
const auto &first_msg = ssl->d1->outgoing_messages[ssl->d1->outgoing_written];
|
|
793
|
+
size_t prefix_len = dtls_seal_prefix_len(ssl, first_msg.epoch);
|
|
794
|
+
size_t max_in_len = dtls_seal_max_input_len(ssl, first_msg.epoch, out.size());
|
|
795
|
+
if (max_in_len == 0) {
|
|
796
|
+
// There is no room for a single record.
|
|
797
|
+
return seal_flush;
|
|
798
|
+
}
|
|
641
799
|
|
|
642
|
-
|
|
800
|
+
if (first_msg.is_ccs) {
|
|
801
|
+
static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
|
|
802
|
+
DTLSRecordNumber record_number;
|
|
803
|
+
if (!dtls_seal_record(ssl, &record_number, out.data(), out_len, out.size(),
|
|
643
804
|
SSL3_RT_CHANGE_CIPHER_SPEC, kChangeCipherSpec,
|
|
644
|
-
sizeof(kChangeCipherSpec),
|
|
805
|
+
sizeof(kChangeCipherSpec), first_msg.epoch)) {
|
|
645
806
|
return seal_error;
|
|
646
807
|
}
|
|
647
808
|
|
|
648
|
-
ssl_do_msg_callback(ssl, 1
|
|
809
|
+
ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_CHANGE_CIPHER_SPEC,
|
|
649
810
|
kChangeCipherSpec);
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
// DTLS messages are serialized as a single fragment in |msg|.
|
|
654
|
-
CBS cbs, body;
|
|
655
|
-
struct hm_header_st hdr;
|
|
656
|
-
CBS_init(&cbs, msg->data.data(), msg->data.size());
|
|
657
|
-
if (!dtls1_parse_fragment(&cbs, &hdr, &body) ||
|
|
658
|
-
hdr.frag_off != 0 ||
|
|
659
|
-
hdr.frag_len != CBS_len(&body) ||
|
|
660
|
-
hdr.msg_len != CBS_len(&body) ||
|
|
661
|
-
!CBS_skip(&body, ssl->d1->outgoing_offset) ||
|
|
662
|
-
CBS_len(&cbs) != 0) {
|
|
663
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
664
|
-
return seal_error;
|
|
811
|
+
ssl->d1->outgoing_offset = 0;
|
|
812
|
+
ssl->d1->outgoing_written++;
|
|
813
|
+
return seal_continue;
|
|
665
814
|
}
|
|
666
815
|
|
|
667
|
-
//
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
674
|
-
|
|
816
|
+
// TODO(crbug.com/374991962): For now, only send one message per record in
|
|
817
|
+
// epoch 0. Sending multiple is allowed and more efficient, but breaks
|
|
818
|
+
// b/378742138.
|
|
819
|
+
const bool allow_multiple_messages = first_msg.epoch != 0;
|
|
820
|
+
|
|
821
|
+
// Pack as many handshake fragments into one record as we can. We stage the
|
|
822
|
+
// fragments in the output buffer, to be sealed in-place.
|
|
823
|
+
bool should_continue = false;
|
|
824
|
+
Span<uint8_t> fragments = out.subspan(prefix_len, max_in_len);
|
|
825
|
+
CBB cbb;
|
|
826
|
+
CBB_init_fixed(&cbb, fragments.data(), fragments.size());
|
|
827
|
+
DTLSSentRecord sent_record;
|
|
828
|
+
sent_record.first_msg = ssl->d1->outgoing_written;
|
|
829
|
+
sent_record.first_msg_start = ssl->d1->outgoing_offset;
|
|
830
|
+
while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) {
|
|
831
|
+
const auto &msg = ssl->d1->outgoing_messages[ssl->d1->outgoing_written];
|
|
832
|
+
if (msg.epoch != first_msg.epoch || msg.is_ccs) {
|
|
833
|
+
// We can only pack messages if the epoch matches. There may be more room
|
|
834
|
+
// in the packet, so tell the caller to keep going.
|
|
835
|
+
should_continue = true;
|
|
836
|
+
break;
|
|
837
|
+
}
|
|
675
838
|
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
|
|
682
|
-
|
|
683
|
-
|
|
684
|
-
|
|
685
|
-
|
|
686
|
-
|
|
687
|
-
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
839
|
+
// Decode |msg|'s header.
