grpc 1.69.0 → 1.70.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Makefile +251 -249
- data/include/grpc/support/atm.h +0 -13
- data/src/core/call/request_buffer.cc +224 -0
- data/src/core/call/request_buffer.h +192 -0
- data/src/core/client_channel/client_channel.cc +2 -3
- data/src/core/client_channel/client_channel_args.h +21 -0
- data/src/core/client_channel/client_channel_filter.h +1 -3
- data/src/core/client_channel/retry_interceptor.cc +406 -0
- data/src/core/client_channel/retry_interceptor.h +157 -0
- data/src/core/client_channel/retry_service_config.h +13 -0
- data/src/core/client_channel/retry_throttle.cc +33 -18
- data/src/core/client_channel/retry_throttle.h +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
- data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
- data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
- data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
- data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
- data/src/core/filter/filter_args.h +112 -0
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
- data/src/core/lib/channel/promise_based_filter.h +5 -79
- data/src/core/lib/debug/trace_flags.cc +2 -0
- data/src/core/lib/debug/trace_flags.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
- data/src/core/lib/experiments/experiments.cc +90 -39
- data/src/core/lib/experiments/experiments.h +43 -24
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
- data/src/core/lib/promise/activity.cc +2 -0
- data/src/core/lib/promise/activity.h +29 -8
- data/src/core/lib/promise/map.h +42 -0
- data/src/core/lib/promise/party.cc +36 -1
- data/src/core/lib/promise/party.h +13 -5
- data/src/core/lib/promise/sleep.h +1 -0
- data/src/core/lib/promise/status_flag.h +10 -0
- data/src/core/lib/resource_quota/arena.h +8 -0
- data/src/core/lib/resource_quota/connection_quota.h +4 -0
- data/src/core/lib/surface/call_utils.h +2 -0
- data/src/core/lib/surface/client_call.cc +43 -35
- data/src/core/lib/surface/client_call.h +5 -0
- data/src/core/lib/surface/event_string.cc +7 -1
- data/src/core/lib/surface/init_internally.h +13 -2
- data/src/core/lib/surface/server_call.cc +100 -85
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/call_filters.cc +10 -4
- data/src/core/lib/transport/call_filters.h +8 -0
- data/src/core/lib/transport/call_spine.cc +36 -71
- data/src/core/lib/transport/call_spine.h +131 -7
- data/src/core/lib/transport/call_state.h +132 -39
- data/src/core/lib/transport/interception_chain.cc +8 -0
- data/src/core/lib/transport/interception_chain.h +9 -0
- data/src/core/load_balancing/endpoint_list.cc +10 -0
- data/src/core/load_balancing/endpoint_list.h +13 -6
- data/src/core/load_balancing/lb_policy.h +0 -8
- data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
- data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
- data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
- data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
- data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
- data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
- data/src/core/resolver/xds/xds_resolver.cc +28 -47
- data/src/core/server/server.cc +290 -24
- data/src/core/server/server.h +199 -61
- data/src/core/server/xds_server_config_fetcher.cc +78 -142
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/util/backoff.cc +15 -4
- data/src/core/util/http_client/httpcli.cc +66 -18
- data/src/core/util/http_client/httpcli.h +14 -4
- data/src/core/util/matchers.h +5 -10
- data/src/core/util/ref_counted.h +1 -0
- data/src/core/util/ref_counted_ptr.h +1 -1
- data/src/core/util/useful.h +9 -11
- data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
- data/src/core/xds/grpc/xds_metadata.h +8 -0
- data/src/core/xds/xds_client/xds_api.cc +0 -223
- data/src/core/xds/xds_client/xds_api.h +1 -133
- data/src/core/xds/xds_client/xds_client.cc +599 -466
- data/src/core/xds/xds_client/xds_client.h +107 -26
- data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
- data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
- data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
- data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
- data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
- data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
- data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
- data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
- data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
- data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
- metadata +339 -339
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
- data/src/core/util/atm.cc +0 -34
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
|
@@ -117,46 +117,61 @@
|
|
|
117
117
|
#include <openssl/bytestring.h>
|
|
118
118
|
#include <openssl/err.h>
|
|
119
119
|
|
|
120
|
-
#include "internal.h"
|
|
121
120
|
#include "../crypto/internal.h"
|
|
121
|
+
#include "internal.h"
|
|
122
122
|
|
|
123
123
|
|
|
124
124
|
BSSL_NAMESPACE_BEGIN
|
|
125
125
|
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
static bool dtls1_bitmap_should_discard(DTLS1_BITMAP *bitmap,
|
|
129
|
-
uint64_t seq_num) {
|
|
130
|
-
const size_t kWindowSize = bitmap->map.size();
|
|
126
|
+
bool DTLSReplayBitmap::ShouldDiscard(uint64_t seq_num) const {
|
|
127
|
+
const size_t kWindowSize = map_.size();
|
|
131
128
|
|
|
132
|
-
if (seq_num >
|
|
129
|
+
if (seq_num > max_seq_num_) {
|
|
133
130
|
return false;
|
|
134
131
|
}
|
|
135
|
-
uint64_t idx =
|
|
136
|
-
return idx >= kWindowSize ||
|
|
132
|
+
uint64_t idx = max_seq_num_ - seq_num;
|
|
133
|
+
return idx >= kWindowSize || map_[idx];
|
|
137
134
|
}
|
|
138
135
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
// this function on a stale sequence number.
