grpc 1.69.0 → 1.70.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +251 -249
- data/include/grpc/support/atm.h +0 -13
- data/src/core/call/request_buffer.cc +224 -0
- data/src/core/call/request_buffer.h +192 -0
- data/src/core/client_channel/client_channel.cc +2 -3
- data/src/core/client_channel/client_channel_args.h +21 -0
- data/src/core/client_channel/client_channel_filter.h +1 -3
- data/src/core/client_channel/retry_interceptor.cc +406 -0
- data/src/core/client_channel/retry_interceptor.h +157 -0
- data/src/core/client_channel/retry_service_config.h +13 -0
- data/src/core/client_channel/retry_throttle.cc +33 -18
- data/src/core/client_channel/retry_throttle.h +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +596 -94
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +189 -13
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_security.cc +1 -3
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +40 -1
- data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +3 -1
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +66 -36
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +19 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +116 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +31 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +67 -6
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +12 -8
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb.h +151 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.c +60 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_cmsg_headers.upb_minitable.h +32 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +228 -21
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +65 -17
- data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +6 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +7 -106
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +7 -28
- data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +85 -0
- data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +25 -3
- data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +2 -1
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +152 -0
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +40 -10
- data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +135 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +41 -9
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +0 -2
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +16 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +3 -2
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +60 -0
- data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +102 -24
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +28 -19
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +251 -18
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +41 -16
- data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +2 -1
- data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +11 -10
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +418 -413
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +161 -153
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +267 -261
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_cmsg_headers.upbdefs.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +29 -19
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +58 -65
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +0 -5
- data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +73 -63
- data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +49 -48
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +117 -100
- data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +905 -897
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +460 -457
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +95 -95
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +202 -191
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +148 -135
- data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +23 -22
- data/src/core/filter/filter_args.h +112 -0
- data/src/core/handshaker/http_connect/http_connect_handshaker.cc +1 -1
- data/src/core/lib/channel/promise_based_filter.h +5 -79
- data/src/core/lib/debug/trace_flags.cc +2 -0
- data/src/core/lib/debug/trace_flags.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +14 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +7 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +0 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +1 -0
- data/src/core/lib/experiments/experiments.cc +90 -39
- data/src/core/lib/experiments/experiments.h +43 -24
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +1 -1
- data/src/core/lib/promise/activity.cc +2 -0
- data/src/core/lib/promise/activity.h +29 -8
- data/src/core/lib/promise/map.h +42 -0
- data/src/core/lib/promise/party.cc +36 -1
- data/src/core/lib/promise/party.h +13 -5
- data/src/core/lib/promise/sleep.h +1 -0
- data/src/core/lib/promise/status_flag.h +10 -0
- data/src/core/lib/resource_quota/arena.h +8 -0
- data/src/core/lib/resource_quota/connection_quota.h +4 -0
- data/src/core/lib/surface/call_utils.h +2 -0
- data/src/core/lib/surface/client_call.cc +43 -35
- data/src/core/lib/surface/client_call.h +5 -0
- data/src/core/lib/surface/event_string.cc +7 -1
- data/src/core/lib/surface/init_internally.h +13 -2
- data/src/core/lib/surface/server_call.cc +100 -85
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/call_filters.cc +10 -4
- data/src/core/lib/transport/call_filters.h +8 -0
- data/src/core/lib/transport/call_spine.cc +36 -71
- data/src/core/lib/transport/call_spine.h +131 -7
- data/src/core/lib/transport/call_state.h +132 -39
- data/src/core/lib/transport/interception_chain.cc +8 -0
- data/src/core/lib/transport/interception_chain.h +9 -0
- data/src/core/load_balancing/endpoint_list.cc +10 -0
- data/src/core/load_balancing/endpoint_list.h +13 -6
- data/src/core/load_balancing/lb_policy.h +0 -8
- data/src/core/load_balancing/pick_first/pick_first.cc +89 -56
- data/src/core/load_balancing/ring_hash/ring_hash.cc +158 -70
- data/src/core/load_balancing/ring_hash/ring_hash.h +4 -11
- data/src/core/load_balancing/round_robin/round_robin.cc +9 -14
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +12 -15
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +4 -4
- data/src/core/resolver/xds/xds_dependency_manager.cc +139 -135
- data/src/core/resolver/xds/xds_dependency_manager.h +24 -18
- data/src/core/resolver/xds/xds_resolver.cc +28 -47
- data/src/core/server/server.cc +290 -24
- data/src/core/server/server.h +199 -61
- data/src/core/server/xds_server_config_fetcher.cc +78 -142
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/util/backoff.cc +15 -4
- data/src/core/util/http_client/httpcli.cc +66 -18
- data/src/core/util/http_client/httpcli.h +14 -4
- data/src/core/util/matchers.h +5 -10
- data/src/core/util/ref_counted.h +1 -0
- data/src/core/util/ref_counted_ptr.h +1 -1
- data/src/core/util/useful.h +9 -11
- data/src/core/xds/grpc/xds_endpoint_parser.cc +54 -23
- data/src/core/xds/grpc/xds_metadata.h +8 -0
- data/src/core/xds/xds_client/xds_api.cc +0 -223
- data/src/core/xds/xds_client/xds_api.h +1 -133
- data/src/core/xds/xds_client/xds_client.cc +599 -466
- data/src/core/xds/xds_client/xds_client.h +107 -26
- data/src/core/xds/xds_client/xds_resource_type_impl.h +10 -5
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bitstr.c → a_bitstr.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_d2i_fp.c → a_d2i_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_dup.c → a_dup.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_i2d_fp.c → a_i2d_fp.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_int.c → a_int.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_mbstr.c → a_mbstr.cc} +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_object.c → a_object.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strnid.c → a_strnid.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_type.c → a_type.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_lib.c → asn1_lib.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn_pack.c → asn_pack.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{posix_time.c → posix_time.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_dec.c → tasn_dec.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_enc.c → tasn_enc.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_fre.c → tasn_fre.cc} +14 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_new.c → tasn_new.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_utl.c → tasn_utl.cc} +13 -10
- data/third_party/boringssl-with-bazel/src/crypto/base64/{base64.c → base64.cc} +9 -12
- data/third_party/boringssl-with-bazel/src/crypto/bcm_support.h +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio.c → bio.cc} +32 -58
- data/third_party/boringssl-with-bazel/src/crypto/bio/{bio_mem.c → bio_mem.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/{connect.c → connect.cc} +24 -16
- data/third_party/boringssl-with-bazel/src/crypto/bio/{file.c → file.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/{pair.c → pair.cc} +22 -20
- data/third_party/boringssl-with-bazel/src/crypto/bio/{printf.c → printf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/{socket_helper.c → socket_helper.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/blake2/{blake2.c → blake2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{bn_asn1.c → bn_asn1.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/{convert.c → convert.cc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/buf/{buf.c → buf.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{asn1_compat.c → asn1_compat.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{ber.c → ber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbb.c → cbb.cc} +33 -49
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{cbs.c → cbs.cc} +20 -27
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/{unicode.c → unicode.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/{chacha.c → chacha.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesctrhmac.c → e_aesctrhmac.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_aesgcmsiv.c → e_aesgcmsiv.cc} +23 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_chacha20poly1305.c → e_chacha20poly1305.cc} +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_des.c → e_des.cc} +61 -49
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_null.c → e_null.cc} +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc2.c → e_rc2.cc} +23 -19
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_rc4.c → e_rc4.cc} +10 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{e_tls.c → e_tls.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/{conf.c → conf.cc} +17 -14
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_apple.c → cpu_aarch64_apple.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_fuchsia.c → cpu_aarch64_fuchsia.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_linux.c → cpu_aarch64_linux.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_openbsd.c → cpu_aarch64_openbsd.cc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_sysreg.c → cpu_aarch64_sysreg.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_aarch64_win.c → cpu_aarch64_win.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_freebsd.c → cpu_arm_freebsd.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_arm_linux.c → cpu_arm_linux.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_linux.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{cpu_intel.c → cpu_intel.cc} +47 -32
- data/third_party/boringssl-with-bazel/src/crypto/{crypto.c → crypto.cc} +6 -11
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519.c → curve25519.cc} +28 -31
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{curve25519_64_adx.c → curve25519_64_adx.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/{spake25519.c → spake25519.cc} +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{dh_asn1.c → dh_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/{digest_extra.c → digest_extra.cc} +113 -31
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa.c → dsa.cc} +153 -154
- data/third_party/boringssl-with-bazel/src/crypto/dsa/{dsa_asn1.c → dsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_asn1.c → ec_asn1.cc} +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{ec_derive.c → ec_derive.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/{hash_to_curve.c → hash_to_curve.cc} +66 -64
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/{ecdsa_asn1.c → ecdsa_asn1.cc} +15 -25
- data/third_party/boringssl-with-bazel/src/crypto/engine/{engine.c → engine.cc} +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/err/{err.c → err.cc} +24 -27