|
|
840
|
+
CBS cbs(msg.data), body_cbs;
|
|
841
|
+
struct hm_header_st hdr;
|
|
842
|
+
if (!dtls1_parse_fragment(&cbs, &hdr, &body_cbs) || //
|
|
843
|
+
hdr.frag_off != 0 || //
|
|
844
|
+
hdr.frag_len != CBS_len(&body_cbs) || //
|
|
845
|
+
hdr.msg_len != CBS_len(&body_cbs) || //
|
|
846
|
+
CBS_len(&cbs) != 0) {
|
|
847
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
848
|
+
return seal_error;
|
|
849
|
+
}
|
|
850
|
+
|
|
851
|
+
// Iterate over every un-acked range in the message, if any.
|
|
852
|
+
Span<const uint8_t> body = body_cbs;
|
|
853
|
+
for (;;) {
|
|
854
|
+
auto range = msg.acked.NextUnmarkedRange(ssl->d1->outgoing_offset);
|
|
855
|
+
if (range.empty()) {
|
|
856
|
+
// Advance to the next message.
|
|
857
|
+
ssl->d1->outgoing_offset = 0;
|
|
858
|
+
ssl->d1->outgoing_written++;
|
|
859
|
+
break;
|
|
860
|
+
}
|
|
861
|
+
|
|
862
|
+
// Determine how much progress can be made (minimum one byte of progress).
|
|
863
|
+
size_t capacity = fragments.size() - CBB_len(&cbb);
|
|
864
|
+
if (capacity < DTLS1_HM_HEADER_LENGTH + 1) {
|
|
865
|
+
goto packet_full;
|
|
866
|
+
}
|
|
867
|
+
size_t todo = std::min(range.size(), capacity - DTLS1_HM_HEADER_LENGTH);
|
|
868
|
+
|
|
869
|
+
// Empty messages are special-cased in ACK tracking. We act as if they
|
|
870
|
+
// have one byte, but in reality that byte is tracking the header.
|
|
871
|
+
Span<const uint8_t> frag;
|
|
872
|
+
if (!body.empty()) {
|
|
873
|
+
frag = body.subspan(range.start, todo);
|
|
874
|
+
}
|
|
875
|
+
|
|
876
|
+
// Assemble the fragment.
|
|
877
|
+
size_t frag_start = CBB_len(&cbb);
|
|
878
|
+
CBB child;
|
|
879
|
+
if (!CBB_add_u8(&cbb, hdr.type) || //
|
|
880
|
+
!CBB_add_u24(&cbb, hdr.msg_len) || //
|
|
881
|
+
!CBB_add_u16(&cbb, hdr.seq) || //
|
|
882
|
+
!CBB_add_u24(&cbb, range.start) || //
|
|
883
|
+
!CBB_add_u24_length_prefixed(&cbb, &child) || //
|
|
884
|
+
!CBB_add_bytes(&child, frag.data(), frag.size()) || //
|
|
885
|
+
!CBB_flush(&cbb)) {
|
|
886
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
887
|
+
return seal_error;
|
|
888
|
+
}
|
|
889
|
+
size_t frag_end = CBB_len(&cbb);
|
|
890
|
+
|
|
891
|
+
// TODO(davidben): It is odd that, on output, we inform the caller of
|
|
892
|
+
// retransmits and individual fragments, but on input we only inform the
|
|
893
|
+
// caller of complete messages.
|
|
894
|
+
ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_HANDSHAKE,
|
|
895
|
+
fragments.subspan(frag_start, frag_end - frag_start));
|
|
896
|
+
|
|
897
|
+
ssl->d1->outgoing_offset = range.start + todo;
|
|
898
|
+
if (todo < range.size()) {
|
|
899
|
+
// The packet was the limiting factor.