|
|
142
|
-
static void dtls1_bitmap_record(DTLS1_BITMAP *bitmap, uint64_t seq_num) {
|
|
143
|
-
const size_t kWindowSize = bitmap->map.size();
|
|
136
|
+
void DTLSReplayBitmap::Record(uint64_t seq_num) {
|
|
137
|
+
const size_t kWindowSize = map_.size();
|
|
144
138
|
|
|
145
139
|
// Shift the window if necessary.
|
|
146
|
-
if (seq_num >
|
|
147
|
-
uint64_t shift = seq_num -
|
|
140
|
+
if (seq_num > max_seq_num_) {
|
|
141
|
+
uint64_t shift = seq_num - max_seq_num_;
|
|
148
142
|
if (shift >= kWindowSize) {
|
|
149
|
-
|
|
143
|
+
map_.reset();
|
|
150
144
|
} else {
|
|
151
|
-
|
|
145
|
+
map_ <<= shift;
|
|
152
146
|
}
|
|
153
|
-
|
|
147
|
+
max_seq_num_ = seq_num;
|
|
154
148
|
}
|
|
155
149
|
|
|
156
|
-
uint64_t idx =
|
|
150
|
+
uint64_t idx = max_seq_num_ - seq_num;
|
|
157
151
|
if (idx < kWindowSize) {
|
|
158
|
-
|
|
152
|
+
map_[idx] = true;
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
static uint16_t dtls_record_version(const SSL *ssl) {
|
|
157
|
+
if (ssl->s3->version == 0) {
|
|
158
|
+
// Before the version is determined, outgoing records use dTLS 1.0 for
|
|
159
|
+
// historical compatibility requirements.
|
|
160
|
+
return DTLS1_VERSION;
|
|
159
161
|
}
|
|
162
|
+
// DTLS 1.3 freezes the record version at DTLS 1.2. Previous ones use the
|
|
163
|
+
// version itself.
|
|
164
|
+
return ssl_protocol_version(ssl) >= TLS1_3_VERSION ? DTLS1_2_VERSION
|
|
165
|
+
: ssl->s3->version;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
static uint64_t dtls_aead_sequence(const SSL *ssl, DTLSRecordNumber num) {
|
|
169
|
+
// DTLS 1.3 uses the sequence number with the AEAD, while DTLS 1.2 uses the
|
|
170
|
+
// combined value. If the version is not known, the epoch is unencrypted and
|
|
171
|
+
// the value is ignored.
|
|
172
|
+
return (ssl->s3->version != 0 && ssl_protocol_version(ssl) >= TLS1_3_VERSION)
|
|
173
|
+
? num.sequence()
|
|
174
|
+
: num.combined();
|
|
160
175
|
}
|
|
161
176
|
|
|
162
177
|
// reconstruct_epoch finds the largest epoch that ends with the epoch bits from
|
|
@@ -173,135 +188,188 @@ static uint16_t reconstruct_epoch(uint8_t wire_epoch, uint16_t current_epoch) {
|
|
|
173
188
|
|
|
174
189
|
uint64_t reconstruct_seqnum(uint16_t wire_seq, uint64_t seq_mask,
|
|
175
190
|
uint64_t max_valid_seqnum) {
|
|
191
|
+
// Although DTLS 1.3 can support sequence numbers up to 2^64-1, we continue to
|
|
192
|
+
// enforce the DTLS 1.2 2^48-1 limit. With a minimal DTLS 1.3 record header (2
|
|
193
|
+
// bytes), no payload, and 16 byte AEAD overhead, sending 2^48 records would
|
|
194
|
+
// require 5 petabytes. This allows us to continue to pack a DTLS record
|
|
195
|
+
// number into an 8-byte structure.
|
|
196
|
+
assert(max_valid_seqnum <= DTLSRecordNumber::kMaxSequence);
|
|
197
|
+
assert(seq_mask == 0xff || seq_mask == 0xffff);
|
|
198
|
+
|
|
176
199
|
uint64_t max_seqnum_plus_one = max_valid_seqnum + 1;
|
|
177
200
|
uint64_t diff = (wire_seq - max_seqnum_plus_one) & seq_mask;
|
|
178
201
|
uint64_t step = seq_mask + 1;
|
|
202
|
+
// This addition cannot overflow. It is at most 2^48 + seq_mask. It, however,
|
|
203
|
+
// may exceed 2^48-1.
|
|
179
204
|
uint64_t seqnum = max_seqnum_plus_one + diff;
|
|
180
|
-
|
|
181
|
-
// (max_valid_seqnum, 1, and diff). The values 1 and diff are small (relative
|
|
182
|
-
// to the size of a uint64_t), while max_valid_seqnum can span the range of
|
|
183
|
-
// all uint64_t values. If seqnum is less than max_valid_seqnum, then the
|
|
184
|
-
// addition overflowed.
|
|
185
|
-
bool overflowed = seqnum < max_valid_seqnum;
|
|
205
|
+
bool too_large = seqnum > DTLSRecordNumber::kMaxSequence;
|
|
186
206
|
// If the diff is larger than half the step size, then the closest seqnum
|
|
187
207
|
// to max_seqnum_plus_one (in Z_{2^64}) is seqnum minus step instead of
|
|
188
208
|
// seqnum.
|
|
189
209
|
bool closer_is_less = diff > step / 2;
|
|
190
210
|
// Subtracting step from seqnum will cause underflow if seqnum is too small.
