grpc 1.0.1 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +3696 -867
- data/etc/roots.pem +39 -111
- data/include/grpc/byte_buffer.h +64 -1
- data/include/grpc/census.h +40 -96
- data/include/grpc/compression.h +2 -1
- data/include/grpc/grpc.h +42 -7
- data/include/grpc/grpc_posix.h +8 -5
- data/include/grpc/impl/codegen/atm.h +3 -0
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
- data/include/grpc/impl/codegen/atm_gcc_sync.h +8 -0
- data/include/grpc/impl/codegen/atm_windows.h +4 -0
- data/include/grpc/impl/codegen/byte_buffer_reader.h +4 -4
- data/include/grpc/impl/codegen/compression_types.h +1 -1
- data/include/grpc/impl/codegen/connectivity_state.h +2 -0
- data/include/grpc/impl/codegen/exec_ctx_fwd.h +41 -0
- data/include/grpc/impl/codegen/gpr_slice.h +84 -0
- data/include/grpc/impl/codegen/{alloc.h → gpr_types.h} +30 -29
- data/include/grpc/impl/codegen/grpc_types.h +91 -9
- data/include/grpc/impl/codegen/port_platform.h +25 -92
- data/include/grpc/impl/codegen/slice.h +54 -97
- data/include/grpc/impl/codegen/sync.h +0 -253
- data/include/grpc/module.modulemap +0 -2
- data/include/grpc/slice.h +132 -0
- data/include/grpc/{impl/codegen/slice_buffer.h → slice_buffer.h} +22 -39
- data/include/grpc/support/alloc.h +40 -1
- data/include/grpc/support/log.h +80 -1
- data/include/grpc/support/log_windows.h +2 -0
- data/include/grpc/support/string_util.h +1 -1
- data/include/grpc/support/sync.h +252 -0
- data/include/grpc/support/time.h +67 -1
- data/src/boringssl/err_data.c +639 -627
- data/src/core/ext/census/base_resources.c +71 -0
- data/src/core/ext/census/base_resources.h +39 -0
- data/src/core/ext/census/gen/census.pb.c +26 -29
- data/src/core/ext/census/gen/census.pb.h +68 -67
- data/src/core/ext/census/gen/trace_context.pb.c +81 -0
- data/src/core/ext/census/gen/trace_context.pb.h +99 -0
- data/src/core/ext/census/grpc_filter.c +22 -16
- data/src/core/ext/census/grpc_plugin.c +2 -1
- data/src/core/ext/census/initialize.c +16 -4
- data/src/core/ext/census/mlog.h +1 -1
- data/src/core/ext/census/placeholders.c +0 -45
- data/src/core/ext/census/resource.c +312 -0
- data/src/core/ext/census/resource.h +63 -0
- data/src/core/ext/census/trace_context.c +86 -0
- data/src/core/ext/census/trace_context.h +68 -0
- data/src/core/ext/census/tracing.c +8 -2
- data/src/core/ext/{client_config → client_channel}/channel_connectivity.c +8 -4
- data/src/core/ext/client_channel/client_channel.c +1218 -0
- data/src/core/ext/{client_config → client_channel}/client_channel.h +8 -11
- data/src/core/ext/{client_config → client_channel}/client_channel_factory.c +33 -3
- data/src/core/ext/{client_config → client_channel}/client_channel_factory.h +15 -8
- data/src/core/ext/{client_config/client_config_plugin.c → client_channel/client_channel_plugin.c} +16 -15
- data/src/core/ext/{client_config → client_channel}/connector.c +1 -1
- data/src/core/ext/{client_config → client_channel}/connector.h +5 -8
- data/{include/grpc/support/slice_buffer.h → src/core/ext/client_channel/default_initial_connect_string.c} +4 -5
- data/src/core/ext/client_channel/http_connect_handshaker.c +399 -0
- data/src/core/ext/client_channel/http_connect_handshaker.h +52 -0
- data/src/core/ext/{client_config → client_channel}/initial_connect_string.c +6 -7
- data/src/core/ext/{client_config → client_channel}/initial_connect_string.h +10 -10
- data/src/core/ext/{client_config → client_channel}/lb_policy.c +11 -11
- data/src/core/ext/{client_config → client_channel}/lb_policy.h +68 -27
- data/src/core/ext/client_channel/lb_policy_factory.c +163 -0
- data/src/core/ext/{client_config → client_channel}/lb_policy_factory.h +64 -9
- data/src/core/ext/{client_config → client_channel}/lb_policy_registry.c +6 -4
- data/src/core/ext/{client_config → client_channel}/lb_policy_registry.h +4 -4
- data/src/core/ext/{client_config → client_channel}/parse_address.c +21 -14
- data/src/core/ext/{client_config → client_channel}/parse_address.h +8 -10
- data/src/core/ext/{client_config → client_channel}/resolver.c +3 -4
- data/src/core/ext/{client_config → client_channel}/resolver.h +11 -15
- data/src/core/ext/{client_config → client_channel}/resolver_factory.c +4 -3
- data/src/core/ext/{client_config → client_channel}/resolver_factory.h +13 -11
- data/src/core/ext/{client_config → client_channel}/resolver_registry.c +54 -34
- data/src/core/ext/{client_config → client_channel}/resolver_registry.h +21 -8
- data/src/core/ext/{client_config → client_channel}/subchannel.c +208 -119
- data/src/core/ext/{client_config → client_channel}/subchannel.h +21 -11
- data/src/core/ext/{client_config → client_channel}/subchannel_index.c +6 -17
- data/src/core/ext/{client_config → client_channel}/subchannel_index.h +7 -7
- data/src/core/ext/{client_config → client_channel}/uri_parser.c +21 -28
- data/src/core/ext/{client_config → client_channel}/uri_parser.h +3 -3
- data/src/core/ext/lb_policy/grpclb/grpclb.c +1406 -0
- data/src/core/ext/lb_policy/grpclb/grpclb.h +44 -0
- data/src/core/ext/lb_policy/grpclb/load_balancer_api.c +117 -37
- data/src/core/ext/lb_policy/grpclb/load_balancer_api.h +31 -12
- data/src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +6 -36
- data/src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +22 -42
- data/src/core/ext/lb_policy/pick_first/pick_first.c +64 -46
- data/src/core/ext/lb_policy/round_robin/round_robin.c +324 -160
- data/src/core/ext/load_reporting/load_reporting.c +7 -56
- data/src/core/ext/load_reporting/load_reporting.h +41 -28
- data/src/core/ext/load_reporting/load_reporting_filter.c +132 -42
- data/src/core/ext/load_reporting/load_reporting_filter.h +1 -0
- data/src/core/ext/resolver/dns/native/dns_resolver.c +88 -80
- data/src/core/ext/resolver/sockaddr/sockaddr_resolver.c +57 -102
- data/src/core/ext/transport/chttp2/alpn/alpn.c +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.c +253 -0
- data/src/core/{lib/iomgr/ev_poll_and_epoll_posix.h → ext/transport/chttp2/client/chttp2_connector.h} +5 -5
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +31 -160
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +5 -5
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +44 -243
- data/src/core/ext/transport/chttp2/server/chttp2_server.c +342 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +47 -0
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +11 -124
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +20 -9
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +28 -236
- data/src/core/ext/transport/chttp2/transport/bin_decoder.c +31 -27
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +5 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.c +25 -22
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +8 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +0 -3
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +1345 -1521
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -1
- data/src/core/ext/transport/chttp2/transport/frame.h +3 -5
- data/src/core/ext/transport/chttp2/transport/frame_data.c +50 -47
- data/src/core/ext/transport/chttp2/transport/frame_data.h +8 -9
- data/src/core/ext/transport/chttp2/transport/frame_goaway.c +19 -21
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +9 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.c +13 -12
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +31 -19
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +8 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.c +22 -25
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +9 -8
- data/src/core/ext/transport/chttp2/transport/frame_window_update.c +26 -18
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +68 -58
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +8 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser.c +327 -214
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +14 -9
- data/src/core/ext/transport/chttp2/transport/hpack_table.c +24 -19
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +9 -6
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +1 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +284 -436