|
|
900
|
+
goto packet_full;
|
|
901
|
+
}
|
|
902
|
+
}
|
|
903
|
+
|
|
904
|
+
if (!allow_multiple_messages) {
|
|
905
|
+
should_continue = true;
|
|
906
|
+
break;
|
|
907
|
+
}
|
|
691
908
|
}
|
|
692
909
|
|
|
693
|
-
|
|
694
|
-
|
|
910
|
+
packet_full:
|
|
911
|
+
sent_record.last_msg = ssl->d1->outgoing_written;
|
|
912
|
+
sent_record.last_msg_end = ssl->d1->outgoing_offset;
|
|
695
913
|
|
|
696
|
-
|
|
697
|
-
|
|
914
|
+
// We could not fit anything. Don't try to make a record.
|
|
915
|
+
if (CBB_len(&cbb) == 0) {
|
|
916
|
+
assert(!should_continue);
|
|
917
|
+
return seal_flush;
|
|
918
|
+
}
|
|
919
|
+
|
|
920
|
+
if (!dtls_seal_record(ssl, &sent_record.number, out.data(), out_len,
|
|
921
|
+
out.size(), SSL3_RT_HANDSHAKE, CBB_data(&cbb),
|
|
922
|
+
CBB_len(&cbb), first_msg.epoch)) {
|
|
698
923
|
return seal_error;
|
|
699
924
|
}
|
|
700
925
|
|
|
701
|
-
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
|
|
926
|
+
// If DTLS 1.3 (or if the version is not yet known and it may be DTLS 1.3),
|
|
927
|
+
// save the record number to match against ACKs later.
|
|
928
|
+
if (ssl->s3->version == 0 || ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
929
|
+
if (ssl->d1->sent_records == nullptr) {
|
|
930
|
+
ssl->d1->sent_records =
|
|
931
|
+
MakeUnique<MRUQueue<DTLSSentRecord, DTLS_MAX_ACK_BUFFER>>();
|
|
932
|
+
if (ssl->d1->sent_records == nullptr) {
|
|
933
|
+
return seal_error;
|
|
934
|
+
}
|
|
935
|
+
}
|
|
936
|
+
ssl->d1->sent_records->PushBack(sent_record);
|
|
705
937
|
}
|
|
706
938
|
|
|
707
|
-
|
|
708
|
-
return seal_partial;
|
|
939
|
+
return should_continue ? seal_continue : seal_flush;
|
|
709
940
|
}
|
|
710
941
|
|
|
711
942
|
// seal_next_packet writes as much of the next flight as possible to |out| and
|
|
712
943
|
// advances |ssl->d1->outgoing_written| and |ssl->d1->outgoing_offset| as
|
|
713
944
|
// appropriate.
|
|
714
|
-
static bool seal_next_packet(SSL *ssl, uint8_t
|
|
715
|
-
size_t max_out) {
|
|
716
|
-
bool made_progress = false;
|
|
945
|
+
static bool seal_next_packet(SSL *ssl, Span<uint8_t> out, size_t *out_len) {
|
|
717
946
|
size_t total = 0;
|
|
718
|
-
|
|
719
|
-
for (; ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len;
|
|
720
|
-
ssl->d1->outgoing_written++) {
|
|
721
|
-
const DTLS_OUTGOING_MESSAGE *msg =
|
|
722
|
-
&ssl->d1->outgoing_messages[ssl->d1->outgoing_written];
|
|
947
|
+
for (;;) {
|
|
723
948
|
size_t len;
|
|
724
|
-
|
|
949
|
+
seal_result_t ret = seal_next_record(ssl, out, &len);
|
|
725
950
|
switch (ret) {
|
|
726
951
|
case seal_error:
|
|
727
952
|
return false;
|
|
728
953
|
|
|
729
|
-
case
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
case seal_partial:
|
|
733
|
-
case seal_success:
|
|
734
|
-
out += len;
|
|
735
|
-
max_out -= len;
|
|
954
|
+
case seal_flush:
|
|
955
|
+
case seal_continue:
|
|
956
|
+
out = out.subspan(len);
|
|
736
957
|
total += len;
|
|
737
|
-
made_progress = true;
|
|
738
|
-
|
|
739
|
-
if (ret == seal_partial) {
|
|
740
|
-
goto packet_full;
|
|
741
|
-
}
|
|
742
958
|
break;
|
|
743
959
|
}
|
|
744
|
-
}
|
|
745
960
|
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL);
|
|
750
|
-
return false;
|
|
961
|
+
if (ret == seal_flush) {
|
|
962
|
+
break;
|
|
963
|
+
}
|
|
751
964
|
}
|
|
752
965
|
|
|
753
966
|
*out_len = total;
|
|
@@ -765,29 +978,44 @@ static int send_flight(SSL *ssl) {
|
|
|
765
978
|
return -1;
|
|
766
979
|
}
|
|
767
980
|
|
|
981
|
+
if (ssl->d1->num_timeouts > DTLS1_MAX_TIMEOUTS) {
|
|
982
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_READ_TIMEOUT_EXPIRED);
|
|
983
|
+
return -1;
|
|
984
|
+
}
|
|
985
|
+
|
|
768
986
|
dtls1_update_mtu(ssl);
|
|
769
987
|
|
|
770
988
|
Array<uint8_t> packet;
|
|
771
|
-
if (!packet.