|
|
191
211
|
bool would_underflow = seqnum < step;
|
|
192
|
-
if (
|
|
212
|
+
if (too_large || (closer_is_less && !would_underflow)) {
|
|
193
213
|
seqnum -= step;
|
|
194
214
|
}
|
|
215
|
+
assert(seqnum <= DTLSRecordNumber::kMaxSequence);
|
|
195
216
|
return seqnum;
|
|
196
217
|
}
|
|
197
218
|
|
|
198
|
-
static
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
//
|
|
204
|
-
//
|
|
205
|
-
|
|
219
|
+
static Span<uint8_t> cbs_to_writable_bytes(CBS cbs) {
|
|
220
|
+
return MakeSpan(const_cast<uint8_t *>(CBS_data(&cbs)), CBS_len(&cbs));
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
struct ParsedDTLSRecord {
|
|
224
|
+
// read_epoch will be null if the record is for an unrecognized epoch. In that
|
|
225
|
+
// case, |number| may be unset.
|
|
226
|
+
DTLSReadEpoch *read_epoch = nullptr;
|
|
227
|
+
DTLSRecordNumber number;
|
|
228
|
+
CBS header, body;
|
|
229
|
+
uint8_t type = 0;
|
|
230
|
+
uint16_t version = 0;
|
|
231
|
+
};
|
|
232
|
+
|
|
233
|
+
static bool use_dtls13_record_header(const SSL *ssl, uint16_t epoch) {
|
|
234
|
+
// Plaintext records in DTLS 1.3 also use the DTLSPlaintext structure for
|
|
235
|
+
// backwards compatibility.
|
|
236
|
+
return ssl->s3->version != 0 && ssl_protocol_version(ssl) > TLS1_2_VERSION &&
|
|
237
|
+
epoch > 0;
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
static bool parse_dtls13_record(SSL *ssl, CBS *in, ParsedDTLSRecord *out) {
|
|
241
|
+
if (out->type & 0x10) {
|
|
206
242
|
// Connection ID bit set, which we didn't negotiate.
|
|
207
243
|
return false;
|
|
208
244
|
}
|
|
209
245
|
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
*out_epoch = reconstruct_epoch(type, ssl->d1->r_epoch);
|
|
214
|
-
size_t seqlen = 1;
|
|
215
|
-
if ((type & 0x08) == 0x08) {
|
|
216
|
-
// If this bit is set, the sequence number is 16 bits long, otherwise it is
|
|
217
|
-
// 8 bits. The seqlen variable tracks the length of the sequence number in
|
|
218
|
-
// bytes.
|
|
219
|
-
seqlen = 2;
|
|
246
|
+
uint16_t max_epoch = ssl->d1->read_epoch.epoch;
|
|
247
|
+
if (ssl->d1->next_read_epoch != nullptr) {
|
|
248
|
+
max_epoch = std::max(max_epoch, ssl->d1->next_read_epoch->epoch);
|
|
220
249
|
}
|
|
221
|
-
|
|
222
|
-
|
|
250
|
+
uint16_t epoch = reconstruct_epoch(out->type, max_epoch);
|
|
251
|
+
size_t seq_len = (out->type & 0x08) ? 2 : 1;
|
|
252
|
+
CBS seq_bytes;
|
|
253
|
+
if (!CBS_get_bytes(in, &seq_bytes, seq_len)) {
|
|
223
254
|
return false;
|
|
224
255
|
}
|
|
225
|
-
|
|
226
|
-
if ((type & 0x04) == 0x04) {
|
|
227
|
-
*out_header_len += 2;
|
|
256
|
+
if (out->type & 0x04) {
|
|
228
257
|
// 16-bit length present
|
|
229
|
-
if (!CBS_get_u16_length_prefixed(in,
|
|
230
|
-
// The record header was incomplete or malformed.
|
|
258
|
+
if (!CBS_get_u16_length_prefixed(in, &out->body)) {
|
|
231
259
|
return false;
|
|
232
260
|
}
|
|
233
261
|
} else {
|
|
234
262
|
// No length present - the remaining contents are the whole packet.
|
|
235
263
|
// CBS_get_bytes is used here to advance |in| to the end so that future
|
|
236
264
|
// code that computes the number of consumed bytes functions correctly.
|
|
237
|
-
|
|
265
|
+
BSSL_CHECK(CBS_get_bytes(in, &out->body, CBS_len(in)));
|
|
266
|
+
}
|
|
267
|
+
|
|
268
|
+
// Drop the previous read epoch if expired.
|
|
269
|
+
if (ssl->d1->prev_read_epoch != nullptr &&
|
|
270
|
+
ssl_ctx_get_current_time(ssl->ctx.get()).tv_sec >
|
|
271
|
+
ssl->d1->prev_read_epoch->expire) {
|
|
272
|
+
ssl->d1->prev_read_epoch = nullptr;
|
|
273
|
+
}
|
|
274
|
+
|
|
275
|
+
// Look up the corresponding epoch. This header form only matches encrypted
|
|
276
|
+
// DTLS 1.3 epochs.