- data/src/core/ext/transport/chttp2/transport/parsing.c +355 -590
- data/src/core/ext/transport/chttp2/transport/stream_lists.c +36 -309
- data/src/core/ext/transport/chttp2/transport/stream_map.c +13 -34
- data/src/core/ext/transport/chttp2/transport/stream_map.h +3 -4
- data/src/core/ext/transport/chttp2/transport/writing.c +174 -286
- data/src/core/lib/channel/channel_args.c +70 -13
- data/src/core/lib/channel/channel_args.h +28 -2
- data/src/core/lib/channel/channel_stack.c +77 -28
- data/src/core/lib/channel/channel_stack.h +61 -23
- data/src/core/lib/channel/channel_stack_builder.c +33 -25
- data/src/core/lib/channel/channel_stack_builder.h +17 -8
- data/src/core/lib/channel/compress_filter.c +52 -36
- data/src/core/lib/channel/connected_channel.c +20 -12
- data/src/core/lib/channel/connected_channel.h +2 -1
- data/src/core/lib/channel/context.h +13 -1
- data/src/core/lib/channel/deadline_filter.c +344 -0
- data/src/core/lib/channel/deadline_filter.h +99 -0
- data/src/core/lib/channel/handshaker.c +240 -0
- data/src/core/lib/channel/handshaker.h +164 -0
- data/src/core/lib/{security/credentials/google_default/credentials_windows.c → channel/handshaker_factory.c} +16 -23
- data/src/core/lib/channel/handshaker_factory.h +66 -0
- data/src/core/lib/channel/handshaker_registry.c +113 -0
- data/src/core/{ext/client_config/client_config.h → lib/channel/handshaker_registry.h} +26 -16
- data/src/core/lib/channel/http_client_filter.c +248 -46
- data/src/core/lib/channel/http_client_filter.h +3 -0
- data/src/core/lib/channel/http_server_filter.c +136 -24
- data/src/core/lib/channel/message_size_filter.c +261 -0
- data/src/core/lib/channel/message_size_filter.h +39 -0
- data/src/core/lib/compression/message_compress.c +43 -37
- data/src/core/lib/compression/message_compress.h +7 -5
- data/src/core/lib/http/format_request.c +26 -11
- data/src/core/lib/http/format_request.h +7 -5
- data/src/core/lib/http/httpcli.c +45 -27
- data/src/core/lib/http/httpcli.h +4 -4
- data/src/core/lib/http/httpcli_security_connector.c +56 -46
- data/src/core/lib/http/parser.c +17 -14
- data/src/core/lib/http/parser.h +4 -2
- data/src/core/lib/iomgr/closure.c +49 -7
- data/src/core/lib/iomgr/closure.h +56 -14
- data/src/core/lib/iomgr/combiner.c +422 -0
- data/src/core/lib/iomgr/combiner.h +64 -0
- data/src/core/lib/iomgr/endpoint.c +8 -2
- data/src/core/lib/iomgr/endpoint.h +17 -7
- data/src/core/lib/iomgr/endpoint_pair.h +3 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.c +9 -8
- data/src/core/{ext/client_config/lb_policy_factory.c → lib/iomgr/endpoint_pair_uv.c} +18 -13
- data/src/core/lib/iomgr/endpoint_pair_windows.c +7 -6
- data/src/core/lib/iomgr/error.c +72 -6
- data/src/core/lib/iomgr/error.h +30 -3
- data/src/core/lib/iomgr/ev_epoll_linux.c +500 -382
- data/src/core/lib/iomgr/ev_epoll_linux.h +3 -2
- data/src/core/lib/iomgr/ev_poll_posix.c +317 -30
- data/src/core/lib/iomgr/ev_poll_posix.h +1 -0
- data/src/core/lib/iomgr/ev_posix.c +26 -5
- data/src/core/lib/iomgr/ev_posix.h +12 -1
- data/src/core/lib/iomgr/exec_ctx.c +27 -94
- data/src/core/lib/iomgr/exec_ctx.h +19 -22
- data/src/core/lib/iomgr/executor.c +29 -8
- data/src/core/lib/iomgr/executor.h +2 -4
- data/src/core/lib/iomgr/iocp_windows.c +3 -4
- data/src/core/lib/iomgr/iomgr.c +14 -10
- data/src/core/lib/iomgr/iomgr.h +6 -2
- data/src/core/lib/iomgr/iomgr_posix.c +2 -2
- data/src/core/lib/iomgr/iomgr_uv.c +49 -0
- data/src/core/lib/iomgr/iomgr_windows.c +2 -2
- data/src/core/lib/iomgr/load_file.c +3 -3
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/network_status_tracker.c +1 -1
- data/src/core/lib/iomgr/pollset_set_uv.c +62 -0
- data/src/core/lib/iomgr/pollset_set_windows.c +3 -3
- data/src/core/lib/iomgr/pollset_uv.c +142 -0
- data/src/core/lib/iomgr/pollset_uv.h +42 -0
- data/src/core/lib/iomgr/pollset_windows.c +5 -6
- data/src/core/lib/iomgr/port.h +129 -0
- data/src/core/lib/iomgr/resolve_address.h +2 -1
- data/src/core/lib/iomgr/resolve_address_posix.c +14 -13
- data/src/core/lib/iomgr/resolve_address_uv.c +233 -0
- data/src/core/lib/iomgr/resolve_address_windows.c +14 -12
- data/src/core/lib/iomgr/resource_quota.c +832 -0
- data/src/core/lib/iomgr/resource_quota.h +159 -0
- data/src/core/lib/iomgr/sockaddr.h +10 -2
- data/src/core/lib/iomgr/sockaddr_utils.c +63 -36
- data/src/core/lib/iomgr/sockaddr_utils.h +14 -14
- data/src/core/lib/iomgr/socket_mutator.c +98 -0
- data/src/core/lib/iomgr/socket_mutator.h +80 -0
- data/src/core/lib/iomgr/socket_utils.h +42 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.c +28 -13
- data/src/core/lib/iomgr/socket_utils_linux.c +11 -5
- data/src/core/lib/iomgr/socket_utils_posix.c +10 -7
- data/src/core/lib/iomgr/socket_utils_posix.h +11 -4
- data/src/core/lib/iomgr/socket_utils_uv.c +49 -0
- data/src/core/lib/iomgr/socket_utils_windows.c +52 -0
- data/src/core/lib/iomgr/socket_windows.c +14 -6
- data/src/core/lib/iomgr/socket_windows.h +1 -0
- data/src/core/lib/iomgr/tcp_client.h +8 -2
- data/src/core/lib/iomgr/tcp_client_posix.c +131 -82
- data/src/core/lib/iomgr/tcp_client_posix.h +45 -0
- data/src/core/lib/iomgr/tcp_client_uv.c +190 -0
- data/src/core/lib/iomgr/tcp_client_windows.c +54 -30
- data/src/core/lib/iomgr/tcp_posix.c +135 -56
- data/src/core/lib/iomgr/tcp_posix.h +2 -2
- data/src/core/lib/iomgr/tcp_server.h +14 -6
- data/src/core/lib/iomgr/tcp_server_posix.c +154 -118
- data/src/core/lib/iomgr/tcp_server_uv.c +388 -0
- data/src/core/lib/iomgr/tcp_server_windows.c +127 -100
- data/src/core/lib/iomgr/tcp_uv.c +367 -0
- data/src/core/lib/iomgr/tcp_uv.h +59 -0
- data/src/core/lib/iomgr/tcp_windows.c +65 -48
- data/src/core/lib/iomgr/tcp_windows.h +3 -1
- data/src/core/lib/iomgr/timer.h +21 -21
- data/src/core/lib/iomgr/{timer.c → timer_generic.c} +15 -10
- data/src/core/lib/iomgr/timer_generic.h +49 -0
- data/src/core/lib/iomgr/timer_heap.c +6 -0
- data/src/core/lib/iomgr/timer_uv.c +99 -0
- data/src/core/lib/iomgr/timer_uv.h +47 -0
- data/src/core/lib/iomgr/udp_server.c +116 -98
- data/src/core/lib/iomgr/udp_server.h +5 -3
- data/src/core/lib/iomgr/unix_sockets_posix.c +14 -6
- data/src/core/lib/iomgr/unix_sockets_posix.h +6 -5
- data/src/core/lib/iomgr/unix_sockets_posix_noop.c +4 -4
- data/src/core/lib/iomgr/wakeup_fd_cv.c +118 -0
- data/src/core/lib/iomgr/wakeup_fd_cv.h +80 -0
- data/src/core/lib/iomgr/wakeup_fd_eventfd.c +3 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.c +3 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.c +12 -6
- data/src/core/lib/iomgr/wakeup_fd_posix.c +34 -5
- data/src/core/lib/iomgr/wakeup_fd_posix.h +5 -0
- data/src/core/lib/iomgr/workqueue.h +12 -20
- data/src/core/{ext/client_config/client_config.c → lib/iomgr/workqueue_uv.c} +24 -33
- data/{include/grpc/support/slice.h → src/core/lib/iomgr/workqueue_uv.h} +4 -6
- data/src/core/lib/iomgr/workqueue_windows.c +9 -8
- data/src/core/lib/json/json.c +3 -3
- data/src/core/lib/json/json.h +11 -11
- data/src/core/lib/json/json_reader.c +9 -5
- data/src/core/lib/profiling/basic_timers.c +10 -1
- data/src/core/lib/profiling/timers.h +2 -0
- data/src/core/lib/security/context/security_context.c +13 -3
- data/src/core/lib/security/context/security_context.h +20 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.c +28 -14
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.c +48 -19
- data/src/core/lib/security/credentials/credentials.h +36 -19
- data/src/core/lib/security/credentials/credentials_metadata.c +11 -8
- data/src/core/lib/security/credentials/fake/fake_credentials.c +15 -11
- data/src/core/lib/security/credentials/google_default/{credentials_posix.c → credentials_generic.c} +7 -14
- data/src/core/lib/security/credentials/google_default/google_default_credentials.c +33 -21
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +14 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.c +3 -2
- data/src/core/lib/security/credentials/jwt/json_token.c +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.h +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.c +54 -19