|
|
989
|
+
if (!packet.InitForOverwrite(ssl->d1->mtu)) {
|
|
772
990
|
return -1;
|
|
773
991
|
}
|
|
774
992
|
|
|
775
|
-
while (ssl->d1->outgoing_written < ssl->d1->
|
|
993
|
+
while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) {
|
|
776
994
|
uint8_t old_written = ssl->d1->outgoing_written;
|
|
777
995
|
uint32_t old_offset = ssl->d1->outgoing_offset;
|
|
778
996
|
|
|
779
997
|
size_t packet_len;
|
|
780
|
-
if (!seal_next_packet(ssl, packet
|
|
998
|
+
if (!seal_next_packet(ssl, MakeSpan(packet), &packet_len)) {
|
|
781
999
|
return -1;
|
|
782
1000
|
}
|
|
783
1001
|
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
//
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
|
|
790
|
-
|
|
1002
|
+
if (packet_len == 0 &&
|
|
1003
|
+
ssl->d1->outgoing_written < ssl->d1->outgoing_messages.size()) {
|
|
1004
|
+
// We made no progress with the packet size available, but did not reach
|
|
1005
|
+
// the end.
|
|
1006
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL);
|
|
1007
|
+
return false;
|
|
1008
|
+
}
|
|
1009
|
+
|
|
1010
|
+
if (packet_len != 0) {
|
|
1011
|
+
int bio_ret = BIO_write(ssl->wbio.get(), packet.data(), packet_len);
|
|
1012
|
+
if (bio_ret <= 0) {
|
|
1013
|
+
// Retry this packet the next time around.
|
|
1014
|
+
ssl->d1->outgoing_written = old_written;
|
|
1015
|
+
ssl->d1->outgoing_offset = old_offset;
|
|
1016
|
+
ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
|
|
1017
|
+
return bio_ret;
|
|
1018
|
+
}
|
|
791
1019
|
}
|
|
792
1020
|
}
|
|
793
1021
|
|
|
@@ -799,26 +1027,143 @@ static int send_flight(SSL *ssl) {
|
|
|
799
1027
|
return 1;
|
|
800
1028
|
}
|
|
801
1029
|
|
|
802
|
-
|
|
1030
|
+
void dtls1_finish_flight(SSL *ssl) {
|
|
1031
|
+
if (ssl->d1->outgoing_messages.empty() ||
|
|
1032
|
+
ssl->d1->outgoing_messages_complete) {
|
|
1033
|
+
return; // Nothing to do.
|
|
1034
|
+
}
|
|
1035
|
+
|
|
1036
|
+
if (ssl->d1->outgoing_messages[0].epoch <= 2) {
|
|
1037
|
+
// DTLS 1.3 handshake messages (epoch 2 and below) implicitly ACK the
|
|
1038
|
+
// previous flight, so there is no need to ACK previous records. This
|
|
1039
|
+
// clears the ACK buffer slightly earlier than the specification suggests.