- data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp.c → evp.cc} +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_ctx.c → evp_ctx.cc} +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh.c → p_dh.cc} +23 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dh_asn1.c → p_dh_asn1.cc} +38 -21
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_dsa_asn1.c → p_dsa_asn1.cc} +19 -24
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec.c → p_ec.cc} +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ec_asn1.c → p_ec_asn1.cc} +20 -20
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519.c → p_ed25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_ed25519_asn1.c → p_ed25519_asn1.cc} +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_hkdf.c → p_hkdf.cc} +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa.c → p_rsa.cc} +38 -37
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_rsa_asn1.c → p_rsa_asn1.cc} +16 -18
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519.c → p_x25519.cc} +22 -19
- data/third_party/boringssl-with-bazel/src/crypto/evp/{p_x25519_asn1.c → p_x25519_asn1.cc} +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/{pbkdf.c → pbkdf.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/{print.c → print.cc} +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/{scrypt.c → scrypt.cc} +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/{ex_data.c → ex_data.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c.inc → aes_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c.inc → key_wrap.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{bcm.c → bcm.cc} +96 -101
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +165 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c.inc → add.cc.inc} +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c.inc → x86_64-gcc.cc.inc} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c.inc → bn.cc.inc} +12 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c.inc → ctx.cc.inc} +5 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c.inc → div.cc.inc} +29 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c.inc → div_extra.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c.inc → exponentiation.cc.inc} +22 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c.inc → gcd.cc.inc} +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c.inc → gcd_extra.cc.inc} +33 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c.inc → montgomery.cc.inc} +10 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c.inc → mul.cc.inc} +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c.inc → prime.cc.inc} +31 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c.inc → shift.cc.inc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c.inc → aead.cc.inc} +18 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c.inc → cipher.cc.inc} +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c.inc → e_aes.cc.inc} +46 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c.inc → cmac.cc.inc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +14 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c.inc → dh.cc.inc} +15 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c.inc → digest.cc.inc} +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c.inc → digests.cc.inc} +29 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c.inc → digestsign.cc.inc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/builtin_curves.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c.inc → ec.cc.inc} +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c.inc → ec_key.cc.inc} +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c.inc → felem.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c.inc → oct.cc.inc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c.inc → p224-64.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz-table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c.inc → p256-nistz.cc.inc} +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c.inc → p256.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c.inc → scalar.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c.inc → simple_mul.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c.inc → util.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c.inc → wnaf.cc.inc} +24 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c.inc → ecdh.cc.inc} +14 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c.inc → ecdsa.cc.inc} +6 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/{fips_shared_support.c → fips_shared_support.cc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c.inc → hkdf.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c.inc → hmac.cc.inc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c.inc → gcm.cc.inc} +69 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c.inc → gcm_nohw.cc.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +53 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c.inc → polyval.cc.inc} +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c.inc → ctrdrbg.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c.inc → rand.cc.inc} +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c.inc → blinding.cc.inc} +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c.inc → padding.cc.inc} +21 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c.inc → rsa.cc.inc} +77 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c.inc → rsa_impl.cc.inc} +50 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c.inc → fips.cc.inc} +14 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c.inc → self_check.cc.inc} +56 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c.inc → service_indicator.cc.inc} +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c.inc → sha1.cc.inc} +26 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c.inc → sha256.cc.inc} +37 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c.inc → sha512.cc.inc} +48 -76
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/hpke/{hpke.c → hpke.cc} +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/hrss/{hrss.c → hrss.cc} +53 -110
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +191 -248
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/keccak/{keccak.c → keccak.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/{kyber.c → kyber.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/lhash/{lhash.c → lhash.cc} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md4/md4.c.inc → md4/md4.cc} +8 -12
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5 → md5}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/md5/md5.c.inc → md5/md5.cc} +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/{mem.c → mem.cc} +34 -22
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/{mldsa.c → mldsa.cc} +646 -543
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/obj/{obj.c → obj.cc} +27 -30
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_info.c → pem_info.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_lib.c → pem_lib.cc} +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_oth.c → pem_oth.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7.c → pkcs7.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/{pkcs7_x509.c → pkcs7_x509.cc} +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{p5_pbev2.c → p5_pbev2.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8.c → pkcs8.cc} +159 -158
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/{pkcs8_x509.c → pkcs8_x509.cc} +90 -97
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305.c → poly1305.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_arm.c → poly1305_arm.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/{poly1305_vec.c → poly1305_vec.cc} +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/{pool.c → pool.cc} +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{deterministic.c → deterministic.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{fork_detect.c → fork_detect.cc} +11 -12
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{forkunsafe.c → forkunsafe.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{getentropy.c → getentropy.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getrandom_fillin.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{ios.c → ios.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{passive.c → passive.cc} +22 -18
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{rand_extra.c → rand_extra.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{trusty.c → trusty.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{urandom.c → urandom.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/{windows.c → windows.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{refcount.c → refcount.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_asn1.c → rsa_asn1.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_crypt.c → rsa_crypt.cc} +81 -78
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_extra.cc +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha1.cc +52 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha256.cc +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/sha/sha512.cc +104 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/{siphash.c → siphash.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/address.h +123 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.cc +169 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/fors.h +58 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/internal.h +63 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.cc +161 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/merkle.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/params.h +83 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/slhdsa.cc +307 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.cc +173 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/thash.h +85 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.cc +171 -0
- data/third_party/boringssl-with-bazel/src/crypto/slhdsa/wots.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/{stack.c → stack.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/{thread_none.c → thread_none.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{thread_pthread.c → thread_pthread.cc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/{thread_win.c → thread_win.cc} +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{pmbtoken.c → pmbtoken.cc} +146 -158
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{trust_token.c → trust_token.cc} +19 -21
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/{voprf.c → voprf.cc} +165 -169
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_digest.c → a_digest.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_sign.c → a_sign.cc} +37 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/{a_verify.c → a_verify.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{algorithm.c → algorithm.cc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{asn1_gen.c → asn1_gen.cc} +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{by_dir.c → by_dir.cc} +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{policy.c → policy.cc} +188 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/{rsa_pss.c → rsa_pss.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akey.c → v3_akey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_alt.c → v3_alt.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bcons.c → v3_bcons.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_bitst.c → v3_bitst.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_conf.c → v3_conf.cc} +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_cpols.c → v3_cpols.cc} +47 -41
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_crld.c → v3_crld.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_enum.c → v3_enum.cc} +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_extku.c → v3_extku.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_genn.c → v3_genn.cc} +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ia5.c → v3_ia5.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_info.c → v3_info.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_int.c → v3_int.cc} +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_lib.c → v3_lib.cc} +9 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ncons.c → v3_ncons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_ocsp.c → v3_ocsp.cc} +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pcons.c → v3_pcons.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_pmaps.c → v3_pmaps.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_prn.c → v3_prn.cc} +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_purp.c → v3_purp.cc} +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_skey.c → v3_skey.cc} +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_utl.c → v3_utl.cc} +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_att.c → x509_att.cc} +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_lu.c → x509_lu.cc} +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_v3.c → x509_v3.cc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vfy.c → x509_vfy.cc} +216 -212