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.c +129 -79
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +9 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +63 -28
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/plugin/plugin_credentials.c +32 -11
- data/src/core/lib/security/credentials/ssl/ssl_credentials.c +13 -9
- data/src/core/lib/security/transport/client_auth_filter.c +33 -27
- data/src/core/lib/security/transport/secure_endpoint.c +93 -68
- data/src/core/lib/security/transport/secure_endpoint.h +2 -2
- data/src/core/lib/security/transport/security_connector.c +133 -168
- data/src/core/lib/security/transport/security_connector.h +31 -46
- data/src/core/lib/security/transport/security_handshaker.c +501 -0
- data/src/core/lib/security/transport/{handshake.h → security_handshaker.h} +10 -10
- data/src/core/lib/security/transport/server_auth_filter.c +50 -38
- data/src/core/lib/security/util/b64.c +11 -8
- data/src/core/lib/security/util/b64.h +5 -4
- data/src/core/lib/slice/percent_encoding.c +182 -0
- data/src/core/lib/slice/percent_encoding.h +78 -0
- data/src/core/lib/{support → slice}/slice.c +81 -50
- data/src/core/lib/{support → slice}/slice_buffer.c +78 -60
- data/src/core/lib/slice/slice_internal.h +49 -0
- data/src/core/lib/slice/slice_string_helpers.c +90 -0
- data/src/core/lib/{iomgr/workqueue_posix.h → slice/slice_string_helpers.h} +18 -18
- data/src/core/lib/support/backoff.c +24 -13
- data/src/core/lib/support/backoff.h +5 -2
- data/src/core/lib/support/env.h +0 -2
- data/src/core/lib/support/log.c +5 -4
- data/src/core/lib/support/log_linux.c +0 -1
- data/src/core/lib/support/log_posix.c +1 -1
- data/src/core/lib/support/mpscq.c +83 -0
- data/src/core/lib/support/mpscq.h +65 -0
- data/src/core/lib/support/string.c +58 -49
- data/src/core/lib/support/string.h +11 -8
- data/src/core/lib/support/subprocess_posix.c +5 -2
- data/src/core/lib/support/thd.c +1 -1
- data/src/core/lib/support/time.c +43 -79
- data/src/core/lib/support/time_posix.c +1 -1
- data/src/core/lib/support/tmpfile.h +0 -2
- data/src/core/lib/surface/alarm.c +4 -1
- data/src/core/lib/surface/byte_buffer.c +17 -11
- data/src/core/lib/surface/byte_buffer_reader.c +23 -15
- data/src/core/lib/surface/call.c +294 -276
- data/src/core/lib/surface/call.h +24 -9
- data/src/core/lib/surface/call_log_batch.c +5 -3
- data/src/core/lib/surface/channel.c +127 -111
- data/src/core/lib/surface/channel.h +14 -5
- data/src/core/lib/surface/channel_init.c +1 -1
- data/src/core/lib/surface/channel_init.h +10 -1
- data/src/core/lib/surface/channel_ping.c +7 -6
- data/src/core/lib/surface/completion_queue.c +154 -18
- data/src/core/lib/surface/completion_queue.h +5 -0
- data/src/core/lib/surface/init.c +40 -6
- data/src/core/lib/surface/init.h +1 -0
- data/src/core/lib/surface/init_secure.c +5 -2
- data/src/core/lib/surface/lame_client.c +28 -18
- data/src/core/lib/surface/server.c +134 -87
- data/src/core/lib/surface/server.h +8 -0
- data/src/core/lib/surface/validate_metadata.c +1 -1
- data/src/core/lib/surface/version.c +3 -1
- data/src/core/lib/transport/byte_stream.c +7 -4
- data/src/core/lib/transport/byte_stream.h +6 -10
- data/src/core/lib/transport/connectivity_state.c +21 -12
- data/src/core/lib/transport/connectivity_state.h +4 -1
- data/src/core/lib/transport/mdstr_hash_table.c +118 -0
- data/src/core/lib/transport/mdstr_hash_table.h +77 -0
- data/src/core/lib/transport/metadata.c +83 -60
- data/src/core/lib/transport/metadata.h +41 -23
- data/src/core/lib/transport/metadata_batch.c +17 -11
- data/src/core/lib/transport/metadata_batch.h +20 -6
- data/src/core/lib/transport/pid_controller.c +57 -0
- data/src/core/lib/transport/pid_controller.h +64 -0
- data/src/core/lib/transport/service_config.c +251 -0
- data/src/core/lib/transport/service_config.h +71 -0
- data/src/core/lib/transport/static_metadata.c +18 -16
- data/src/core/lib/transport/static_metadata.h +113 -107
- data/src/core/{ext/transport/chttp2 → lib}/transport/timeout_encoding.c +3 -3
- data/src/core/{ext/transport/chttp2 → lib}/transport/timeout_encoding.h +7 -7
- data/src/core/lib/transport/transport.c +84 -23
- data/src/core/lib/transport/transport.h +53 -8
- data/src/core/lib/transport/transport_impl.h +3 -0
- data/src/core/lib/transport/transport_op_string.c +92 -20
- data/src/core/lib/tsi/ssl_transport_security.c +3 -1
- data/src/core/plugin_registry/grpc_plugin_registry.c +8 -4
- data/src/ruby/ext/grpc/extconf.rb +0 -1
- data/src/ruby/ext/grpc/rb_byte_buffer.c +8 -7
- data/src/ruby/ext/grpc/rb_call.c +15 -5
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/ext/grpc/rb_compression_options.c +466 -0
- data/src/{core/ext/client_config/default_initial_connect_string.c → ruby/ext/grpc/rb_compression_options.h} +10 -5
- data/src/ruby/ext/grpc/rb_grpc.c +3 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +198 -190
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +306 -294
- data/src/ruby/ext/grpc/rb_server.c +18 -12
- data/src/ruby/lib/grpc/errors.rb +154 -2
- data/src/ruby/lib/grpc/generic/active_call.rb +144 -63
- data/src/ruby/lib/grpc/generic/bidi_call.rb +18 -2
- data/src/ruby/lib/grpc/generic/client_stub.rb +7 -5
- data/src/ruby/lib/grpc/generic/rpc_desc.rb +39 -13
- data/src/ruby/lib/grpc/generic/rpc_server.rb +51 -24
- data/src/ruby/lib/grpc/generic/service.rb +3 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/checker.rb +3 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +7 -0
- data/src/ruby/pb/test/client.rb +307 -7
- data/src/ruby/pb/test/server.rb +26 -1
- data/src/ruby/spec/compression_options_spec.rb +164 -0
- data/src/ruby/spec/error_sanity_spec.rb +64 -0
- data/src/ruby/spec/generic/active_call_spec.rb +290 -12
- data/src/ruby/spec/generic/client_stub_spec.rb +91 -41
- data/src/ruby/spec/generic/rpc_desc_spec.rb +36 -16
- data/src/ruby/spec/generic/rpc_server_pool_spec.rb +22 -28
- data/src/ruby/spec/generic/rpc_server_spec.rb +6 -6
- data/src/ruby/spec/pb/health/checker_spec.rb +27 -19
- data/src/ruby/spec/spec_helper.rb +2 -0
- data/third_party/boringssl/crypto/aes/aes.c +12 -12
- data/third_party/boringssl/crypto/aes/mode_wrappers.c +6 -2
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +28 -13
- data/third_party/boringssl/crypto/asn1/a_gentm.c +2 -0
- data/third_party/boringssl/crypto/asn1/a_object.c +7 -3
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/a_time.c +0 -11
- data/third_party/boringssl/crypto/asn1/a_type.c +0 -2
- data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -30
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +56 -76
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +0 -10
- data/third_party/boringssl/crypto/asn1/asn1_par.c +0 -322
- data/third_party/boringssl/crypto/asn1/f_enum.c +1 -108
- data/third_party/boringssl/crypto/asn1/f_int.c +1 -106
- data/third_party/boringssl/crypto/asn1/f_string.c +1 -106
- data/third_party/boringssl/crypto/asn1/tasn_dec.c +10 -14
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +17 -11
- data/third_party/boringssl/crypto/asn1/tasn_typ.c +29 -42
- data/third_party/boringssl/crypto/asn1/tasn_utl.c +1 -1
- data/third_party/boringssl/crypto/base64/base64.c +249 -285
- data/third_party/boringssl/crypto/bio/bio.c +13 -23
- data/third_party/boringssl/crypto/bio/bio_mem.c +3 -2
- data/third_party/boringssl/crypto/bio/connect.c +12 -3
- data/third_party/boringssl/crypto/bio/fd.c +22 -15
- data/third_party/boringssl/crypto/bio/file.c +2 -38
- data/third_party/boringssl/crypto/bio/hexdump.c +1 -2
- data/third_party/boringssl/crypto/bio/internal.h +3 -0
- data/third_party/boringssl/crypto/bio/pair.c +1 -1
- data/third_party/boringssl/crypto/bio/socket.c +10 -2
- data/third_party/boringssl/crypto/bio/socket_helper.c +2 -2
- data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +0 -8
- data/third_party/boringssl/crypto/bn/bn.c +38 -0
- data/third_party/boringssl/crypto/bn/cmp.c +25 -0
- data/third_party/boringssl/crypto/bn/convert.c +73 -76
- data/third_party/boringssl/crypto/bn/div.c +136 -70