|
|
277
|
+
DTLSReadEpoch *read_epoch = nullptr;
|
|
278
|
+
if (epoch == ssl->d1->read_epoch.epoch) {
|
|
279
|
+
read_epoch = &ssl->d1->read_epoch;
|
|
280
|
+
} else if (ssl->d1->next_read_epoch != nullptr &&
|
|
281
|
+
epoch == ssl->d1->next_read_epoch->epoch) {
|
|
282
|
+
read_epoch = ssl->d1->next_read_epoch.get();
|
|
283
|
+
} else if (ssl->d1->prev_read_epoch != nullptr &&
|
|
284
|
+
epoch == ssl->d1->prev_read_epoch->epoch.epoch) {
|
|
285
|
+
read_epoch = &ssl->d1->prev_read_epoch->epoch;
|
|
286
|
+
}
|
|
287
|
+
if (read_epoch != nullptr && use_dtls13_record_header(ssl, epoch)) {
|
|
288
|
+
out->read_epoch = read_epoch;
|
|
289
|
+
|
|
290
|
+
// Decrypt and reconstruct the sequence number:
|
|
291
|
+
uint8_t mask[2];
|
|
292
|
+
if (!read_epoch->rn_encrypter->GenerateMask(mask, out->body)) {
|
|
293
|
+
// GenerateMask most likely failed because the record body was not long
|
|
294
|
+
// enough.
|
|
238
295
|
return false;
|
|
239
296
|
}
|
|
297
|
+
// Apply the mask to the sequence number in-place. The header (with the
|
|
298
|
+
// decrypted sequence number bytes) is used as the additional data for the
|
|
299
|
+
// AEAD function.
|
|
300
|
+
auto writable_seq = cbs_to_writable_bytes(seq_bytes);
|
|
301
|
+
uint64_t seq = 0;
|
|
302
|
+
for (size_t i = 0; i < writable_seq.size(); i++) {
|
|
303
|
+
writable_seq[i] ^= mask[i];
|
|
304
|
+
seq = (seq << 8) | writable_seq[i];
|
|
305
|
+
}
|
|
306
|
+
uint64_t full_seq = reconstruct_seqnum(seq, (1 << (seq_len * 8)) - 1,
|
|
307
|
+
read_epoch->bitmap.max_seq_num());
|
|
308
|
+
out->number = DTLSRecordNumber(epoch, full_seq);
|
|
240
309
|
}
|
|
241
310
|
|
|
242
|
-
// Decrypt and reconstruct the sequence number:
|
|
243
|
-
uint8_t mask[AES_BLOCK_SIZE];
|
|
244
|
-
SSLAEADContext *aead = ssl->s3->aead_read_ctx.get();
|
|
245
|
-
if (!aead->GenerateRecordNumberMask(mask, *out_body)) {
|
|
246
|
-
// GenerateRecordNumberMask most likely failed because the record body was
|
|
247
|
-
// not long enough.
|
|
248
|
-
return false;
|
|
249
|
-
}
|
|
250
|
-
// Apply the mask to the sequence number as it exists in the header. The
|
|
251
|
-
// header (with the decrypted sequence number bytes) is used as the
|
|
252
|
-
// additional data for the AEAD function. Since we don't support Connection
|
|
253
|
-
// ID, the sequence number starts immediately after the type byte.
|
|
254
|
-
uint64_t seq = 0;
|
|
255
|
-
for (size_t i = 0; i < seqlen; i++) {
|
|
256
|
-
packet[i + 1] ^= mask[i];
|
|
257
|
-
seq = (seq << 8) | packet[i + 1];
|
|
258
|
-
}
|
|
259
|
-
*out_sequence = reconstruct_seqnum(seq, (1 << (seqlen * 8)) - 1,
|
|
260
|
-
ssl->d1->bitmap.max_seq_num);
|
|
261
311
|
return true;
|
|
262
312
|
}
|
|
263
313
|
|
|
264
|
-
static bool
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
uint8_t sequence_bytes[8];
|
|
270
|
-
if (!CBS_get_u16(in, out_version) ||
|
|
271
|
-
!CBS_copy_bytes(in, sequence_bytes, sizeof(sequence_bytes))) {
|
|
272
|
-
return false;
|
|
273
|
-
}
|
|
274
|
-
*out_header_len = packet_size - CBS_len(in) + 2;
|
|
275
|
-
if (!CBS_get_u16_length_prefixed(in, out_body) ||
|
|
276
|
-
CBS_len(out_body) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
|
|
314
|
+
static bool parse_dtls12_record(SSL *ssl, CBS *in, ParsedDTLSRecord *out) {
|
|
315
|
+
uint64_t epoch_and_seq;
|
|
316
|
+
if (!CBS_get_u16(in, &out->version) || //
|
|
317
|
+
!CBS_get_u64(in, &epoch_and_seq) ||
|
|
318
|
+
!CBS_get_u16_length_prefixed(in, &out->body)) {
|
|
277
319
|
return false;
|
|
278
320
|
}
|
|
321
|
+
out->number = DTLSRecordNumber::FromCombined(epoch_and_seq);
|
|
279
322
|
|
|
323
|
+
uint16_t epoch = out->number.epoch();
|
|
280
324
|
bool version_ok;
|
|
281
|
-
if (
|
|
325
|
+
if (epoch == 0) {
|
|
282
326
|
// Only check the first byte. Enforcing beyond that can prevent decoding
|
|
283
327
|
// version negotiation failure alerts.
|
|
284
|
-
version_ok = (
|
|
328
|
+
version_ok = (out->version >> 8) == DTLS1_VERSION_MAJOR;
|
|
285
329
|
} else {
|
|
286
|
-
version_ok =
|
|
330
|
+
version_ok = out->version == dtls_record_version(ssl);
|
|
287
331
|
}
|
|
288
|
-
|
|
289
332
|
if (!version_ok) {
|
|
290
333
|
return false;
|
|
291
334
|
}
|
|
292
335
|
|
|
293
|
-
|
|
294
|
-
|
|
336
|
+
// Look up the corresponding epoch. In DTLS 1.2, we only need to consider one
|
|
337
|
+
// epoch.