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_vpm.c → x509_vpm.cc} +55 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x509spki.c → x509spki.cc} +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_all.c → x_all.cc} +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_crl.c → x_crl.cc} +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_name.c → x_name.cc} +39 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_pubkey.c → x_pubkey.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509.c → x_x509.cc} +48 -44
- data/third_party/boringssl-with-bazel/src/crypto/x509/{x_x509a.c → x_x509a.cc} +4 -2
- data/third_party/boringssl-with-bazel/src/gen/crypto/{err_data.c → err_data.cc} +359 -358
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +237 -275
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bcm_public.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +13 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +17 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/kyber.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +8 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +2 -40
- data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/slhdsa.h +133 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +6 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +160 -116
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +667 -322
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +116 -119
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +163 -21
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +4 -12
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +94 -49
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +296 -198
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +23 -14
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +363 -343
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +48 -58
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +44 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -159
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +65 -58
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +910 -356
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +29 -41
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +13 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +90 -183
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +38 -64
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +103 -44
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +210 -220
- data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +70 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +20 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +146 -169
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +15 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +79 -95
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +91 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +30 -16
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +51 -56
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +22 -25
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +43 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +63 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +204 -121
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +86 -59
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +51 -62
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +37 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +6 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +3 -0
- metadata +339 -339
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +0 -426
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +0 -87
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +0 -32
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +0 -408
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +0 -124
- data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +0 -38
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +0 -108
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +0 -33
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
- data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -48
- data/src/core/util/atm.cc +0 -34
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/dilithium.c +0 -1539
- data/third_party/boringssl-with-bazel/src/crypto/dilithium/internal.h +0 -58
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +0 -101
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +0 -50
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +0 -133
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +0 -54
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +0 -150
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +0 -61
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +0 -71
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +0 -53
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +0 -44
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +0 -136
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +0 -70
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +0 -135
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +0 -45
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +0 -129
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/spx.h +0 -90
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_bool.c → a_bool.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_gentm.c → a_gentm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_octet.c → a_octet.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_strex.c → a_strex.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_time.c → a_time.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{a_utctm.c → a_utctm.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_par.c → asn1_par.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_int.c → f_int.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{f_string.c → f_string.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/asn1/{tasn_typ.c → tasn_typ.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{errno.c → errno.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{fd.c → fd.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{hexdump.c → hexdump.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/bio/{socket.c → socket.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{cipher_extra.c → cipher_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{derive_key.c → derive_key.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/{tls_cbc.c → tls_cbc.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/des/{des.c → des.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/dh_extra/{params.c → params.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/{ecdh_extra.c → ecdh_extra.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{evp_asn1.c → evp_asn1.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/evp/{sign.c → sign.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c.inc → aes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c.inc → mode_wrappers.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c.inc → bytes.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c.inc → cmp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c.inc → generic.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c.inc → jacobi.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c.inc → montgomery_inv.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c.inc → random.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c.inc → rsaz_exp.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c.inc → sqrt.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c.inc → e_aesccm.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c.inc → check.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c.inc → ec_montgomery.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c.inc → simple.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c.inc → cbc.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c.inc → cfb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c.inc → ctr.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c.inc → ofb.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c.inc → kdf.cc.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/obj/{obj_xref.c → obj_xref.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_all.c → pem_all.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pk8.c → pem_pk8.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_pkey.c → pem_pkey.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_x509.c → pem_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/pem/{pem_xaux.c → pem_xaux.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rc4/{rc4.c → rc4.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/{rsa_print.c → rsa_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{thread.c → thread.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{by_file.c → by_file.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{i2d_pr.c → i2d_pr.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{name_print.c → name_print.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_crl.c → t_crl.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_req.c → t_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509.c → t_x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{t_x509a.c → t_x509a.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{v3_akeya.c → v3_akeya.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509.c → x509.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_cmp.c → x509_cmp.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_d2.c → x509_d2.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_def.c → x509_def.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_ext.c → x509_ext.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_obj.c → x509_obj.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_req.c → x509_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_set.c → x509_set.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_trs.c → x509_trs.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509_txt.c → x509_txt.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509cset.c → x509cset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509name.c → x509name.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x509rset.c → x509rset.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_algor.c → x_algor.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_attrib.c → x_attrib.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_exten.c → x_exten.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_req.c → x_req.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_sig.c → x_sig.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_spki.c → x_spki.cc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/x509/{x_val.c → x_val.cc} +0 -0
|
@@ -117,46 +117,61 @@
|
|
|
117
117
|
#include <openssl/bytestring.h>
|
|
118
118
|
#include <openssl/err.h>
|
|
119
119
|
|
|
120
|
-
#include "internal.h"
|
|
121
120
|
#include "../crypto/internal.h"
|
|
121
|
+
#include "internal.h"
|
|
122
122
|
|
|
123
123
|
|
|
124
124
|
BSSL_NAMESPACE_BEGIN
|
|
125
125
|
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
static bool dtls1_bitmap_should_discard(DTLS1_BITMAP *bitmap,
|
|
129
|
-
uint64_t seq_num) {
|
|
130
|
-
const size_t kWindowSize = bitmap->map.size();
|
|
126
|
+
bool DTLSReplayBitmap::ShouldDiscard(uint64_t seq_num) const {
|
|
127
|
+
const size_t kWindowSize = map_.size();
|
|
131
128
|
|
|
132
|
-
if (seq_num >
|
|
129
|
+
if (seq_num > max_seq_num_) {
|
|
133
130
|
return false;
|
|
134
131
|
}
|
|
135
|
-
uint64_t idx =
|
|
136
|
-
return idx >= kWindowSize ||
|
|
132
|
+
uint64_t idx = max_seq_num_ - seq_num;
|
|
133
|
+
return idx >= kWindowSize || map_[idx];
|
|
137
134
|
}
|
|
138
135
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
// this function on a stale sequence number.
|
|
142
|
-
static void dtls1_bitmap_record(DTLS1_BITMAP *bitmap, uint64_t seq_num) {
|
|
143
|
-
const size_t kWindowSize = bitmap->map.size();
|
|
136
|
+
void DTLSReplayBitmap::Record(uint64_t seq_num) {
|
|
137
|
+
const size_t kWindowSize = map_.size();
|
|
144
138
|
|
|
145
139
|
// Shift the window if necessary.