- data/third_party/boringssl/crypto/bn/exponentiation.c +86 -381
- data/third_party/boringssl/crypto/bn/gcd.c +213 -296
- data/third_party/boringssl/crypto/bn/generic.c +0 -80
- data/third_party/boringssl/crypto/bn/internal.h +15 -3
- data/third_party/boringssl/crypto/bn/montgomery.c +57 -207
- data/third_party/boringssl/crypto/bn/montgomery_inv.c +160 -0
- data/third_party/boringssl/crypto/bn/mul.c +2 -1
- data/third_party/boringssl/crypto/bn/prime.c +24 -8
- data/third_party/boringssl/crypto/bn/random.c +47 -33
- data/third_party/boringssl/crypto/bn/sqrt.c +4 -5
- data/third_party/boringssl/crypto/buf/buf.c +25 -21
- data/third_party/boringssl/crypto/bytestring/ber.c +1 -0
- data/third_party/boringssl/crypto/bytestring/cbb.c +50 -22
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -4
- data/third_party/boringssl/crypto/chacha/{chacha_generic.c → chacha.c} +56 -29
- data/third_party/boringssl/crypto/cipher/aead.c +11 -22
- data/third_party/boringssl/crypto/cipher/cipher.c +2 -2
- data/third_party/boringssl/crypto/cipher/e_aes.c +53 -103
- data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +2 -8
- data/third_party/boringssl/crypto/cipher/e_des.c +3 -5
- data/third_party/boringssl/crypto/cipher/e_null.c +1 -1
- data/third_party/boringssl/crypto/cipher/e_rc2.c +1 -1
- data/third_party/boringssl/crypto/cipher/e_rc4.c +1 -1
- data/third_party/boringssl/crypto/cipher/e_ssl3.c +3 -63
- data/third_party/boringssl/crypto/cipher/e_tls.c +12 -83
- data/third_party/boringssl/crypto/cipher/internal.h +8 -10
- data/third_party/boringssl/crypto/cipher/tls_cbc.c +69 -40
- data/third_party/boringssl/crypto/conf/conf.c +2 -1
- data/third_party/boringssl/crypto/cpu-aarch64-linux.c +61 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +360 -0
- data/third_party/boringssl/crypto/cpu-arm.c +0 -161
- data/third_party/boringssl/crypto/cpu-intel.c +5 -3
- data/third_party/boringssl/{ssl/test/scoped_types.h → crypto/cpu-ppc64le.c} +21 -9
- data/third_party/boringssl/crypto/crypto.c +29 -7
- data/third_party/boringssl/crypto/curve25519/curve25519.c +284 -242
- data/third_party/boringssl/crypto/curve25519/internal.h +64 -0
- data/third_party/boringssl/crypto/curve25519/spake25519.c +464 -0
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +21 -0
- data/third_party/boringssl/crypto/dh/check.c +22 -6
- data/third_party/boringssl/crypto/dh/dh.c +45 -21
- data/third_party/boringssl/crypto/dh/dh_asn1.c +96 -20
- data/third_party/boringssl/crypto/dh/params.c +30 -78
- data/third_party/boringssl/crypto/digest/digest.c +3 -3
- data/third_party/boringssl/crypto/dsa/dsa.c +59 -29
- data/third_party/boringssl/crypto/dsa/dsa_asn1.c +4 -0
- data/third_party/boringssl/crypto/ec/ec.c +84 -140
- data/third_party/boringssl/crypto/ec/ec_asn1.c +82 -52
- data/third_party/boringssl/crypto/ec/ec_key.c +15 -15
- data/third_party/boringssl/crypto/ec/ec_montgomery.c +87 -50
- data/third_party/boringssl/crypto/ec/internal.h +12 -36
- data/third_party/boringssl/crypto/ec/oct.c +11 -11
- data/third_party/boringssl/crypto/ec/p224-64.c +59 -116
- data/third_party/boringssl/crypto/ec/p256-64.c +88 -163
- data/third_party/boringssl/crypto/ec/p256-x86_64.c +46 -58
- data/third_party/boringssl/crypto/ec/simple.c +81 -201
- data/third_party/boringssl/crypto/ec/util-64.c +0 -74
- data/third_party/boringssl/crypto/ecdh/ecdh.c +7 -1
- data/third_party/boringssl/crypto/ecdsa/ecdsa.c +28 -46
- data/third_party/boringssl/crypto/ecdsa/ecdsa_asn1.c +1 -0
- data/third_party/boringssl/crypto/engine/engine.c +1 -1
- data/third_party/boringssl/crypto/err/err.c +3 -3
- data/third_party/boringssl/crypto/evp/evp.c +14 -59
- data/third_party/boringssl/crypto/evp/evp_asn1.c +144 -87
- data/third_party/boringssl/crypto/evp/evp_ctx.c +7 -7
- data/third_party/boringssl/crypto/evp/internal.h +4 -46
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +8 -157
- data/third_party/boringssl/crypto/evp/p_ec.c +1 -1
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +22 -170
- data/third_party/boringssl/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +10 -548
- data/third_party/boringssl/crypto/evp/print.c +520 -0
- data/third_party/boringssl/crypto/ex_data.c +4 -6
- data/third_party/boringssl/crypto/hkdf/hkdf.c +38 -17
- data/third_party/boringssl/crypto/hmac/hmac.c +6 -6
- data/third_party/boringssl/crypto/internal.h +57 -77
- data/third_party/boringssl/crypto/lhash/lhash.c +6 -10
- data/third_party/boringssl/crypto/md4/md4.c +9 -0
- data/third_party/boringssl/crypto/mem.c +19 -19
- data/third_party/boringssl/crypto/modes/cfb.c +5 -6
- data/third_party/boringssl/crypto/modes/ctr.c +10 -18
- data/third_party/boringssl/crypto/modes/gcm.c +100 -66
- data/third_party/boringssl/crypto/modes/internal.h +15 -27
- data/third_party/boringssl/crypto/modes/ofb.c +9 -22
- data/third_party/boringssl/crypto/newhope/error_correction.c +131 -0
- data/third_party/boringssl/crypto/newhope/internal.h +71 -0
- data/third_party/boringssl/crypto/newhope/newhope.c +174 -0
- data/third_party/boringssl/crypto/newhope/ntt.c +148 -0
- data/third_party/boringssl/crypto/newhope/poly.c +183 -0
- data/third_party/boringssl/crypto/newhope/precomp.c +306 -0
- data/third_party/boringssl/crypto/newhope/reduce.c +42 -0
- data/third_party/boringssl/crypto/obj/obj.c +111 -135
- data/third_party/boringssl/crypto/obj/obj_dat.h +4 -10
- data/third_party/boringssl/crypto/pem/pem_lib.c +6 -43
- data/third_party/boringssl/crypto/pem/pem_pkey.c +10 -19
- data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +1 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +2 -1
- data/third_party/boringssl/crypto/pkcs8/p8_pkey.c +2 -2
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +95 -87
- data/third_party/boringssl/crypto/{test/test_util.h → poly1305/internal.h} +15 -10
- data/third_party/boringssl/crypto/poly1305/poly1305.c +8 -15
- data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +1 -0
- data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +3 -3
- data/third_party/boringssl/crypto/rand/deterministic.c +47 -0
- data/third_party/boringssl/crypto/rand/rand.c +4 -1
- data/third_party/boringssl/crypto/rand/urandom.c +5 -7
- data/third_party/boringssl/crypto/rand/windows.c +5 -8
- data/third_party/boringssl/crypto/rc4/rc4.c +24 -209
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa/blinding.c +74 -232
- data/third_party/boringssl/crypto/rsa/internal.h +5 -13
- data/third_party/boringssl/crypto/rsa/padding.c +64 -63
- data/third_party/boringssl/crypto/rsa/rsa.c +50 -28
- data/third_party/boringssl/crypto/rsa/rsa_asn1.c +8 -16
- data/third_party/boringssl/crypto/rsa/rsa_impl.c +134 -122
- data/third_party/boringssl/crypto/sha/sha256.c +2 -2
- data/third_party/boringssl/crypto/sha/sha512.c +7 -7
- data/third_party/boringssl/crypto/stack/stack.c +13 -22
- data/third_party/boringssl/crypto/thread.c +21 -12
- data/third_party/boringssl/crypto/thread_none.c +6 -2
- data/third_party/boringssl/crypto/thread_pthread.c +16 -7
- data/third_party/boringssl/crypto/thread_win.c +38 -85
- data/third_party/boringssl/crypto/x509/a_sign.c +3 -3
- data/third_party/boringssl/crypto/x509/a_strex.c +1 -1
- data/third_party/boringssl/crypto/x509/a_verify.c +2 -2
- data/third_party/boringssl/crypto/{evp → x509}/algorithm.c +37 -53
- data/third_party/boringssl/crypto/x509/asn1_gen.c +1 -2
- data/third_party/boringssl/crypto/x509/by_dir.c +6 -6
- data/third_party/boringssl/crypto/x509/internal.h +66 -0
- data/third_party/boringssl/crypto/x509/rsa_pss.c +385 -0
- data/third_party/boringssl/crypto/x509/t_x509.c +10 -12
- data/third_party/boringssl/crypto/x509/x509.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_att.c +9 -3
- data/third_party/boringssl/crypto/x509/x509_lu.c +34 -44
- data/third_party/boringssl/crypto/x509/x509_obj.c +19 -2
- data/third_party/boringssl/crypto/x509/x509_r2x.c +9 -5
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_vfy.c +63 -32
- data/third_party/boringssl/crypto/x509/x509_vpm.c +29 -18
- data/third_party/boringssl/crypto/x509/x509cset.c +2 -1
- data/third_party/boringssl/crypto/x509/x_crl.c +2 -2