|
|
338
|
+
if (epoch == ssl->d1->read_epoch.epoch &&
|
|
339
|
+
!use_dtls13_record_header(ssl, epoch)) {
|
|
340
|
+
out->read_epoch = &ssl->d1->read_epoch;
|
|
341
|
+
}
|
|
295
342
|
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
343
|
+
return true;
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
static bool parse_dtls_record(SSL *ssl, CBS *cbs, ParsedDTLSRecord *out) {
|
|
347
|
+
CBS copy = *cbs;
|
|
348
|
+
if (!CBS_get_u8(cbs, &out->type)) {
|
|
299
349
|
return false;
|
|
300
350
|
}
|
|
351
|
+
|
|
352
|
+
bool ok;
|
|
353
|
+
if ((out->type & 0xe0) == 0x20) {
|
|
354
|
+
ok = parse_dtls13_record(ssl, cbs, out);
|
|
355
|
+
} else {
|
|
356
|
+
ok = parse_dtls12_record(ssl, cbs, out);
|
|
357
|
+
}
|
|
358
|
+
if (!ok) {
|
|
359
|
+
return false;
|
|
360
|
+
}
|
|
361
|
+
|
|
362
|
+
if (CBS_len(&out->body) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
|
|
363
|
+
return false;
|
|
364
|
+
}
|
|
365
|
+
|
|
366
|
+
size_t header_len = CBS_data(&out->body) - CBS_data(©);
|
|
367
|
+
BSSL_CHECK(CBS_get_bytes(©, &out->header, header_len));
|
|
301
368
|
return true;
|
|
302
369
|
}
|
|
303
370
|
|
|
304
371
|
enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
372
|
+
DTLSRecordNumber *out_number,
|
|
305
373
|
Span<uint8_t> *out,
|
|
306
374
|
size_t *out_consumed,
|
|
307
375
|
uint8_t *out_alert, Span<uint8_t> in) {
|
|
@@ -314,57 +382,31 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
|
314
382
|
return ssl_open_record_partial;
|
|
315
383
|
}
|
|
316
384
|
|
|
317
|
-
CBS cbs
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
size_t record_header_len;
|
|
321
|
-
if (!CBS_get_u8(&cbs, &type)) {
|
|
322
|
-
// The record header was incomplete or malformed. Drop the entire packet.
|
|
323
|
-
*out_consumed = in.size();
|
|
324
|
-
return ssl_open_record_discard;
|
|
325
|
-
}
|
|
326
|
-
SSLAEADContext *aead = ssl->s3->aead_read_ctx.get();
|
|
327
|
-
uint64_t sequence;
|
|
328
|
-
uint16_t epoch;
|
|
329
|
-
uint16_t version = 0;
|
|
330
|
-
CBS body;
|
|
331
|
-
bool valid_record_header;
|
|
332
|
-
// Decode the record header. If the 3 high bits of the type are 001, then the
|
|
333
|
-
// record header is the DTLS 1.3 format. The DTLS 1.3 format should only be
|
|
334
|
-
// used for encrypted records with DTLS 1.3. Plaintext records or DTLS 1.2
|
|
335
|
-
// records use the old record header format.
|
|
336
|
-
if ((type & 0xe0) == 0x20 && !aead->is_null_cipher() &&
|
|
337
|
-
aead->ProtocolVersion() >= TLS1_3_VERSION) {
|
|
338
|
-
valid_record_header = parse_dtls13_record_header(
|
|
339
|
-
ssl, &cbs, in, type, &body, &sequence, &epoch, &record_header_len);
|
|
340
|
-
} else {
|
|
341
|
-
valid_record_header = parse_dtls_plaintext_record_header(
|
|
342
|
-
ssl, &cbs, in.size(), type, &body, &sequence, &epoch,
|
|
343
|
-
&record_header_len, &version);
|
|
344
|
-
}
|
|
345
|
-
if (!valid_record_header) {
|
|
385
|
+
CBS cbs(in);
|
|
386
|
+
ParsedDTLSRecord record;
|
|
387
|
+
if (!parse_dtls_record(ssl, &cbs, &record)) {
|
|
346
388
|
// The record header was incomplete or malformed. Drop the entire packet.
|
|
347
389
|
*out_consumed = in.size();
|
|
348
390
|
return ssl_open_record_discard;
|
|
349
391
|
}
|
|
350
392
|
|
|
351
|
-
|
|
352
|
-
ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, header);
|
|
393
|
+
ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, record.header);
|
|
353
394
|
|
|
354
|
-
if (
|
|
355
|
-
|
|
356
|
-
// Drop this record. It's from
|
|
357
|
-
//
|
|
395
|
+
if (record.read_epoch == nullptr ||
|
|
396
|
+
record.read_epoch->bitmap.ShouldDiscard(record.number.sequence())) {
|
|
397
|
+
// Drop this record. It's from an unknown epoch or is a replay. Note that if
|
|
398
|
+
// the record is from next epoch, it could be buffered for later. For
|
|
358
399
|
// simplicity, drop it and expect retransmit to handle it later; DTLS must
|
|
359
400
|
// handle packet loss anyway.
|
|
360
401
|
*out_consumed = in.size() - CBS_len(&cbs);
|
|
361
402
|
return ssl_open_record_discard;
|
|
362
403
|
}
|
|
363
404
|
|
|
364
|
-
//
|
|
365
|
-
if (!aead->Open(
|
|
366
|
-
|
|
367
|
-
|
|
405
|
+
// Decrypt the body in-place.