|
|
146
|
-
if (seq_num >
|
|
147
|
-
uint64_t shift = seq_num -
|
|
140
|
+
if (seq_num > max_seq_num_) {
|
|
141
|
+
uint64_t shift = seq_num - max_seq_num_;
|
|
148
142
|
if (shift >= kWindowSize) {
|
|
149
|
-
|
|
143
|
+
map_.reset();
|
|
150
144
|
} else {
|
|
151
|
-
|
|
145
|
+
map_ <<= shift;
|
|
152
146
|
}
|
|
153
|
-
|
|
147
|
+
max_seq_num_ = seq_num;
|
|
154
148
|
}
|
|
155
149
|
|
|
156
|
-
uint64_t idx =
|
|
150
|
+
uint64_t idx = max_seq_num_ - seq_num;
|
|
157
151
|
if (idx < kWindowSize) {
|
|
158
|
-
|
|
152
|
+
map_[idx] = true;
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
static uint16_t dtls_record_version(const SSL *ssl) {
|
|
157
|
+
if (ssl->s3->version == 0) {
|
|
158
|
+
// Before the version is determined, outgoing records use dTLS 1.0 for
|
|
159
|
+
// historical compatibility requirements.
|
|
160
|
+
return DTLS1_VERSION;
|
|
159
161
|
}
|
|
162
|
+
// DTLS 1.3 freezes the record version at DTLS 1.2. Previous ones use the
|
|
163
|
+
// version itself.
|
|
164
|
+
return ssl_protocol_version(ssl) >= TLS1_3_VERSION ? DTLS1_2_VERSION
|
|
165
|
+
: ssl->s3->version;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
static uint64_t dtls_aead_sequence(const SSL *ssl, DTLSRecordNumber num) {
|
|
169
|
+
// DTLS 1.3 uses the sequence number with the AEAD, while DTLS 1.2 uses the
|
|
170
|
+
// combined value. If the version is not known, the epoch is unencrypted and
|
|
171
|
+
// the value is ignored.
|
|
172
|
+
return (ssl->s3->version != 0 && ssl_protocol_version(ssl) >= TLS1_3_VERSION)
|
|
173
|
+
? num.sequence()
|
|
174
|
+
: num.combined();
|
|
160
175
|
}
|
|
161
176
|
|
|
162
177
|
// reconstruct_epoch finds the largest epoch that ends with the epoch bits from
|
|
@@ -173,135 +188,188 @@ static uint16_t reconstruct_epoch(uint8_t wire_epoch, uint16_t current_epoch) {
|
|
|
173
188
|
|
|
174
189
|
uint64_t reconstruct_seqnum(uint16_t wire_seq, uint64_t seq_mask,
|
|
175
190
|
uint64_t max_valid_seqnum) {
|
|
191
|
+
// Although DTLS 1.3 can support sequence numbers up to 2^64-1, we continue to
|
|
192
|
+
// enforce the DTLS 1.2 2^48-1 limit. With a minimal DTLS 1.3 record header (2
|
|
193
|
+
// bytes), no payload, and 16 byte AEAD overhead, sending 2^48 records would
|
|
194
|
+
// require 5 petabytes. This allows us to continue to pack a DTLS record
|
|
195
|
+
// number into an 8-byte structure.
|
|
196
|
+
assert(max_valid_seqnum <= DTLSRecordNumber::kMaxSequence);
|
|
197
|
+
assert(seq_mask == 0xff || seq_mask == 0xffff);
|
|
198
|
+
|
|
176
199
|
uint64_t max_seqnum_plus_one = max_valid_seqnum + 1;
|
|
177
200
|
uint64_t diff = (wire_seq - max_seqnum_plus_one) & seq_mask;
|
|
178
201
|
uint64_t step = seq_mask + 1;
|
|
202
|
+
// This addition cannot overflow. It is at most 2^48 + seq_mask. It, however,
|
|
203
|
+
// may exceed 2^48-1.
|
|
179
204
|
uint64_t seqnum = max_seqnum_plus_one + diff;
|
|
180
|
-
|
|
181
|
-
// (max_valid_seqnum, 1, and diff). The values 1 and diff are small (relative
|
|
182
|
-
// to the size of a uint64_t), while max_valid_seqnum can span the range of
|
|
183
|
-
// all uint64_t values. If seqnum is less than max_valid_seqnum, then the
|
|
184
|
-
// addition overflowed.
|
|
185
|
-
bool overflowed = seqnum < max_valid_seqnum;
|
|
205
|
+
bool too_large = seqnum > DTLSRecordNumber::kMaxSequence;
|
|
186
206
|
// If the diff is larger than half the step size, then the closest seqnum
|
|
187
207
|
// to max_seqnum_plus_one (in Z_{2^64}) is seqnum minus step instead of
|
|
188
208
|
// seqnum.
|
|
189
209
|
bool closer_is_less = diff > step / 2;
|
|
190
210
|
// Subtracting step from seqnum will cause underflow if seqnum is too small.
|
|
191
211
|
bool would_underflow = seqnum < step;
|
|
192
|
-
if (
|
|
212
|
+
if (too_large || (closer_is_less && !would_underflow)) {
|
|
193
213
|
seqnum -= step;
|
|
194
214
|
}
|
|
215
|
+
assert(seqnum <= DTLSRecordNumber::kMaxSequence);
|
|
195
216
|
return seqnum;
|
|
196
217
|
}
|
|
197
218
|
|
|
198
|
-
static
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
//
|
|
204
|
-
//
|
|
205
|
-
|
|
219
|
+
static Span<uint8_t> cbs_to_writable_bytes(CBS cbs) {
|
|
220
|
+
return MakeSpan(const_cast<uint8_t *>(CBS_data(&cbs)), CBS_len(&cbs));
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
struct ParsedDTLSRecord {
|
|
224
|
+
// read_epoch will be null if the record is for an unrecognized epoch. In that
|
|
225
|
+
// case, |number| may be unset.
|
|
226
|
+
DTLSReadEpoch *read_epoch = nullptr;
|
|
227
|
+
DTLSRecordNumber number;
|
|
228
|
+
CBS header, body;
|
|
229
|
+
uint8_t type = 0;
|
|
230
|
+
uint16_t version = 0;
|
|
231
|
+
};
|
|
232
|
+
|
|
233
|
+
static bool use_dtls13_record_header(const SSL *ssl, uint16_t epoch) {
|
|
234
|
+
// Plaintext records in DTLS 1.3 also use the DTLSPlaintext structure for
|
|
235
|
+
// backwards compatibility.
|
|
236
|
+
return ssl->s3->version != 0 && ssl_protocol_version(ssl) > TLS1_2_VERSION &&
|
|
237
|
+
epoch > 0;
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
static bool parse_dtls13_record(SSL *ssl, CBS *in, ParsedDTLSRecord *out) {
|
|
241
|
+
if (out->type & 0x10) {
|
|
206
242
|
// Connection ID bit set, which we didn't negotiate.
|
|
207
243
|
return false;
|
|
208
244
|
}
|
|
209
245
|
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
*out_epoch = reconstruct_epoch(type, ssl->d1->r_epoch);
|
|
214
|
-
size_t seqlen = 1;
|
|
215
|
-
if ((type & 0x08) == 0x08) {
|
|
216
|
-
// If this bit is set, the sequence number is 16 bits long, otherwise it is
|
|
217
|
-
// 8 bits. The seqlen variable tracks the length of the sequence number in
|
|
218
|
-
// bytes.