- data/third_party/boringssl/crypto/x509/x_name.c +14 -17
- data/third_party/boringssl/crypto/x509/x_pubkey.c +10 -7
- data/third_party/boringssl/crypto/x509/x_x509.c +67 -6
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -2
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +4 -3
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +5 -0
- data/third_party/boringssl/crypto/x509v3/v3_prn.c +0 -3
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +2 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +2 -1
- data/third_party/boringssl/include/openssl/aead.h +72 -73
- data/third_party/boringssl/include/openssl/arm_arch.h +0 -6
- data/third_party/boringssl/include/openssl/asn1.h +103 -235
- data/third_party/boringssl/include/openssl/asn1_mac.h +17 -74
- data/third_party/boringssl/include/openssl/asn1t.h +1 -11
- data/third_party/boringssl/include/openssl/base.h +145 -3
- data/third_party/boringssl/include/openssl/base64.h +20 -17
- data/third_party/boringssl/include/openssl/bio.h +59 -34
- data/third_party/boringssl/include/openssl/bn.h +118 -51
- data/third_party/boringssl/include/openssl/buf.h +15 -0
- data/third_party/boringssl/include/openssl/bytestring.h +52 -4
- data/third_party/boringssl/include/openssl/chacha.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +18 -1
- data/third_party/boringssl/include/openssl/cmac.h +11 -0
- data/third_party/boringssl/include/openssl/conf.h +13 -2
- data/third_party/boringssl/include/openssl/cpu.h +20 -23
- data/third_party/boringssl/include/openssl/crypto.h +22 -1
- data/third_party/boringssl/include/openssl/curve25519.h +96 -4
- data/third_party/boringssl/include/openssl/dh.h +71 -16
- data/third_party/boringssl/include/openssl/digest.h +38 -11
- data/third_party/boringssl/include/openssl/dsa.h +40 -4
- data/third_party/boringssl/include/openssl/ec.h +44 -18
- data/third_party/boringssl/include/openssl/ec_key.h +27 -6
- data/third_party/boringssl/include/openssl/ecdsa.h +11 -0
- data/third_party/boringssl/include/openssl/engine.h +11 -0
- data/third_party/boringssl/include/openssl/evp.h +52 -88
- data/third_party/boringssl/include/openssl/hkdf.h +24 -4
- data/third_party/boringssl/include/openssl/hmac.h +20 -6
- data/third_party/boringssl/include/openssl/md4.h +4 -0
- data/third_party/boringssl/include/openssl/mem.h +19 -0
- data/third_party/boringssl/include/openssl/newhope.h +158 -0
- data/third_party/boringssl/include/openssl/nid.h +4166 -0
- data/third_party/boringssl/include/openssl/obj.h +31 -3
- data/third_party/boringssl/include/openssl/obj_mac.h +17 -4143
- data/third_party/boringssl/include/openssl/{opensslfeatures.h → opensslconf.h} +3 -3
- data/third_party/boringssl/include/openssl/pem.h +5 -0
- data/third_party/boringssl/include/openssl/pkcs8.h +12 -0
- data/third_party/boringssl/include/openssl/rand.h +6 -0
- data/third_party/boringssl/include/openssl/rc4.h +6 -0
- data/third_party/boringssl/{crypto/dh/internal.h → include/openssl/ripemd.h} +38 -11
- data/third_party/boringssl/include/openssl/rsa.h +127 -65
- data/third_party/boringssl/include/openssl/sha.h +14 -10
- data/third_party/boringssl/include/openssl/ssl.h +561 -275
- data/third_party/boringssl/include/openssl/ssl3.h +18 -25
- data/third_party/boringssl/include/openssl/stack.h +2 -4
- data/third_party/boringssl/include/openssl/stack_macros.h +321 -353
- data/third_party/boringssl/include/openssl/thread.h +31 -13
- data/third_party/boringssl/include/openssl/time_support.h +1 -0
- data/third_party/boringssl/include/openssl/tls1.h +37 -33
- data/third_party/boringssl/include/openssl/x509.h +69 -26
- data/third_party/boringssl/include/openssl/x509_vfy.h +12 -10
- data/third_party/boringssl/include/openssl/x509v3.h +23 -2
- data/third_party/boringssl/ssl/custom_extensions.c +3 -5
- data/third_party/boringssl/ssl/d1_both.c +463 -499
- data/third_party/boringssl/ssl/d1_lib.c +38 -109
- data/third_party/boringssl/ssl/d1_pkt.c +173 -334
- data/third_party/boringssl/ssl/d1_srtp.c +20 -18
- data/third_party/boringssl/ssl/{d1_meth.c → dtls_method.c} +88 -15
- data/third_party/boringssl/ssl/dtls_record.c +27 -26
- data/third_party/boringssl/ssl/{s3_clnt.c → handshake_client.c} +816 -904
- data/third_party/boringssl/ssl/handshake_server.c +1932 -0
- data/third_party/boringssl/ssl/internal.h +712 -439
- data/third_party/boringssl/ssl/s3_both.c +445 -257
- data/third_party/boringssl/ssl/s3_enc.c +53 -36
- data/third_party/boringssl/ssl/s3_lib.c +23 -268
- data/third_party/boringssl/ssl/s3_pkt.c +168 -364
- data/third_party/boringssl/ssl/ssl_aead_ctx.c +46 -17
- data/third_party/boringssl/ssl/ssl_asn1.c +56 -26
- data/third_party/boringssl/ssl/ssl_buffer.c +16 -24
- data/third_party/boringssl/ssl/ssl_cert.c +324 -49
- data/third_party/boringssl/ssl/ssl_cipher.c +205 -150
- data/third_party/boringssl/ssl/ssl_ecdh.c +287 -51
- data/third_party/boringssl/ssl/ssl_file.c +21 -68
- data/third_party/boringssl/ssl/ssl_lib.c +881 -510
- data/third_party/boringssl/ssl/ssl_rsa.c +404 -34
- data/third_party/boringssl/ssl/ssl_session.c +324 -103
- data/third_party/boringssl/ssl/ssl_stat.c +6 -88
- data/third_party/boringssl/ssl/t1_enc.c +23 -39
- data/third_party/boringssl/ssl/t1_lib.c +1120 -622
- data/third_party/boringssl/ssl/tls13_both.c +440 -0
- data/third_party/boringssl/ssl/tls13_client.c +682 -0
- data/third_party/boringssl/ssl/tls13_enc.c +391 -0
- data/third_party/boringssl/ssl/tls13_server.c +672 -0
- data/third_party/boringssl/ssl/{s3_meth.c → tls_method.c} +100 -21
- data/third_party/boringssl/ssl/tls_record.c +159 -77
- data/third_party/nanopb/pb.h +60 -28
- data/third_party/nanopb/pb_decode.c +120 -92
- data/third_party/nanopb/pb_decode.h +3 -3
- data/third_party/nanopb/pb_encode.c +73 -67
- data/third_party/nanopb/pb_encode.h +4 -4
- metadata +155 -89
- data/include/grpc/impl/codegen/byte_buffer.h +0 -122
- data/include/grpc/impl/codegen/log.h +0 -118
- data/include/grpc/impl/codegen/time.h +0 -130
- data/src/core/ext/client_config/client_channel.c +0 -593
- data/src/core/ext/client_config/subchannel_call_holder.c +0 -272
- data/src/core/ext/client_config/subchannel_call_holder.h +0 -99
- data/src/core/lib/iomgr/ev_poll_and_epoll_posix.c +0 -2046
- data/src/core/lib/iomgr/workqueue_posix.c +0 -151
- data/src/core/lib/security/transport/handshake.c +0 -368
- data/third_party/boringssl/crypto/asn1/a_bytes.c +0 -308
- data/third_party/boringssl/crypto/asn1/bio_asn1.c +0 -477
- data/third_party/boringssl/crypto/asn1/bio_ndef.c +0 -251
- data/third_party/boringssl/crypto/asn1/t_pkey.c +0 -110
- data/third_party/boringssl/crypto/asn1/tasn_prn.c +0 -596
- data/third_party/boringssl/crypto/chacha/chacha_vec.c +0 -328
- data/third_party/boringssl/crypto/directory.h +0 -66
- data/third_party/boringssl/crypto/directory_posix.c +0 -108
- data/third_party/boringssl/crypto/directory_win.c +0 -144
- data/third_party/boringssl/crypto/test/scoped_types.h +0 -140
- data/third_party/boringssl/include/openssl/pqueue.h +0 -146
- data/third_party/boringssl/ssl/d1_clnt.c +0 -561
- data/third_party/boringssl/ssl/d1_srvr.c +0 -476
- data/third_party/boringssl/ssl/pqueue/pqueue.c +0 -197
- data/third_party/boringssl/ssl/s3_srvr.c +0 -2272
- data/third_party/boringssl/ssl/test/async_bio.h +0 -45
- data/third_party/boringssl/ssl/test/packeted_bio.h +0 -44
- data/third_party/boringssl/ssl/test/test_config.h +0 -110
|
@@ -92,7 +92,18 @@ SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction,
|
|
|
92
92
|
if (cipher->algorithm_enc & (SSL_AES128GCM | SSL_AES256GCM)) {
|
|
93
93
|
aead_ctx->variable_nonce_included_in_record = 1;
|
|
94
94
|
}
|
|
95
|
+
|
|
96
|
+
/* The TLS 1.3 construction XORs the fixed nonce into the sequence number
|
|
97
|
+
* and omits the additional data. */
|
|
98
|
+
if (version >= TLS1_3_VERSION) {
|
|
99
|
+
aead_ctx->xor_fixed_nonce = 1;
|
|
100
|
+
aead_ctx->variable_nonce_len = 8;
|
|
101
|
+
aead_ctx->variable_nonce_included_in_record = 0;
|
|
102
|
+
aead_ctx->omit_ad = 1;
|
|
103
|
+
assert(fixed_iv_len >= aead_ctx->variable_nonce_len);
|
|
104
|
+
}
|
|
95
105
|
} else {