|
|
1040
|
+
// See the discussion in
|
|
1041
|
+
// https://mailarchive.ietf.org/arch/msg/tls/kjJnquJOVaWxu5hUCmNzB35eqY0/
|
|
1042
|
+
ssl->d1->records_to_ack.Clear();
|
|
1043
|
+
ssl->d1->ack_timer.Stop();
|
|
1044
|
+
ssl->d1->sending_ack = false;
|
|
1045
|
+
}
|
|
1046
|
+
|
|
803
1047
|
ssl->d1->outgoing_messages_complete = true;
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
1048
|
+
ssl->d1->sending_flight = true;
|
|
1049
|
+
// Stop retransmitting the previous flight. In DTLS 1.3, we'll have stopped
|
|
1050
|
+
// the timer already, but DTLS 1.2 keeps it running until the next flight is
|
|
1051
|
+
// ready.
|
|
1052
|
+
dtls1_stop_timer(ssl);
|
|
807
1053
|
}
|
|
808
1054
|
|
|
809
|
-
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
|
|
815
|
-
ssl
|
|
1055
|
+
void dtls1_schedule_ack(SSL *ssl) {
|
|
1056
|
+
ssl->d1->ack_timer.Stop();
|
|
1057
|
+
ssl->d1->sending_ack = !ssl->d1->records_to_ack.empty();
|
|
1058
|
+
}
|
|
1059
|
+
|
|
1060
|
+
static int send_ack(SSL *ssl) {
|
|
1061
|
+
assert(ssl_protocol_version(ssl) >= TLS1_3_VERSION);
|
|
1062
|
+
|
|
1063
|
+
// Ensure we don't send so many ACKs that we overflow the MTU. There is a
|
|
1064
|
+
// 2-byte length prefix and each ACK is 16 bytes.
|
|
1065
|
+
dtls1_update_mtu(ssl);
|
|
1066
|
+
size_t max_plaintext =
|
|
1067
|
+
dtls_seal_max_input_len(ssl, ssl->d1->write_epoch.epoch(), ssl->d1->mtu);
|
|
1068
|
+
if (max_plaintext < 2 + 16) {
|
|
1069
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MTU_TOO_SMALL); // No room for even one ACK.
|
|
1070
|
+
return -1;
|
|
1071
|
+
}
|
|
1072
|
+
size_t num_acks =
|
|
1073
|
+
std::min((max_plaintext - 2) / 16, ssl->d1->records_to_ack.size());
|
|
1074
|
+
|
|
1075
|
+
// Assemble the ACK. RFC 9147 says to sort ACKs numerically. It is unclear if
|
|
1076
|
+
// other implementations do this, but go ahead and sort for now. See
|
|
1077
|
+
// https://mailarchive.ietf.org/arch/msg/tls/kjJnquJOVaWxu5hUCmNzB35eqY0/.
|
|
1078
|
+
// Remove this if rfc9147bis removes this requirement.
|
|
1079
|
+
InplaceVector<DTLSRecordNumber, DTLS_MAX_ACK_BUFFER> sorted;
|
|
1080
|
+
for (size_t i = ssl->d1->records_to_ack.size() - num_acks;
|
|
1081
|
+
i < ssl->d1->records_to_ack.size(); i++) {
|
|
1082
|
+
sorted.PushBack(ssl->d1->records_to_ack[i]);
|
|
1083
|
+
}
|
|
1084
|
+
std::sort(sorted.begin(), sorted.end());
|
|
1085
|
+
|
|
1086
|
+
uint8_t buf[2 + 16 * DTLS_MAX_ACK_BUFFER];
|
|
1087
|
+
CBB cbb, child;
|
|
1088
|
+
CBB_init_fixed(&cbb, buf, sizeof(buf));
|
|
1089
|
+
BSSL_CHECK(CBB_add_u16_length_prefixed(&cbb, &child));
|
|
1090
|
+
for (const auto &number : sorted) {
|
|
1091
|
+
BSSL_CHECK(CBB_add_u64(&child, number.epoch()));
|
|
1092
|
+
BSSL_CHECK(CBB_add_u64(&child, number.sequence()));
|
|
1093
|
+
}
|
|
1094
|
+
BSSL_CHECK(CBB_flush(&cbb));
|
|
1095
|
+
|
|
1096
|
+
// Encrypt it.