|
|
219
|
-
seqlen = 2;
|
|
246
|
+
uint16_t max_epoch = ssl->d1->read_epoch.epoch;
|
|
247
|
+
if (ssl->d1->next_read_epoch != nullptr) {
|
|
248
|
+
max_epoch = std::max(max_epoch, ssl->d1->next_read_epoch->epoch);
|
|
220
249
|
}
|
|
221
|
-
|
|
222
|
-
|
|
250
|
+
uint16_t epoch = reconstruct_epoch(out->type, max_epoch);
|
|
251
|
+
size_t seq_len = (out->type & 0x08) ? 2 : 1;
|
|
252
|
+
CBS seq_bytes;
|
|
253
|
+
if (!CBS_get_bytes(in, &seq_bytes, seq_len)) {
|
|
223
254
|
return false;
|
|
224
255
|
}
|
|
225
|
-
|
|
226
|
-
if ((type & 0x04) == 0x04) {
|
|
227
|
-
*out_header_len += 2;
|
|
256
|
+
if (out->type & 0x04) {
|
|
228
257
|
// 16-bit length present
|
|
229
|
-
if (!CBS_get_u16_length_prefixed(in,
|
|
230
|
-
// The record header was incomplete or malformed.
|
|
258
|
+
if (!CBS_get_u16_length_prefixed(in, &out->body)) {
|
|
231
259
|
return false;
|
|
232
260
|
}
|
|
233
261
|
} else {
|
|
234
262
|
// No length present - the remaining contents are the whole packet.
|
|
235
263
|
// CBS_get_bytes is used here to advance |in| to the end so that future
|
|
236
264
|
// code that computes the number of consumed bytes functions correctly.
|
|
237
|
-
|
|
265
|
+
BSSL_CHECK(CBS_get_bytes(in, &out->body, CBS_len(in)));
|
|
266
|
+
}
|
|
267
|
+
|
|
268
|
+
// Drop the previous read epoch if expired.
|
|
269
|
+
if (ssl->d1->prev_read_epoch != nullptr &&
|
|
270
|
+
ssl_ctx_get_current_time(ssl->ctx.get()).tv_sec >
|
|
271
|
+
ssl->d1->prev_read_epoch->expire) {
|
|
272
|
+
ssl->d1->prev_read_epoch = nullptr;
|
|
273
|
+
}
|
|
274
|
+
|
|
275
|
+
// Look up the corresponding epoch. This header form only matches encrypted
|
|
276
|
+
// DTLS 1.3 epochs.
|
|
277
|
+
DTLSReadEpoch *read_epoch = nullptr;
|
|
278
|
+
if (epoch == ssl->d1->read_epoch.epoch) {
|
|
279
|
+
read_epoch = &ssl->d1->read_epoch;
|
|
280
|
+
} else if (ssl->d1->next_read_epoch != nullptr &&
|
|
281
|
+
epoch == ssl->d1->next_read_epoch->epoch) {
|
|
282
|
+
read_epoch = ssl->d1->next_read_epoch.get();
|
|
283
|
+
} else if (ssl->d1->prev_read_epoch != nullptr &&
|
|
284
|
+
epoch == ssl->d1->prev_read_epoch->epoch.epoch) {
|
|
285
|
+
read_epoch = &ssl->d1->prev_read_epoch->epoch;
|
|
286
|
+
}
|
|
287
|
+
if (read_epoch != nullptr && use_dtls13_record_header(ssl, epoch)) {
|
|
288
|
+
out->read_epoch = read_epoch;
|
|
289
|
+
|
|
290
|
+
// Decrypt and reconstruct the sequence number:
|
|
291
|
+
uint8_t mask[2];
|
|
292
|
+
if (!read_epoch->rn_encrypter->GenerateMask(mask, out->body)) {
|
|
293
|
+
// GenerateMask most likely failed because the record body was not long
|
|
294
|
+
// enough.
|
|
238
295
|
return false;
|
|
239
296
|
}
|
|
297
|
+
// Apply the mask to the sequence number in-place. The header (with the
|
|
298
|
+
// decrypted sequence number bytes) is used as the additional data for the
|
|
299
|
+
// AEAD function.
|
|
300
|
+
auto writable_seq = cbs_to_writable_bytes(seq_bytes);
|
|
301
|
+
uint64_t seq = 0;
|
|
302
|
+
for (size_t i = 0; i < writable_seq.size(); i++) {
|
|
303
|
+
writable_seq[i] ^= mask[i];
|
|
304
|
+
seq = (seq << 8) | writable_seq[i];
|
|
305
|
+
}
|
|
306
|
+
uint64_t full_seq = reconstruct_seqnum(seq, (1 << (seq_len * 8)) - 1,
|
|
307
|
+
read_epoch->bitmap.max_seq_num());
|
|
308
|
+
out->number = DTLSRecordNumber(epoch, full_seq);
|
|
240
309
|
}
|
|
241
310
|
|
|
242
|
-
// Decrypt and reconstruct the sequence number:
|
|
243
|
-
uint8_t mask[AES_BLOCK_SIZE];
|
|
244
|
-
SSLAEADContext *aead = ssl->s3->aead_read_ctx.get();
|
|
245
|
-
if (!aead->GenerateRecordNumberMask(mask, *out_body)) {
|
|
246
|
-
// GenerateRecordNumberMask most likely failed because the record body was
|
|
247
|
-
// not long enough.
|
|
248
|
-
return false;
|
|
249
|
-
}
|
|
250
|
-
// Apply the mask to the sequence number as it exists in the header. The
|
|
251
|
-
// header (with the decrypted sequence number bytes) is used as the
|
|
252
|
-
// additional data for the AEAD function. Since we don't support Connection
|
|
253
|
-
// ID, the sequence number starts immediately after the type byte.
|
|
254
|
-
uint64_t seq = 0;
|
|
255
|
-
for (size_t i = 0; i < seqlen; i++) {
|
|
256
|
-
packet[i + 1] ^= mask[i];
|
|
257
|
-
seq = (seq << 8) | packet[i + 1];
|
|
258
|
-
}
|
|
259
|
-
*out_sequence = reconstruct_seqnum(seq, (1 << (seqlen * 8)) - 1,
|
|
260
|
-
ssl->d1->bitmap.max_seq_num);
|
|
261
311
|
return true;
|
|
262
312
|
}
|
|
263
313
|
|
|
264
|
-
static bool
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
uint8_t sequence_bytes[8];
|
|
270
|
-
if (!CBS_get_u16(in, out_version) ||
|
|
271
|
-
!CBS_copy_bytes(in, sequence_bytes, sizeof(sequence_bytes))) {
|
|
272
|
-
return false;
|
|
273
|
-
}
|
|
274
|
-
*out_header_len = packet_size - CBS_len(in) + 2;
|
|
275
|
-
if (!CBS_get_u16_length_prefixed(in, out_body) ||
|
|
276
|
-
CBS_len(out_body) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
|
|
314
|
+
static bool parse_dtls12_record(SSL *ssl, CBS *in, ParsedDTLSRecord *out) {
|
|
315
|
+
uint64_t epoch_and_seq;
|
|
316
|
+
if (!CBS_get_u16(in, &out->version) || //
|
|
317
|
+
!CBS_get_u64(in, &epoch_and_seq) ||
|
|
318
|
+
!CBS_get_u16_length_prefixed(in, &out->body)) {
|
|
277
319
|
return false;
|
|
278
320
|
}
|
|
321
|
+
out->number = DTLSRecordNumber::FromCombined(epoch_and_seq);
|
|
279
322
|
|
|
323
|
+
uint16_t epoch = out->number.epoch();
|
|
280
324
|
bool version_ok;
|
|
281
|
-
if (
|
|
325
|
+
if (epoch == 0) {
|
|
282
326
|
// Only check the first byte. Enforcing beyond that can prevent decoding
|
|
283
327
|
// version negotiation failure alerts.