|
|
106
|
+
assert(version < TLS1_3_VERSION);
|
|
96
107
|
aead_ctx->variable_nonce_included_in_record = 1;
|
|
97
108
|
aead_ctx->random_variable_nonce = 1;
|
|
98
109
|
aead_ctx->omit_length_in_ad = 1;
|
|
@@ -111,6 +122,10 @@ void SSL_AEAD_CTX_free(SSL_AEAD_CTX *aead) {
|
|
|
111
122
|
}
|
|
112
123
|
|
|
113
124
|
size_t SSL_AEAD_CTX_explicit_nonce_len(SSL_AEAD_CTX *aead) {
|
|
125
|
+
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
126
|
+
aead = NULL;
|
|
127
|
+
#endif
|
|
128
|
+
|
|
114
129
|
if (aead != NULL && aead->variable_nonce_included_in_record) {
|
|
115
130
|
return aead->variable_nonce_len;
|
|
116
131
|
}
|
|
@@ -118,11 +133,15 @@ size_t SSL_AEAD_CTX_explicit_nonce_len(SSL_AEAD_CTX *aead) {
|
|
|
118
133
|
}
|
|
119
134
|
|
|
120
135
|
size_t SSL_AEAD_CTX_max_overhead(SSL_AEAD_CTX *aead) {
|
|
136
|
+
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
137
|
+
aead = NULL;
|
|
138
|
+
#endif
|
|
139
|
+
|
|
121
140
|
if (aead == NULL) {
|
|
122
141
|
return 0;
|
|
123
142
|
}
|
|
124
143
|
return EVP_AEAD_max_overhead(aead->ctx.aead) +
|
|
125
|
-
|
|
144
|
+
SSL_AEAD_CTX_explicit_nonce_len(aead);
|
|
126
145
|
}
|
|
127
146
|
|
|
128
147
|
/* ssl_aead_ctx_get_ad writes the additional data for |aead| into |out| and
|
|
@@ -131,6 +150,10 @@ static size_t ssl_aead_ctx_get_ad(SSL_AEAD_CTX *aead, uint8_t out[13],
|
|
|
131
150
|
uint8_t type, uint16_t wire_version,
|
|
132
151
|
const uint8_t seqnum[8],
|
|
133
152
|
size_t plaintext_len) {
|
|
153
|
+
if (aead->omit_ad) {
|
|
154
|
+
return 0;
|
|
155
|
+
}
|
|
156
|
+
|
|
134
157
|
memcpy(out, seqnum, 8);
|
|
135
158
|
size_t len = 8;
|
|
136
159
|
out[len++] = type;
|
|
@@ -145,18 +168,16 @@ static size_t ssl_aead_ctx_get_ad(SSL_AEAD_CTX *aead, uint8_t out[13],
|
|
|
145
168
|
return len;
|
|
146
169
|
}
|
|
147
170
|
|
|
148
|
-
int SSL_AEAD_CTX_open(SSL_AEAD_CTX *aead,
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
171
|
+
int SSL_AEAD_CTX_open(SSL_AEAD_CTX *aead, CBS *out, uint8_t type,
|
|
172
|
+
uint16_t wire_version, const uint8_t seqnum[8],
|
|
173
|
+
uint8_t *in, size_t in_len) {
|
|
174
|
+
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
175
|
+
aead = NULL;
|
|
176
|
+
#endif
|
|
177
|
+
|
|
152
178
|
if (aead == NULL) {
|
|
153
179
|
/* Handle the initial NULL cipher. */
|
|
154
|
-
|
|
155
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
|
|
156
|
-
return 0;
|
|
157
|
-
}
|
|
158
|
-
memmove(out, in, in_len);
|
|
159
|
-
*out_len = in_len;
|
|
180
|
+
CBS_init(out, in, in_len);
|
|
160
181
|
return 1;
|
|
161
182
|
}
|
|
162
183
|
|
|
@@ -208,20 +229,29 @@ int SSL_AEAD_CTX_open(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len,
|
|
|
208
229
|
/* XOR the fixed nonce, if necessary. */
|
|
209
230
|
if (aead->xor_fixed_nonce) {
|
|
210
231
|
assert(nonce_len == aead->fixed_nonce_len);
|
|
211
|
-
size_t i;
|
|
212
|
-
for (i = 0; i < aead->fixed_nonce_len; i++) {
|
|
232
|
+
for (size_t i = 0; i < aead->fixed_nonce_len; i++) {
|
|
213
233
|
nonce[i] ^= aead->fixed_nonce[i];
|
|
214
234
|
}
|
|
215
235
|
}
|
|
216
236
|
|
|
217
|
-
|
|
218
|
-
|
|
237
|
+
/* Decrypt in-place. */
|
|
238
|
+
size_t len;
|
|
239
|
+
if (!EVP_AEAD_CTX_open(&aead->ctx, in, &len, in_len, nonce, nonce_len,
|
|
240
|
+
in, in_len, ad, ad_len)) {
|
|
241
|
+
return 0;
|
|
242
|
+
}
|
|
243
|
+
CBS_init(out, in, len);
|
|
244
|
+
return 1;
|
|
219
245
|
}
|
|
220
246
|
|
|
221
247
|
int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len,
|
|
222
248
|
size_t max_out, uint8_t type, uint16_t wire_version,
|
|
223
249
|
const uint8_t seqnum[8], const uint8_t *in,
|
|
224
250
|
size_t in_len) {
|
|
251
|
+
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
252
|
+
aead = NULL;
|
|
253
|
+
#endif
|
|
254
|
+
|
|
225
255
|
if (aead == NULL) {
|
|
226
256
|
/* Handle the initial NULL cipher. */
|
|
227
257
|
if (in_len > max_out) {
|
|
@@ -285,8 +315,7 @@ int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len,
|
|
|
285
315
|
/* XOR the fixed nonce, if necessary. */
|
|
286
316
|
if (aead->xor_fixed_nonce) {
|
|
287
317
|
assert(nonce_len == aead->fixed_nonce_len);
|
|
288
|
-
size_t i;
|
|
289
|
-
for (i = 0; i < aead->fixed_nonce_len; i++) {
|
|
318
|
+
for (size_t i = 0; i < aead->fixed_nonce_len; i++) {
|
|
290
319
|
nonce[i] ^= aead->fixed_nonce[i];
|
|
291
320
|
}
|
|
292
321
|
}
|
|
@@ -85,6 +85,7 @@
|
|
|
85
85
|
#include <limits.h>
|
|
86
86
|
#include <string.h>
|
|
87
87
|
|
|
88
|
+
#include <openssl/buf.h>
|
|
88
89
|
#include <openssl/bytestring.h>
|
|
89
90
|
#include <openssl/err.h>
|
|
90
91
|
#include <openssl/mem.h>
|
|
@@ -120,6 +121,8 @@
|
|
|
120
121
|
* extendedMasterSecret [17] BOOLEAN OPTIONAL,
|
|
121
122
|
* keyExchangeInfo [18] INTEGER OPTIONAL,
|
|
122
123
|
* certChain [19] SEQUENCE OF Certificate OPTIONAL,
|
|
124
|
+
* ticketFlags [20] INTEGER OPTIONAL,
|
|
125
|
+
* ticketAgeAdd [21] OCTET STRING OPTIONAL,
|
|
123
126
|
* }
|
|
124
127
|
*
|
|
125
128
|
* Note: historically this serialization has included other optional
|
|
@@ -164,22 +167,10 @@ static const int kKeyExchangeInfoTag =
|
|
|
164
167
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 18;
|
|
165
168
|
static const int kCertChainTag =
|
|
166
169
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 19;
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
return 0;
|
|
172
|
-
}
|
|
173
|
-
uint8_t *buf;
|
|
174
|
-
if (!CBB_add_space(cbb, &buf, len)) {
|
|
175
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
176
|
-
return 0;
|
|
177
|
-
}
|
|
178
|
-
if (buf != NULL && i2d_X509(x509, &buf) < 0) {
|
|
179
|
-
return 0;
|
|
180
|
-
}
|
|
181
|
-
return 1;
|
|
182
|
-
}
|
|
170
|
+
static const int kTicketFlagsTag =
|
|
171
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 20;
|
|
172
|
+
static const int kTicketAgeAddTag =
|
|
173
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 21;
|
|
183
174
|
|
|
184
175
|
static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
|
|
185
176
|
size_t *out_len, int for_ticket) {
|
|
@@ -229,7 +220,7 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
|
|
|
229
220
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
230
221
|
goto err;
|
|
231
222
|
}
|
|
232
|
-
if (!
|
|
223
|
+
if (!ssl_add_cert_to_cbb(&child, in->peer)) {
|
|
233
224
|
goto err;
|
|
234
225
|
}
|
|
235
226
|
}
|
|
@@ -349,14 +340,30 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
|
|
|
349
340
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
350
341
|
goto err;
|
|
351
342
|
}
|
|
352
|
-
size_t i;
|
|
353
|
-
|
|
354
|
-
if (!add_X509(&child, sk_X509_value(in->cert_chain, i))) {
|
|
343
|
+
for (size_t i = 0; i < sk_X509_num(in->cert_chain); i++) {
|
|
344
|
+
if (!ssl_add_cert_to_cbb(&child, sk_X509_value(in->cert_chain, i))) {
|
|
355
345
|
goto err;
|
|
356
346
|
}
|
|
357
347
|
}
|
|
358
348
|
}
|
|
359
349
|
|
|
350
|
+
if (in->ticket_flags > 0) {
|
|
351
|
+
if (!CBB_add_asn1(&session, &child, kTicketFlagsTag) ||
|
|
352
|
+
!CBB_add_asn1_uint64(&child, in->ticket_flags)) {
|
|
353
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
354
|
+
goto err;
|
|
355
|
+
}
|
|
356
|
+
}
|
|
357
|
+
|
|
358
|
+
if (in->ticket_age_add_valid) {
|
|
359
|
+
if (!CBB_add_asn1(&session, &child, kTicketAgeAddTag) ||
|
|
360
|
+
!CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) ||
|
|
361
|
+
!CBB_add_u32(&child2, in->ticket_age_add)) {
|
|
362
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
363
|
+
goto err;
|
|
364
|
+
}
|
|
365
|
+
}
|
|
366
|
+
|
|
360
367
|
if (!CBB_finish(&cbb, out_data, out_len)) {
|
|
361
368
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
362
369
|
goto err;
|
|
@@ -370,6 +377,22 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data,
|
|
|
370
377
|
|
|
371
378
|
int SSL_SESSION_to_bytes(const SSL_SESSION *in, uint8_t **out_data,
|
|
372
379
|
size_t *out_len) {
|
|
380
|
+
if (in->not_resumable) {
|
|
381
|
+
/* If the caller has an unresumable session, e.g. if |SSL_get_session| were
|
|
382
|
+
* called on a TLS 1.3 or False Started connection, serialize with a