|
|
1097
|
+
uint8_t record[DTLS1_3_RECORD_HEADER_WRITE_LENGTH + sizeof(buf) +
|
|
1098
|
+
1 /* record type */ + EVP_AEAD_MAX_OVERHEAD];
|
|
1099
|
+
size_t record_len;
|
|
1100
|
+
DTLSRecordNumber record_number;
|
|
1101
|
+
if (!dtls_seal_record(ssl, &record_number, record, &record_len,
|
|
1102
|
+
sizeof(record), SSL3_RT_ACK, CBB_data(&cbb),
|
|
1103
|
+
CBB_len(&cbb), ssl->d1->write_epoch.epoch())) {
|
|
1104
|
+
return -1;
|
|
1105
|
+
}
|
|
1106
|
+
|
|
1107
|
+
ssl_do_msg_callback(ssl, /*is_write=*/1, SSL3_RT_ACK,
|
|
1108
|
+
MakeConstSpan(CBB_data(&cbb), CBB_len(&cbb)));
|
|
1109
|
+
|
|
1110
|
+
int bio_ret =
|
|
1111
|
+
BIO_write(ssl->wbio.get(), record, static_cast<int>(record_len));
|
|
1112
|
+
if (bio_ret <= 0) {
|
|
1113
|
+
ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
|
|
1114
|
+
return bio_ret;
|
|
1115
|
+
}
|
|
1116
|
+
|
|
1117
|
+
if (BIO_flush(ssl->wbio.get()) <= 0) {
|
|
1118
|
+
ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
|
|
1119
|
+
return -1;
|
|
1120
|
+
}
|
|
816
1121
|
|
|
817
|
-
return
|
|
1122
|
+
return 1;
|
|
818
1123
|
}
|
|
819
1124
|
|
|
820
|
-
|
|
821
|
-
|
|
1125
|
+
int dtls1_flush(SSL *ssl) {
|
|
1126
|
+
// Send the pending ACK, if any.
|
|
1127
|
+
if (ssl->d1->sending_ack) {
|
|
1128
|
+
int ret = send_ack(ssl);
|
|
1129
|
+
if (ret <= 0) {
|
|
1130
|
+
return ret;
|
|
1131
|
+
}
|
|
1132
|
+
ssl->d1->sending_ack = false;
|
|
1133
|
+
}
|
|
1134
|
+
|
|
1135
|
+
// Send the pending flight, if any.
|
|
1136
|
+
if (ssl->d1->sending_flight) {
|
|
1137
|
+
int ret = send_flight(ssl);
|
|
1138
|
+
if (ret <= 0) {
|
|
1139
|
+
return ret;
|
|
1140
|
+
}
|
|
1141
|
+
|
|
1142
|
+
// Reset state for the next send.
|
|
1143
|
+
ssl->d1->outgoing_written = 0;
|
|
1144
|
+
ssl->d1->outgoing_offset = 0;
|
|
1145
|
+
ssl->d1->sending_flight = false;
|
|
1146
|
+
|
|
1147
|
+
// Schedule the next retransmit timer. In DTLS 1.3, we retransmit all
|
|
1148
|
+
// flights until ACKed. In DTLS 1.2, the final Finished flight is never
|
|
1149
|
+
// ACKed, so we do not keep the timer running after the handshake.
|
|
1150
|
+
if (SSL_in_init(ssl) || ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
1151
|
+
if (ssl->d1->num_timeouts == 0) {
|
|
1152
|
+
ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;
|
|
1153
|
+
} else {
|
|
1154
|
+
ssl->d1->timeout_duration_ms =
|
|
1155
|
+
std::min(ssl->d1->timeout_duration_ms * 2, uint32_t{60000});
|
|
1156
|
+
}
|
|
1157
|
+
|
|
1158
|
+
OPENSSL_timeval now = ssl_ctx_get_current_time(ssl->ctx.get());
|
|
1159
|
+
ssl->d1->retransmit_timer.StartMicroseconds(
|
|
1160
|
+
now, uint64_t{ssl->d1->timeout_duration_ms} * 1000);
|
|
1161
|
+
}
|
|
1162
|
+
}
|
|
1163
|
+
|
|
1164
|
+
return 1;
|
|
822
1165
|
}
|
|
823
1166
|
|
|
1167
|
+
unsigned int dtls1_min_mtu(void) { return kMinMTU; }
|
|
1168
|
+
|
|
824
1169
|
BSSL_NAMESPACE_END
|