|
|
284
|
-
version_ok = (
|
|
328
|
+
version_ok = (out->version >> 8) == DTLS1_VERSION_MAJOR;
|
|
285
329
|
} else {
|
|
286
|
-
version_ok =
|
|
330
|
+
version_ok = out->version == dtls_record_version(ssl);
|
|
287
331
|
}
|
|
288
|
-
|
|
289
332
|
if (!version_ok) {
|
|
290
333
|
return false;
|
|
291
334
|
}
|
|
292
335
|
|
|
293
|
-
|
|
294
|
-
|
|
336
|
+
// Look up the corresponding epoch. In DTLS 1.2, we only need to consider one
|
|
337
|
+
// epoch.
|
|
338
|
+
if (epoch == ssl->d1->read_epoch.epoch &&
|
|
339
|
+
!use_dtls13_record_header(ssl, epoch)) {
|
|
340
|
+
out->read_epoch = &ssl->d1->read_epoch;
|
|
341
|
+
}
|
|
295
342
|
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
343
|
+
return true;
|
|
344
|
+
}
|
|
345
|
+
|
|
346
|
+
static bool parse_dtls_record(SSL *ssl, CBS *cbs, ParsedDTLSRecord *out) {
|
|
347
|
+
CBS copy = *cbs;
|
|
348
|
+
if (!CBS_get_u8(cbs, &out->type)) {
|
|
299
349
|
return false;
|
|
300
350
|
}
|
|
351
|
+
|
|
352
|
+
bool ok;
|
|
353
|
+
if ((out->type & 0xe0) == 0x20) {
|
|
354
|
+
ok = parse_dtls13_record(ssl, cbs, out);
|
|
355
|
+
} else {
|
|
356
|
+
ok = parse_dtls12_record(ssl, cbs, out);
|
|
357
|
+
}
|
|
358
|
+
if (!ok) {
|
|
359
|
+
return false;
|
|
360
|
+
}
|
|
361
|
+
|
|
362
|
+
if (CBS_len(&out->body) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
|
|
363
|
+
return false;
|
|
364
|
+
}
|
|
365
|
+
|
|
366
|
+
size_t header_len = CBS_data(&out->body) - CBS_data(©);
|
|
367
|
+
BSSL_CHECK(CBS_get_bytes(©, &out->header, header_len));
|
|
301
368
|
return true;
|
|
302
369
|
}
|
|
303
370
|
|
|
304
371
|
enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
372
|
+
DTLSRecordNumber *out_number,
|
|
305
373
|
Span<uint8_t> *out,
|
|
306
374
|
size_t *out_consumed,
|
|
307
375
|
uint8_t *out_alert, Span<uint8_t> in) {
|
|
@@ -314,57 +382,31 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
|
314
382
|
return ssl_open_record_partial;
|
|
315
383
|
}
|
|
316
384
|
|
|
317
|
-
CBS cbs
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
size_t record_header_len;
|
|
321
|
-
if (!CBS_get_u8(&cbs, &type)) {
|
|
322
|
-
// The record header was incomplete or malformed. Drop the entire packet.
|
|
323
|
-
*out_consumed = in.size();
|
|
324
|
-
return ssl_open_record_discard;
|
|
325
|
-
}
|
|
326
|
-
SSLAEADContext *aead = ssl->s3->aead_read_ctx.get();
|
|
327
|
-
uint64_t sequence;
|
|
328
|
-
uint16_t epoch;
|
|
329
|
-
uint16_t version = 0;
|
|
330
|
-
CBS body;
|
|
331
|
-
bool valid_record_header;
|
|
332
|
-
// Decode the record header. If the 3 high bits of the type are 001, then the
|
|
333
|
-
// record header is the DTLS 1.3 format. The DTLS 1.3 format should only be
|
|
334
|
-
// used for encrypted records with DTLS 1.3. Plaintext records or DTLS 1.2
|
|
335
|
-
// records use the old record header format.
|
|
336
|
-
if ((type & 0xe0) == 0x20 && !aead->is_null_cipher() &&
|
|
337
|
-
aead->ProtocolVersion() >= TLS1_3_VERSION) {
|
|
338
|
-
valid_record_header = parse_dtls13_record_header(
|
|
339
|
-
ssl, &cbs, in, type, &body, &sequence, &epoch, &record_header_len);
|
|
340
|
-
} else {
|
|
341
|
-
valid_record_header = parse_dtls_plaintext_record_header(
|
|
342
|
-
ssl, &cbs, in.size(), type, &body, &sequence, &epoch,
|
|
343
|
-
&record_header_len, &version);
|
|
344
|
-
}
|
|
345
|
-
if (!valid_record_header) {
|
|
385
|
+
CBS cbs(in);
|
|
386
|
+
ParsedDTLSRecord record;
|
|
387
|
+
if (!parse_dtls_record(ssl, &cbs, &record)) {
|
|
346
388
|
// The record header was incomplete or malformed. Drop the entire packet.
|
|
347
389
|
*out_consumed = in.size();
|
|
348
390
|
return ssl_open_record_discard;
|
|
349
391
|
}
|
|
350
392
|
|
|
351
|
-
|
|
352
|
-
ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, header);
|
|
393
|
+
ssl_do_msg_callback(ssl, 0 /* read */, SSL3_RT_HEADER, record.header);
|
|
353
394
|
|
|
354
|
-
if (
|
|
355
|
-
|
|
356
|
-
// Drop this record. It's from
|
|
357
|
-
//
|
|
395
|
+
if (record.read_epoch == nullptr ||
|
|
396
|
+
record.read_epoch->bitmap.ShouldDiscard(record.number.sequence())) {
|
|
397
|
+
// Drop this record. It's from an unknown epoch or is a replay. Note that if
|
|
398
|
+
// the record is from next epoch, it could be buffered for later. For
|
|
358
399
|
// simplicity, drop it and expect retransmit to handle it later; DTLS must
|
|
359
400
|
// handle packet loss anyway.
|
|
360
401
|
*out_consumed = in.size() - CBS_len(&cbs);
|
|
361
402
|
return ssl_open_record_discard;
|
|
362
403
|
}
|
|
363
404
|
|
|
364
|
-
//
|
|
365
|
-
if (!aead->Open(
|
|
366
|
-
|
|
367
|
-
|
|
405
|
+
// Decrypt the body in-place.
|
|
406
|
+
if (!record.read_epoch->aead->Open(out, record.type, record.version,
|
|
407
|
+
dtls_aead_sequence(ssl, record.number),
|
|
408
|
+
record.header,
|
|
409
|
+
cbs_to_writable_bytes(record.body))) {
|
|
368
410
|
// Bad packets are silently dropped in DTLS. See section 4.2.1 of RFC 6347.
|
|
369
411
|
// Clear the error queue of any errors decryption may have added. Drop the
|
|
370
412
|
// entire packet as it must not have come from the peer.
|
|
@@ -378,8 +420,8 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
|
378
420
|
*out_consumed = in.size() - CBS_len(&cbs);
|
|
379
421
|
|
|
380
422
|
// DTLS 1.3 hides the record type inside the encrypted data.
|
|
381
|
-
bool has_padding =
|
|
382
|
-
|
|
423
|
+
bool has_padding = !record.read_epoch->aead->is_null_cipher() &&
|
|
424
|
+
ssl_protocol_version(ssl) >= TLS1_3_VERSION;
|
|
383
425
|
// Check the plaintext length.