|
|
383
|
+
* placeholder value so it is not accidentally deserialized into a resumable
|
|
384
|
+
* one. */
|
|
385
|
+
static const char kNotResumableSession[] = "NOT RESUMABLE";
|
|
386
|
+
|
|
387
|
+
*out_len = strlen(kNotResumableSession);
|
|
388
|
+
*out_data = BUF_memdup(kNotResumableSession, *out_len);
|
|
389
|
+
if (*out_data == NULL) {
|
|
390
|
+
return 0;
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
return 1;
|
|
394
|
+
}
|
|
395
|
+
|
|
373
396
|
return SSL_SESSION_to_bytes_full(in, out_data, out_len, 0);
|
|
374
397
|
}
|
|
375
398
|
|
|
@@ -520,12 +543,6 @@ static SSL_SESSION *SSL_SESSION_parse(CBS *cbs) {
|
|
|
520
543
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
|
521
544
|
goto err;
|
|
522
545
|
}
|
|
523
|
-
/* Only support SSLv3/TLS and DTLS. */
|
|
524
|
-
if ((ssl_version >> 8) != SSL3_VERSION_MAJOR &&
|
|
525
|
-
(ssl_version >> 8) != (DTLS1_VERSION >> 8)) {
|
|
526
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_SSL_VERSION);
|
|
527
|
-
goto err;
|
|
528
|
-
}
|
|
529
546
|
ret->ssl_version = ssl_version;
|
|
530
547
|
|
|
531
548
|
CBS cipher;
|
|
@@ -668,6 +685,19 @@ static SSL_SESSION *SSL_SESSION_parse(CBS *cbs) {
|
|
|
668
685
|
}
|
|
669
686
|
}
|
|
670
687
|
|
|
688
|
+
CBS age_add;
|
|
689
|
+
int age_add_present;
|
|
690
|
+
if (!SSL_SESSION_parse_u32(&session, &ret->ticket_flags,
|
|
691
|
+
kTicketFlagsTag, 0) ||
|
|
692
|
+
!CBS_get_optional_asn1_octet_string(&session, &age_add, &age_add_present,
|
|
693
|
+
kTicketAgeAddTag) ||
|
|
694
|
+
(age_add_present &&
|
|
695
|
+
!CBS_get_u32(&age_add, &ret->ticket_age_add)) ||
|
|
696
|
+
CBS_len(&age_add) != 0) {
|
|
697
|
+
goto err;
|
|
698
|
+
}
|
|
699
|
+
ret->ticket_age_add_valid = age_add_present;
|
|
700
|
+
|
|
671
701
|
if (CBS_len(&session) != 0) {
|
|
672
702
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
|
673
703
|
goto err;
|
|
@@ -85,7 +85,7 @@ static int setup_read_buffer(SSL *ssl) {
|
|
|
85
85
|
|
|
86
86
|
size_t header_len = ssl_record_prefix_len(ssl);
|
|
87
87
|
size_t cap = SSL3_RT_MAX_ENCRYPTED_LENGTH;
|
|
88
|
-
if (
|
|
88
|
+
if (SSL_is_dtls(ssl)) {
|
|
89
89
|
cap += DTLS1_RT_HEADER_LENGTH;
|
|
90
90
|
} else {
|
|
91
91
|
cap += SSL3_RT_HEADER_LENGTH;
|
|
@@ -113,12 +113,11 @@ static int dtls_read_buffer_next_packet(SSL *ssl) {
|
|
|
113
113
|
}
|
|
114
114
|
|
|
115
115
|
/* Read a single packet from |ssl->rbio|. |buf->cap| must fit in an int. */
|
|
116
|
-
ssl->rwstate = SSL_READING;
|
|
117
116
|
int ret = BIO_read(ssl->rbio, buf->buf + buf->offset, (int)buf->cap);
|
|
118
117
|
if (ret <= 0) {
|
|
118
|
+
ssl->rwstate = SSL_READING;
|
|
119
119
|
return ret;
|
|
120
120
|
}
|
|
121
|
-
ssl->rwstate = SSL_NOTHING;
|
|
122
121
|
/* |BIO_read| was bound by |buf->cap|, so this cannot overflow. */
|
|
123
122
|
buf->len = (uint16_t)ret;
|
|
124
123
|
return 1;
|
|
@@ -136,13 +135,12 @@ static int tls_read_buffer_extend_to(SSL *ssl, size_t len) {
|
|
|
136
135
|
while (buf->len < len) {
|
|
137
136
|
/* The amount of data to read is bounded by |buf->cap|, which must fit in an
|
|
138
137
|
* int. */
|
|
139
|
-
ssl->rwstate = SSL_READING;
|
|
140
138
|
int ret = BIO_read(ssl->rbio, buf->buf + buf->offset + buf->len,
|
|
141
139
|
(int)(len - buf->len));
|
|
142
140
|
if (ret <= 0) {
|
|
141
|
+
ssl->rwstate = SSL_READING;
|
|
143
142
|
return ret;
|
|
144
143
|
}
|
|
145
|
-
ssl->rwstate = SSL_NOTHING;
|
|
146
144
|
/* |BIO_read| was bound by |buf->cap - buf->len|, so this cannot
|
|
147
145
|
* overflow. */
|
|
148
146
|
buf->len += (uint16_t)ret;
|
|
@@ -164,10 +162,8 @@ int ssl_read_buffer_extend_to(SSL *ssl, size_t len) {
|
|
|
164
162
|
return -1;
|
|
165
163
|
}
|
|
166
164
|
|
|
167
|
-
ERR_clear_system_error();
|
|
168
|
-
|
|
169
165
|
int ret;
|
|
170
|
-
if (
|
|
166
|
+
if (SSL_is_dtls(ssl)) {
|
|
171
167
|
/* |len| is ignored for a datagram transport. */
|
|
172
168
|
ret = dtls_read_buffer_next_packet(ssl);
|
|
173
169
|
} else {
|
|
@@ -186,14 +182,13 @@ void ssl_read_buffer_consume(SSL *ssl, size_t len) {
|
|
|
186
182
|
SSL3_BUFFER *buf = &ssl->s3->read_buffer;
|
|
187
183
|
|
|
188
184
|
consume_buffer(buf, len);
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
}
|
|
185
|
+
|
|
186
|
+
/* The TLS stack never reads beyond the current record, so there will never be
|
|
187
|
+
* unconsumed data. If read-ahead is ever reimplemented,
|
|
188
|
+
* |ssl_read_buffer_discard| will require a |memcpy| to shift the excess back
|
|
189
|
+
* to the front of the buffer, to ensure there is enough space for the next
|
|
190
|
+
* record. */
|
|
191
|
+
assert(SSL_is_dtls(ssl) || len == 0 || buf->len == 0);
|
|
197
192
|
}
|
|
198
193
|
|
|
199
194
|
void ssl_read_buffer_discard(SSL *ssl) {
|
|
@@ -229,12 +224,12 @@ int ssl_write_buffer_init(SSL *ssl, uint8_t **out_ptr, size_t max_len) {
|
|
|
229
224
|
return 0;
|
|
230
225
|
}
|
|
231
226
|
|
|
232
|
-
size_t header_len =
|
|
227
|
+
size_t header_len = ssl_seal_align_prefix_len(ssl);
|
|
233
228
|
|
|
234
229
|
/* TODO(davidben): This matches the original behavior in keeping the malloc
|
|
235
230
|
* size consistent. Does this matter? |cap| could just be |max_len|. */
|
|
236
231
|
size_t cap = SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
|
|
237
|
-
if (
|
|
232
|
+
if (SSL_is_dtls(ssl)) {
|
|
238
233
|
cap += DTLS1_RT_HEADER_LENGTH;
|
|
239
234
|
} else {
|
|
240
235
|
cap += SSL3_RT_HEADER_LENGTH;
|
|
@@ -268,12 +263,11 @@ static int tls_write_buffer_flush(SSL *ssl) {
|
|
|
268
263
|
SSL3_BUFFER *buf = &ssl->s3->write_buffer;
|
|
269
264
|
|
|
270
265
|
while (buf->len > 0) {
|
|
271
|
-
ssl->rwstate = SSL_WRITING;
|
|
272
266
|
int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len);
|
|
273
267
|
if (ret <= 0) {
|
|
268
|
+
ssl->rwstate = SSL_WRITING;
|
|
274
269
|
return ret;
|
|
275
270
|
}
|
|
276
|
-
ssl->rwstate = SSL_NOTHING;
|
|
277
271
|
consume_buffer(buf, (size_t)ret);
|
|
278
272
|
}
|
|
279
273
|
ssl_write_buffer_clear(ssl);
|
|
@@ -286,16 +280,15 @@ static int dtls_write_buffer_flush(SSL *ssl) {
|
|
|
286
280
|
return 1;
|
|
287
281
|
}
|
|
288
282
|
|
|
289
|
-
ssl->rwstate = SSL_WRITING;
|
|
290
283
|
int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len);
|
|
291
284
|
if (ret <= 0) {
|
|
285
|
+
ssl->rwstate = SSL_WRITING;
|
|
292
286
|
/* If the write failed, drop the write buffer anyway. Datagram transports
|
|
293
287
|
* can't write half a packet, so the caller is expected to retry from the
|
|
294
288
|
* top. */
|
|
295
289
|
ssl_write_buffer_clear(ssl);
|
|
296
290
|
return ret;
|
|
297
291
|
}
|
|
298
|
-
ssl->rwstate = SSL_NOTHING;
|
|
299
292
|
ssl_write_buffer_clear(ssl);
|
|
300
293
|
return 1;
|
|
301
294
|
}
|
|
@@ -305,9 +298,8 @@ int ssl_write_buffer_flush(SSL *ssl) {
|
|
|
305
298
|
OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET);
|
|
306
299
|
return -1;
|
|
307
300
|
}
|
|
308
|
-
ERR_clear_system_error();
|
|
309
301
|
|
|
310
|
-
if (
|
|
302
|
+
if (SSL_is_dtls(ssl)) {
|
|
311
303
|
return dtls_write_buffer_flush(ssl);
|
|
312
304
|
} else {
|
|
313
305
|
return tls_write_buffer_flush(ssl);
|
|
@@ -114,6 +114,7 @@
|
|
|
114
114
|
|
|
115
115
|
#include <openssl/ssl.h>
|
|
116
116
|
|
|
117
|
+
#include <assert.h>
|
|
117
118
|
#include <string.h>
|
|
118
119
|
|
|
119
120
|
#include <openssl/bn.h>
|
|
@@ -122,10 +123,10 @@
|
|
|
122
123
|
#include <openssl/dh.h>
|
|
123
124
|
#include <openssl/err.h>
|
|
124
125
|
#include <openssl/mem.h>
|
|
126
|
+
#include <openssl/sha.h>
|
|
125
127
|
#include <openssl/x509.h>
|
|
126
128
|
#include <openssl/x509v3.h>
|
|
127
129
|
|
|
128
|
-
#include "../crypto/dh/internal.h"
|
|
129
130
|
#include "../crypto/internal.h"
|
|
130
131
|
#include "internal.h"
|
|
131
132
|
|
|
@@ -157,6 +158,26 @@ CERT *ssl_cert_dup(CERT *cert) {
|
|
|
157
158
|
}
|
|
158
159
|
memset(ret, 0, sizeof(CERT));
|
|
159
160
|
|
|
161
|
+
if (cert->x509 != NULL) {
|
|
162
|
+
X509_up_ref(cert->x509);
|
|
163
|
+
ret->x509 = cert->x509;
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