|
|
406
|
+
if (!record.read_epoch->aead->Open(out, record.type, record.version,
|
|
407
|
+
dtls_aead_sequence(ssl, record.number),
|
|
408
|
+
record.header,
|
|
409
|
+
cbs_to_writable_bytes(record.body))) {
|
|
368
410
|
// Bad packets are silently dropped in DTLS. See section 4.2.1 of RFC 6347.
|
|
369
411
|
// Clear the error queue of any errors decryption may have added. Drop the
|
|
370
412
|
// entire packet as it must not have come from the peer.
|
|
@@ -378,8 +420,8 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
|
378
420
|
*out_consumed = in.size() - CBS_len(&cbs);
|
|
379
421
|
|
|
380
422
|
// DTLS 1.3 hides the record type inside the encrypted data.
|
|
381
|
-
bool has_padding =
|
|
382
|
-
|
|
423
|
+
bool has_padding = !record.read_epoch->aead->is_null_cipher() &&
|
|
424
|
+
ssl_protocol_version(ssl) >= TLS1_3_VERSION;
|
|
383
425
|
// Check the plaintext length.
|
|
384
426
|
size_t plaintext_limit = SSL3_RT_MAX_PLAIN_LENGTH + (has_padding ? 1 : 0);
|
|
385
427
|
if (out->size() > plaintext_limit) {
|
|
@@ -395,45 +437,82 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
|
395
437
|
*out_alert = SSL_AD_DECRYPT_ERROR;
|
|
396
438
|
return ssl_open_record_error;
|
|
397
439
|
}
|
|
398
|
-
type = out->back();
|
|
440
|
+
record.type = out->back();
|
|
399
441
|
*out = out->subspan(0, out->size() - 1);
|
|
400
|
-
} while (type == 0);
|
|
442
|
+
} while (record.type == 0);
|
|
401
443
|
}
|
|
402
444
|
|
|
403
|
-
|
|
445
|
+
record.read_epoch->bitmap.Record(record.number.sequence());
|
|
446
|
+
|
|
447
|
+
// Once we receive a record from the next epoch in DTLS 1.3, it becomes the
|
|
448
|
+
// current epoch. Also save the previous epoch. This allows us to handle
|
|
449
|
+
// packet reordering on KeyUpdate, as well as ACK retransmissions of the
|
|
450
|
+
// Finished flight.
|
|
451
|
+
if (record.read_epoch == ssl->d1->next_read_epoch.get()) {
|
|
452
|
+
assert(ssl_protocol_version(ssl) >= TLS1_3_VERSION);
|
|
453
|
+
auto prev = MakeUnique<DTLSPrevReadEpoch>();
|
|
454
|
+
if (prev == nullptr) {
|
|
455
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
456
|
+
return ssl_open_record_error;
|
|
457
|
+
}
|
|
458
|
+
|
|
459
|
+
// Release the epoch after a timeout.
|
|
460
|
+
prev->expire = ssl_ctx_get_current_time(ssl->ctx.get()).tv_sec;
|
|
461
|
+
if (prev->expire >= UINT64_MAX - DTLS_PREV_READ_EPOCH_EXPIRE_SECONDS) {
|
|
462
|
+
prev->expire = UINT64_MAX; // Saturate on overflow.
|
|
463
|
+
} else {
|
|
464
|
+
prev->expire += DTLS_PREV_READ_EPOCH_EXPIRE_SECONDS;
|
|
465
|
+
}
|
|
466
|
+
|
|
467
|
+
prev->epoch = std::move(ssl->d1->read_epoch);
|
|
468
|
+
ssl->d1->prev_read_epoch = std::move(prev);
|
|
469
|
+
ssl->d1->read_epoch = std::move(*ssl->d1->next_read_epoch);
|
|
470
|
+
ssl->d1->next_read_epoch = nullptr;
|
|
471
|
+
}
|
|
404
472
|
|
|
405
473
|
// TODO(davidben): Limit the number of empty records as in TLS? This is only
|
|
406
474
|
// useful if we also limit discarded packets.
|
|
407
475
|
|
|
408
|
-
if (type == SSL3_RT_ALERT) {
|
|
476
|
+
if (record.type == SSL3_RT_ALERT) {
|
|
409
477
|
return ssl_process_alert(ssl, out_alert, *out);
|
|
410
478
|
}
|
|
411
479
|
|
|
480
|
+
// Reject application data in epochs that do not allow it.
|
|
481
|
+
if (record.type == SSL3_RT_APPLICATION_DATA) {
|
|
482
|
+
bool app_data_allowed;
|
|
483
|
+
if (ssl->s3->version != 0 && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
484
|
+
// Application data is allowed in 0-RTT (epoch 1) and after the handshake
|
|
485
|
+
// (3 and up).
|
|
486
|
+
app_data_allowed =
|
|
487
|
+
record.number.epoch() == 1 || record.number.epoch() >= 3;
|
|
488
|
+
} else {
|
|
489
|
+
// Application data is allowed starting epoch 1.