|
|
384
426
|
size_t plaintext_limit = SSL3_RT_MAX_PLAIN_LENGTH + (has_padding ? 1 : 0);
|
|
385
427
|
if (out->size() > plaintext_limit) {
|
|
@@ -395,45 +437,82 @@ enum ssl_open_record_t dtls_open_record(SSL *ssl, uint8_t *out_type,
|
|
|
395
437
|
*out_alert = SSL_AD_DECRYPT_ERROR;
|
|
396
438
|
return ssl_open_record_error;
|
|
397
439
|
}
|
|
398
|
-
type = out->back();
|
|
440
|
+
record.type = out->back();
|
|
399
441
|
*out = out->subspan(0, out->size() - 1);
|
|
400
|
-
} while (type == 0);
|
|
442
|
+
} while (record.type == 0);
|
|
401
443
|
}
|
|
402
444
|
|
|
403
|
-
|
|
445
|
+
record.read_epoch->bitmap.Record(record.number.sequence());
|
|
446
|
+
|
|
447
|
+
// Once we receive a record from the next epoch in DTLS 1.3, it becomes the
|
|
448
|
+
// current epoch. Also save the previous epoch. This allows us to handle
|
|
449
|
+
// packet reordering on KeyUpdate, as well as ACK retransmissions of the
|
|
450
|
+
// Finished flight.
|
|
451
|
+
if (record.read_epoch == ssl->d1->next_read_epoch.get()) {
|
|
452
|
+
assert(ssl_protocol_version(ssl) >= TLS1_3_VERSION);
|
|
453
|
+
auto prev = MakeUnique<DTLSPrevReadEpoch>();
|
|
454
|
+
if (prev == nullptr) {
|
|
455
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
456
|
+
return ssl_open_record_error;
|
|
457
|
+
}
|
|
458
|
+
|
|
459
|
+
// Release the epoch after a timeout.
|
|
460
|
+
prev->expire = ssl_ctx_get_current_time(ssl->ctx.get()).tv_sec;
|
|
461
|
+
if (prev->expire >= UINT64_MAX - DTLS_PREV_READ_EPOCH_EXPIRE_SECONDS) {
|
|
462
|
+
prev->expire = UINT64_MAX; // Saturate on overflow.
|
|
463
|
+
} else {
|
|
464
|
+
prev->expire += DTLS_PREV_READ_EPOCH_EXPIRE_SECONDS;
|
|
465
|
+
}
|
|
466
|
+
|
|
467
|
+
prev->epoch = std::move(ssl->d1->read_epoch);
|
|
468
|
+
ssl->d1->prev_read_epoch = std::move(prev);
|
|
469
|
+
ssl->d1->read_epoch = std::move(*ssl->d1->next_read_epoch);
|
|
470
|
+
ssl->d1->next_read_epoch = nullptr;
|
|
471
|
+
}
|
|
404
472
|
|
|
405
473
|
// TODO(davidben): Limit the number of empty records as in TLS? This is only
|
|
406
474
|
// useful if we also limit discarded packets.
|
|
407
475
|
|
|
408
|
-
if (type == SSL3_RT_ALERT) {
|
|
476
|
+
if (record.type == SSL3_RT_ALERT) {
|
|
409
477
|
return ssl_process_alert(ssl, out_alert, *out);
|
|
410
478
|
}
|
|
411
479
|
|
|
480
|
+
// Reject application data in epochs that do not allow it.
|
|
481
|
+
if (record.type == SSL3_RT_APPLICATION_DATA) {
|
|
482
|
+
bool app_data_allowed;
|
|
483
|
+
if (ssl->s3->version != 0 && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
|
484
|
+
// Application data is allowed in 0-RTT (epoch 1) and after the handshake
|
|
485
|
+
// (3 and up).
|
|
486
|
+
app_data_allowed =
|
|
487
|
+
record.number.epoch() == 1 || record.number.epoch() >= 3;
|
|
488
|
+
} else {
|
|
489
|
+
// Application data is allowed starting epoch 1.
|
|
490
|
+
app_data_allowed = record.number.epoch() >= 1;
|
|
491
|
+
}
|
|
492
|
+
if (!app_data_allowed) {
|
|
493
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD);
|
|
494
|
+
*out_alert = SSL_AD_UNEXPECTED_MESSAGE;
|
|
495
|
+
return ssl_open_record_error;
|
|
496
|
+
}
|
|
497
|
+
}
|
|
498
|
+
|
|
412
499
|
ssl->s3->warning_alert_count = 0;
|
|
413
500
|
|
|
414
|
-
*out_type = type;
|
|
501
|
+
*out_type = record.type;
|
|
502
|
+
*out_number = record.number;
|
|
415
503
|
return ssl_open_record_success;
|
|
416
504
|
}
|
|
417
505
|
|
|
418
|
-
static
|
|
419
|
-
if (epoch ==
|
|
420
|
-
return ssl->d1->
|
|
506
|
+
static DTLSWriteEpoch *get_write_epoch(const SSL *ssl, uint16_t epoch) {
|
|
507
|
+
if (ssl->d1->write_epoch.epoch() == epoch) {
|
|
508
|
+
return &ssl->d1->write_epoch;
|
|
421
509
|
}
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
510
|
+
for (const auto &e : ssl->d1->extra_write_epochs) {
|
|
511
|
+
if (e->epoch() == epoch) {
|
|
512
|
+
return e.get();
|
|
513
|
+
}
|
|
426
514
|
}
|
|
427
|
-
|
|
428
|
-
BSSL_CHECK(epoch == ssl->d1->w_epoch);
|
|
429
|
-
return ssl->s3->aead_write_ctx.get();
|
|
430
|
-
}
|
|
431
|
-
|
|
432
|
-
static bool use_dtls13_record_header(const SSL *ssl, uint16_t epoch) {
|
|
433
|
-
// Plaintext records in DTLS 1.3 also use the DTLSPlaintext structure for
|
|
434
|
-
// backwards compatibility.
|
|
435
|
-
return ssl->s3->have_version && ssl_protocol_version(ssl) > TLS1_2_VERSION &&
|
|
436
|
-
epoch > 0;
|
|
515
|
+
return nullptr;
|
|
437
516
|
}
|
|
438
517
|
|
|
439
518
|
size_t dtls_record_header_write_len(const SSL *ssl, uint16_t epoch) {
|
|
@@ -448,10 +527,13 @@ size_t dtls_record_header_write_len(const SSL *ssl, uint16_t epoch) {
|
|
|
448
527
|
return DTLS1_3_RECORD_HEADER_WRITE_LENGTH;
|
|
449
528
|
}
|
|
450
529
|
|
|
451
|
-
size_t dtls_max_seal_overhead(const SSL *ssl,
|
|
452
|
-
|
|
530
|
+
size_t dtls_max_seal_overhead(const SSL *ssl, uint16_t epoch) {
|
|
531
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
532
|
+
if (write_epoch == nullptr) {
|
|
533
|
+
return 0;
|
|
534
|
+
}
|
|
453
535
|
size_t ret = dtls_record_header_write_len(ssl, epoch) +
|
|
454
|
-
|
|
536
|
+
write_epoch->aead->MaxOverhead();
|
|
455
537
|
if (use_dtls13_record_header(ssl, epoch)) {
|
|
456
538
|
// Add 1 byte for the encrypted record type.