|
|
490
|
+
app_data_allowed = record.number.epoch() >= 1;
|
|
491
|
+
}
|
|
492
|
+
if (!app_data_allowed) {
|
|
493
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
|
|
494
|
+
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
|
|
495
|
+
return ssl_open_record_error;
|
|
496
|
+
}
|
|
497
|
+
}
|
|
498
|
+
|
|
412
499
|
ssl->s3->warning_alert_count = 0;
|
|
413
500
|
|
|
414
|
-
*out_type = type;
|
|
501
|
+
*out_type = record.type;
|
|
502
|
+
*out_number = record.number;
|
|
415
503
|
return ssl_open_record_success;
|
|
416
504
|
}
|
|
417
505
|
|
|
418
|
-
static
|
|
419
|
-
if (epoch ==
|
|
420
|
-
return ssl->d1->
|
|
506
|
+
static DTLSWriteEpoch *get_write_epoch(const SSL *ssl, uint16_t epoch) {
|
|
507
|
+
if (ssl->d1->write_epoch.epoch() == epoch) {
|
|
508
|
+
return &ssl->d1->write_epoch;
|
|
421
509
|
}
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
510
|
+
for (const auto &e : ssl->d1->extra_write_epochs) {
|
|
511
|
+
if (e->epoch() == epoch) {
|
|
512
|
+
return e.get();
|
|
513
|
+
}
|
|
426
514
|
}
|
|
427
|
-
|
|
428
|
-
BSSL_CHECK(epoch == ssl->d1->w_epoch);
|
|
429
|
-
return ssl->s3->aead_write_ctx.get();
|
|
430
|
-
}
|
|
431
|
-
|
|
432
|
-
static bool use_dtls13_record_header(const SSL *ssl, uint16_t epoch) {
|
|
433
|
-
// Plaintext records in DTLS 1.3 also use the DTLSPlaintext structure for
|
|
434
|
-
// backwards compatibility.
|
|
435
|
-
return ssl->s3->have_version && ssl_protocol_version(ssl) > TLS1_2_VERSION &&
|
|
436
|
-
epoch > 0;
|
|
515
|
+
return nullptr;
|
|
437
516
|
}
|
|
438
517
|
|
|
439
518
|
size_t dtls_record_header_write_len(const SSL *ssl, uint16_t epoch) {
|
|
@@ -448,10 +527,13 @@ size_t dtls_record_header_write_len(const SSL *ssl, uint16_t epoch) {
|
|
|
448
527
|
return DTLS1_3_RECORD_HEADER_WRITE_LENGTH;
|
|
449
528
|
}
|
|
450
529
|
|
|
451
|
-
size_t dtls_max_seal_overhead(const SSL *ssl,
|
|
452
|
-
|
|
530
|
+
size_t dtls_max_seal_overhead(const SSL *ssl, uint16_t epoch) {
|
|
531
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
532
|
+
if (write_epoch == nullptr) {
|
|
533
|
+
return 0;
|
|
534
|
+
}
|
|
453
535
|
size_t ret = dtls_record_header_write_len(ssl, epoch) +
|
|
454
|
-
|
|
536
|
+
write_epoch->aead->MaxOverhead();
|
|
455
537
|
if (use_dtls13_record_header(ssl, epoch)) {
|
|
456
538
|
// Add 1 byte for the encrypted record type.
|
|
457
539
|
ret++;
|
|
@@ -460,13 +542,35 @@ size_t dtls_max_seal_overhead(const SSL *ssl,
|
|
|
460
542
|
}
|
|
461
543
|
|
|
462
544
|
size_t dtls_seal_prefix_len(const SSL *ssl, uint16_t epoch) {
|
|
545
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
546
|
+
if (write_epoch == nullptr) {
|
|
547
|
+
return 0;
|
|
548
|
+
}
|
|
463
549
|
return dtls_record_header_write_len(ssl, epoch) +
|
|
464
|
-
|
|
550
|
+
write_epoch->aead->ExplicitNonceLen();
|
|
465
551
|
}
|
|
466
552
|
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
553
|
+
size_t dtls_seal_max_input_len(const SSL *ssl, uint16_t epoch, size_t max_out) {
|
|
554
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
555
|
+
if (write_epoch == nullptr) {
|
|
556
|
+
return 0;
|
|
557
|
+
}
|
|
558
|
+
size_t header_len = dtls_record_header_write_len(ssl, epoch);
|
|
559
|
+
if (max_out <= header_len) {
|
|
560
|
+
return 0;
|
|
561
|
+
}
|
|
562
|
+
max_out -= header_len;
|
|
563
|
+
max_out = write_epoch->aead->MaxSealInputLen(max_out);
|
|
564
|
+
if (max_out > 0 && use_dtls13_record_header(ssl, epoch)) {
|
|
565
|
+
// Remove 1 byte for the encrypted record type.
|
|
566
|
+
max_out--;
|
|
567
|
+
}
|
|
568
|
+
return max_out;
|
|
569
|
+
}
|
|
570
|
+
|
|
571
|
+
bool dtls_seal_record(SSL *ssl, DTLSRecordNumber *out_number, uint8_t *out,
|
|
572
|
+
size_t *out_len, size_t max_out, uint8_t type,
|
|
573
|
+
const uint8_t *in, size_t in_len, uint16_t epoch) {
|
|
470
574
|
const size_t prefix = dtls_seal_prefix_len(ssl, epoch);
|
|
471
575
|
if (buffers_alias(in, in_len, out, max_out) &&
|
|
472
576
|
(max_out < prefix || out + prefix != in)) {
|
|
@@ -475,26 +579,21 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
475
579
|
}
|
|
476
580
|
|
|
477
581
|
// Determine the parameters for the current epoch.