|
|
457
539
|
ret++;
|
|
@@ -460,13 +542,35 @@ size_t dtls_max_seal_overhead(const SSL *ssl,
|
|
|
460
542
|
}
|
|
461
543
|
|
|
462
544
|
size_t dtls_seal_prefix_len(const SSL *ssl, uint16_t epoch) {
|
|
545
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
546
|
+
if (write_epoch == nullptr) {
|
|
547
|
+
return 0;
|
|
548
|
+
}
|
|
463
549
|
return dtls_record_header_write_len(ssl, epoch) +
|
|
464
|
-
|
|
550
|
+
write_epoch->aead->ExplicitNonceLen();
|
|
465
551
|
}
|
|
466
552
|
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
553
|
+
size_t dtls_seal_max_input_len(const SSL *ssl, uint16_t epoch, size_t max_out) {
|
|
554
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
555
|
+
if (write_epoch == nullptr) {
|
|
556
|
+
return 0;
|
|
557
|
+
}
|
|
558
|
+
size_t header_len = dtls_record_header_write_len(ssl, epoch);
|
|
559
|
+
if (max_out <= header_len) {
|
|
560
|
+
return 0;
|
|
561
|
+
}
|
|
562
|
+
max_out -= header_len;
|
|
563
|
+
max_out = write_epoch->aead->MaxSealInputLen(max_out);
|
|
564
|
+
if (max_out > 0 && use_dtls13_record_header(ssl, epoch)) {
|
|
565
|
+
// Remove 1 byte for the encrypted record type.
|
|
566
|
+
max_out--;
|
|
567
|
+
}
|
|
568
|
+
return max_out;
|
|
569
|
+
}
|
|
570
|
+
|
|
571
|
+
bool dtls_seal_record(SSL *ssl, DTLSRecordNumber *out_number, uint8_t *out,
|
|
572
|
+
size_t *out_len, size_t max_out, uint8_t type,
|
|
573
|
+
const uint8_t *in, size_t in_len, uint16_t epoch) {
|
|
470
574
|
const size_t prefix = dtls_seal_prefix_len(ssl, epoch);
|
|
471
575
|
if (buffers_alias(in, in_len, out, max_out) &&
|
|
472
576
|
(max_out < prefix || out + prefix != in)) {
|
|
@@ -475,26 +579,21 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
475
579
|
}
|
|
476
580
|
|
|
477
581
|
// Determine the parameters for the current epoch.
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
582
|
+
DTLSWriteEpoch *write_epoch = get_write_epoch(ssl, epoch);
|
|
583
|
+
if (write_epoch == nullptr) {
|
|
584
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
585
|
+
return false;
|
|
482
586
|
}
|
|
483
|
-
// TODO(crbug.com/boringssl/715): If epoch is initial or handshake, the value
|
|
484
|
-
// of seq is probably wrong for a retransmission.
|
|
485
587
|
|
|
486
588
|
const size_t record_header_len = dtls_record_header_write_len(ssl, epoch);
|
|
487
589
|
|
|
488
590
|
// Ensure the sequence number update does not overflow.
|
|
489
|
-
|
|
490
|
-
if (
|
|
591
|
+
DTLSRecordNumber record_number = write_epoch->next_record;
|
|
592
|
+
if (!record_number.HasNext()) {
|
|
491
593
|
OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
|
|
492
594
|
return false;
|
|
493
595
|
}
|
|
494
596
|
|
|
495
|
-
uint16_t record_version = ssl->s3->aead_write_ctx->RecordVersion();
|
|
496
|
-
uint64_t seq_with_epoch = (uint64_t{epoch} << 48) | *seq;
|
|
497
|
-
|
|
498
597
|
bool dtls13_header = use_dtls13_record_header(ssl, epoch);
|
|
499
598
|
uint8_t *extra_in = NULL;
|
|
500
599
|
size_t extra_in_len = 0;
|
|
@@ -504,7 +603,8 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
504
603
|
}
|
|
505
604
|
|
|
506
605
|
size_t ciphertext_len;
|
|
507
|
-
if (!aead->CiphertextLen(&ciphertext_len, in_len,
|
|
606
|
+
if (!write_epoch->aead->CiphertextLen(&ciphertext_len, in_len,
|
|
607
|
+
extra_in_len)) {
|
|
508
608
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RECORD_TOO_LARGE);
|
|
509
609
|
return false;
|
|
510
610
|
}
|
|
@@ -513,6 +613,7 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
513
613
|
return false;
|
|
514
614
|
}
|
|
515
615
|
|
|
616
|
+
uint16_t record_version = dtls_record_version(ssl);
|
|
516
617
|
if (dtls13_header) {
|
|
517
618
|
// The first byte of the DTLS 1.3 record header has the following format:
|
|
518
619
|
// 0 1 2 3 4 5 6 7
|
|
@@ -528,27 +629,26 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
528
629
|
// |0|0|1|0|1|1|E E|
|
|
529
630
|
// +-+-+-+-+-+-+-+-+
|
|
530
631
|
out[0] = 0x2c | (epoch & 0x3);
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
out
|
|
535
|
-
//
|
|
536
|
-
|
|
632
|
+
// We always use a two-byte sequence number. A one-byte sequence number
|
|
633
|
+
// would require coordinating with the application on ACK feedback to know
|
|
634
|
+
// that the peer is not too far behind.
|
|
635
|
+
CRYPTO_store_u16_be(out + 1, write_epoch->next_record.sequence());
|
|
636
|
+
// TODO(crbug.com/42290594): When we know the record is last in the packet,
|
|
637
|
+
// omit the length.
|
|
638
|
+
CRYPTO_store_u16_be(out + 3, ciphertext_len);
|
|
537
639
|
} else {
|
|
538
640
|
out[0] = type;
|
|
539
|
-
out
|
|
540
|
-
out
|
|
541
|
-
|
|
542
|
-
out[11] = ciphertext_len >> 8;
|
|
543
|
-
out[12] = ciphertext_len & 0xff;
|
|
641
|
+
CRYPTO_store_u16_be(out + 1, record_version);
|
|
642
|
+
CRYPTO_store_u64_be(out + 3, record_number.combined());
|
|
643
|
+
CRYPTO_store_u16_be(out + 11, ciphertext_len);
|
|
544
644
|
}
|
|
545
645
|
Span<const uint8_t> header = MakeConstSpan(out, record_header_len);
|
|
546
646
|
|
|
547
647
|
|
|
548
|
-
if (!aead->SealScatter(
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
648
|
+
if (!write_epoch->aead->SealScatter(
|
|
649
|
+
out + record_header_len, out + prefix, out + prefix + in_len, type,
|
|
650
|
+
record_version, dtls_aead_sequence(ssl, record_number), header, in,
|
|
651
|
+
in_len, extra_in, extra_in_len)) {
|
|
552
652
|
return false;
|
|
553
653
|
}
|
|
554
654
|
|
|
@@ -560,18 +660,16 @@ bool dtls_seal_record(SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out,
|
|
|
560
660
|
// it needs (and error if |sample| is too short).
|
|
561
661
|
Span<const uint8_t> sample =
|
|
562
662
|
MakeConstSpan(out + record_header_len, ciphertext_len);
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
// first two bytes from the mask.
|
|
566
|
-
uint8_t mask[AES_BLOCK_SIZE];
|
|
567
|
-
if (!aead->GenerateRecordNumberMask(mask, sample)) {
|
|
663
|
+
uint8_t mask[2];
|
|
664
|
+
if (!write_epoch->rn_encrypter->GenerateMask(mask, sample)) {
|
|
568
665
|
return false;
|
|
569
666
|
}
|
|
570
667
|
out[1] ^= mask[0];
|
|
571
668
|
out[2] ^= mask[1];
|
|
572
669
|
}
|
|
573
670
|
|
|
574
|
-
|
|
671
|
+
*out_number = record_number;
|
|
672
|
+
write_epoch->next_record = record_number.Next();
|
|
575
673
|
*out_len = record_header_len + ciphertext_len;
|
|
576
674
|
ssl_do_msg_callback(ssl, 1 /* write */, SSL3_RT_HEADER, header);
|
|
577
675
|
return true;
|