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
582
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
583
|
+
if (write_epoch == nullptr) {
|
|
584
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
585
|
+
return false;
|
|
482
586
|
}
|
|
483
|
-
// TODO(crbug.com/boringssl/715): If epoch is initial or handshake, the value
|
|
484
|
-
// of seq is probably wrong for a retransmission.
|
|
485
587
|
|
|
486
588
|
const size_t record_header_len = dtls_record_header_write_len(ssl, epoch);
|
|
487
589
|
|
|
488
590
|
// Ensure the sequence number update does not overflow.
|
|
489
|
-
|
|
490
|
-
if (
|
|
591
|
+
DTLSRecordNumber record_number = write_epoch->next_record;
|
|
592
|
+
if (!record_number.HasNext()) {
|
|
491
593
|
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
|
|
492
594
|
return false;
|
|
493
595
|
}
|
|
494
596
|
|
|
495
|
-
uint16_t record_version = ssl->s3->aead_write_ctx->RecordVersion();
|
|
496
|
-
uint64_t seq_with_epoch = (uint64_t{epoch} << 48) | *seq;
|
|
497
|
-
|
|
498
597
|
bool dtls13_header = use_dtls13_record_header(ssl, epoch);
|
|
499
598
|
uint8_t *extra_in = NULL;
|
|
500
599
|
size_t extra_in_len = 0;
|
|
@@ -504,7 +603,8 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
504
603
|
}
|
|
505
604
|
|
|
506
605
|
size_t ciphertext_len;
|
|
507
|
-
if (!aead->CiphertextLen(&ciphertext_len, in_len,
|
|
606
|
+
if (!write_epoch->aead->CiphertextLen(&ciphertext_len, in_len,
|
|
607
|
+
extra_in_len)) {
|
|
508
608
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE);
|
|
509
609
|
return false;
|
|
510
610
|
}
|
|
@@ -513,6 +613,7 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
513
613
|
return false;
|
|
514
614
|
}
|
|
515
615
|
|
|
616
|
+
uint16_t record_version = dtls_record_version(ssl);
|
|
516
617
|
if (dtls13_header) {
|
|
517
618
|
// The first byte of the DTLS 1.3 record header has the following format:
|
|
518
619
|
// 0 1 2 3 4 5 6 7
|
|
@@ -528,27 +629,26 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
528
629
|
// |0|0|1|0|1|1|E E|
|
|
529
630
|
// +-+-+-+-+-+-+-+-+
|
|
530
631
|
out[0] = 0x2c | (epoch & 0x3);
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
out
|
|
535
|
-
//
|
|
536
|
-
|
|
632
|
+
// We always use a two-byte sequence number. A one-byte sequence number
|
|
633
|
+
// would require coordinating with the application on ACK feedback to know
|
|
634
|
+
// that the peer is not too far behind.
|
|
635
|
+
CRYPTO_store_u16_be(out + 1, write_epoch->next_record.sequence());
|
|
636
|
+
// TODO(crbug.com/42290594): When we know the record is last in the packet,
|
|
637
|
+
// omit the length.
|
|
638
|
+
CRYPTO_store_u16_be(out + 3, ciphertext_len);
|
|
537
639
|
} else {
|
|
538
640
|
out[0] = type;
|
|
539
|
-
out
|
|
540
|
-
out
|
|
541
|
-
|
|
542
|
-
out[11] = ciphertext_len >> 8;
|
|
543
|
-
out[12] = ciphertext_len & 0xff;
|
|
641
|
+
CRYPTO_store_u16_be(out + 1, record_version);
|
|
642
|
+
CRYPTO_store_u64_be(out + 3, record_number.combined());
|
|
643
|
+
CRYPTO_store_u16_be(out + 11, ciphertext_len);
|
|
544
644
|
}
|
|
545
645
|
Span<const uint8_t> header = MakeConstSpan(out, record_header_len);
|
|
546
646
|
|
|
547
647
|
|
|
548
|
-
if (!aead->SealScatter(
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
648
|
+
if (!write_epoch->aead->SealScatter(
|
|
649
|
+
out + record_header_len, out + prefix, out + prefix + in_len, type,
|
|
650
|
+
record_version, dtls_aead_sequence(ssl, record_number), header, in,
|
|
651
|
+
in_len, extra_in, extra_in_len)) {
|
|
552
652
|
return false;
|
|
553
653
|
}
|
|
554
654
|
|
|
@@ -560,18 +660,16 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
560
660
|
// it needs (and error if |sample| is too short).
|
|
561
661
|
Span<const uint8_t> sample =
|
|
562
662
|
MakeConstSpan(out + record_header_len, ciphertext_len);
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
// first two bytes from the mask.
|
|
566
|
-
uint8_t mask[AES_BLOCK_SIZE];
|
|
567
|
-
if (!aead->GenerateRecordNumberMask(mask, sample)) {
|
|
663
|
+
uint8_t mask[2];
|
|
664
|
+
if (!write_epoch->rn_encrypter->GenerateMask(mask, sample)) {
|
|
568
665
|
return false;
|
|
569
666
|
}
|
|
570
667
|
out[1] ^= mask[0];
|
|
571
668
|
out[2] ^= mask[1];
|
|
572
669
|
}
|
|
573
670
|
|
|
574
|
-
|
|
671
|
+
*out_number = record_number;
|
|
672
|
+
write_epoch->next_record = record_number.Next();
|
|
575
673
|
*out_len = record_header_len + ciphertext_len;
|
|
576
674
|
ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header);
|
|
577
675
|
return true;
|