if (cert->privatekey != NULL) {
|
|
167
|
+
EVP_PKEY_up_ref(cert->privatekey);
|
|
168
|
+
ret->privatekey = cert->privatekey;
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
if (cert->chain) {
|
|
172
|
+
ret->chain = X509_chain_up_ref(cert->chain);
|
|
173
|
+
if (!ret->chain) {
|
|
174
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
175
|
+
goto err;
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
ret->key_method = cert->key_method;
|
|
180
|
+
|
|
160
181
|
ret->mask_k = cert->mask_k;
|
|
161
182
|
ret->mask_a = cert->mask_a;
|
|
162
183
|
|
|
@@ -169,25 +190,23 @@ CERT *ssl_cert_dup(CERT *cert) {
|
|
|
169
190
|
}
|
|
170
191
|
ret->dh_tmp_cb = cert->dh_tmp_cb;
|
|
171
192
|
|
|
172
|
-
if (cert->
|
|
173
|
-
ret->
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
if (cert->privatekey != NULL) {
|
|
177
|
-
ret->privatekey = EVP_PKEY_up_ref(cert->privatekey);
|
|
178
|
-
}
|
|
179
|
-
|
|
180
|
-
if (cert->chain) {
|
|
181
|
-
ret->chain = X509_chain_up_ref(cert->chain);
|
|
182
|
-
if (!ret->chain) {
|
|
183
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
193
|
+
if (cert->sigalgs != NULL) {
|
|
194
|
+
ret->sigalgs =
|
|
195
|
+
BUF_memdup(cert->sigalgs, cert->num_sigalgs * sizeof(cert->sigalgs[0]));
|
|
196
|
+
if (ret->sigalgs == NULL) {
|
|
184
197
|
goto err;
|
|
185
198
|
}
|
|
186
199
|
}
|
|
200
|
+
ret->num_sigalgs = cert->num_sigalgs;
|
|
187
201
|
|
|
188
202
|
ret->cert_cb = cert->cert_cb;
|
|
189
203
|
ret->cert_cb_arg = cert->cert_cb_arg;
|
|
190
204
|
|
|
205
|
+
if (cert->verify_store != NULL) {
|
|
206
|
+
X509_STORE_up_ref(cert->verify_store);
|
|
207
|
+
ret->verify_store = cert->verify_store;
|
|
208
|
+
}
|
|
209
|
+
|
|
191
210
|
return ret;
|
|
192
211
|
|
|
193
212
|
err:
|
|
@@ -218,8 +237,8 @@ void ssl_cert_free(CERT *c) {
|
|
|
218
237
|
DH_free(c->dh_tmp);
|
|
219
238
|
|
|
220
239
|
ssl_cert_clear_certs(c);
|
|
221
|
-
OPENSSL_free(c->
|
|
222
|
-
|
|
240
|
+
OPENSSL_free(c->sigalgs);
|
|
241
|
+
X509_STORE_free(c->verify_store);
|
|
223
242
|
|
|
224
243
|
OPENSSL_free(c);
|
|
225
244
|
}
|
|
@@ -274,15 +293,21 @@ void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg) {
|
|
|
274
293
|
c->cert_cb_arg = arg;
|
|
275
294
|
}
|
|
276
295
|
|
|
277
|
-
int ssl_verify_cert_chain(SSL *ssl,
|
|
296
|
+
int ssl_verify_cert_chain(SSL *ssl, long *out_verify_result,
|
|
297
|
+
STACK_OF(X509) *cert_chain) {
|
|
278
298
|
if (cert_chain == NULL || sk_X509_num(cert_chain) == 0) {
|
|
279
299
|
return 0;
|
|
280
300
|
}
|
|
281
301
|
|
|
302
|
+
X509_STORE *verify_store = ssl->ctx->cert_store;
|
|
303
|
+
if (ssl->cert->verify_store != NULL) {
|
|
304
|
+
verify_store = ssl->cert->verify_store;
|
|
305
|
+
}
|
|
306
|
+
|
|
282
307
|
X509 *leaf = sk_X509_value(cert_chain, 0);
|
|
283
308
|
int ret = 0;
|
|
284
309
|
X509_STORE_CTX ctx;
|
|
285
|
-
if (!X509_STORE_CTX_init(&ctx,
|
|
310
|
+
if (!X509_STORE_CTX_init(&ctx, verify_store, leaf, cert_chain)) {
|
|
286
311
|
OPENSSL_PUT_ERROR(SSL, ERR_R_X509_LIB);
|
|
287
312
|
return 0;
|
|
288
313
|
}
|
|
@@ -303,13 +328,24 @@ int ssl_verify_cert_chain(SSL *ssl, STACK_OF(X509) *cert_chain) {
|
|
|
303
328
|
X509_STORE_CTX_set_verify_cb(&ctx, ssl->verify_callback);
|
|
304
329
|
}
|
|
305
330
|
|
|
331
|
+
int verify_ret;
|
|
306
332
|
if (ssl->ctx->app_verify_callback != NULL) {
|
|
307
|
-
|
|
333
|
+
verify_ret = ssl->ctx->app_verify_callback(&ctx, ssl->ctx->app_verify_arg);
|
|
308
334
|
} else {
|
|
309
|
-
|
|
335
|
+
verify_ret = X509_verify_cert(&ctx);
|
|
336
|
+
}
|
|
337
|
+
|
|
338
|
+
*out_verify_result = ctx.error;
|
|
339
|
+
|
|
340
|
+
/* If |SSL_VERIFY_NONE|, the error is non-fatal, but we keep the result. */
|
|
341
|
+
if (verify_ret <= 0 && ssl->verify_mode != SSL_VERIFY_NONE) {
|
|
342
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, ssl_verify_alarm_type(ctx.error));
|
|
343
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
|
|
344
|
+
goto err;
|
|
310
345
|
}
|
|
311
346
|
|
|
312
|
-
|
|
347
|
+
ERR_clear_error();
|
|
348
|
+
ret = 1;
|
|
313
349
|
|
|
314
350
|
err:
|
|
315
351
|
X509_STORE_CTX_cleanup(&ctx);
|
|
@@ -328,8 +364,7 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *list) {
|
|
|
328
364
|
return NULL;
|
|
329
365
|
}
|
|
330
366
|
|
|
331
|
-
size_t i;
|
|
332
|
-
for (i = 0; i < sk_X509_NAME_num(list); i++) {
|
|
367
|
+
for (size_t i = 0; i < sk_X509_NAME_num(list); i++) {
|
|
333
368
|
X509_NAME *name = X509_NAME_dup(sk_X509_NAME_value(list, i));
|
|
334
369
|
if (name == NULL || !sk_X509_NAME_push(ret, name)) {
|
|
335
370
|
X509_NAME_free(name);
|
|
@@ -403,51 +438,114 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x509) {
|
|
|
403
438
|
return add_client_CA(&ctx->client_CA, x509);
|
|
404
439
|
}
|
|
405
440
|
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
uint8_t *p;
|
|
441
|
+
int ssl_has_certificate(const SSL *ssl) {
|
|
442
|
+
return ssl->cert->x509 != NULL && ssl_has_private_key(ssl);
|
|
443
|
+
}
|
|
410
444
|
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
445
|
+
STACK_OF(X509) *ssl_parse_cert_chain(SSL *ssl, uint8_t *out_alert,
|
|
446
|
+
uint8_t *out_leaf_sha256, CBS *cbs) {
|
|
447
|
+
STACK_OF(X509) *ret = sk_X509_new_null();
|
|
448
|
+
if (ret == NULL) {
|
|
449
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
450
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
451
|
+
return NULL;
|
|
452
|
+
}
|
|
453
|
+
|
|
454
|
+
X509 *x = NULL;
|
|
455
|
+
CBS certificate_list;
|
|
456
|
+
if (!CBS_get_u24_length_prefixed(cbs, &certificate_list)) {
|
|
457
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
458
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
459
|
+
goto err;
|
|
415
460
|
}
|
|
416
|
-
p = (uint8_t *)&(buf->data[*l]);
|
|
417
|
-
l2n3(n, p);
|
|
418
|
-
i2d_X509(x, &p);
|
|
419
|
-
*l += n + 3;
|
|
420
461
|
|
|
462
|
+
while (CBS_len(&certificate_list) > 0) {
|
|
463
|
+
CBS certificate;
|
|
464
|
+
if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate)) {
|
|
465
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
466
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
|
|
467
|
+
goto err;
|
|
468
|
+
}
|
|
469
|
+
|
|
470
|
+
/* Retain the hash of the leaf certificate if requested. */
|
|
471
|
+
if (sk_X509_num(ret) == 0 && out_leaf_sha256 != NULL) {
|
|
472
|
+
SHA256(CBS_data(&certificate), CBS_len(&certificate), out_leaf_sha256);
|
|
473
|
+
}
|
|
474
|
+
|
|
475
|
+
/* A u24 length cannot overflow a long. */
|
|
476
|
+
const uint8_t *data = CBS_data(&certificate);
|
|
477
|
+
x = d2i_X509(NULL, &data, (long)CBS_len(&certificate));
|
|
478
|
+
if (x == NULL || data != CBS_data(&certificate) + CBS_len(&certificate)) {
|
|
479
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
480
|
+
goto err;
|
|
481
|
+
}
|
|
482
|
+
if (!sk_X509_push(ret, x)) {
|
|
483
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
484
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
485
|
+
goto err;
|
|
486
|
+
}
|
|
487
|
+
x = NULL;
|
|
488
|
+
}
|
|
489
|
+
|
|
490
|
+
return ret;
|
|
491
|
+
|
|
492
|
+
err:
|
|
493
|
+
X509_free(x);
|
|
494
|
+
sk_X509_pop_free(ret, X509_free);
|
|
495
|
+
return NULL;
|
|
496
|
+
}
|
|
497
|
+
|
|
498
|
+
int ssl_add_cert_to_cbb(CBB *cbb, X509 *x509) {
|
|
499
|
+
int len = i2d_X509(x509, NULL);
|
|
500
|
+
if (len < 0) {
|
|
501
|
+
return 0;
|
|
502
|
+
}
|
|
503
|
+
uint8_t *buf;
|
|
504
|
+
if (!CBB_add_space(cbb, &buf, len)) {
|
|
505
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
506
|
+
return 0;
|
|
507
|
+
}
|
|
508
|
+
if (buf != NULL && i2d_X509(x509, &buf) < 0) {
|
|
509
|
+
return 0;
|
|
510
|
+
}
|
|
421
511
|
return 1;
|
|
422
512
|
}
|
|
423
513
|
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
514
|
+
static int ssl_add_cert_with_length(CBB *cbb, X509 *x509) {
|
|
515
|
+
CBB child;
|
|
516
|
+
return CBB_add_u24_length_prefixed(cbb, &child) &&
|
|
517
|
+
ssl_add_cert_to_cbb(&child, x509) &&
|
|
518
|
+
CBB_flush(cbb);
|
|
519
|
+
}
|
|
520
|
+
|
|
521
|
+
int ssl_add_cert_chain(SSL *ssl, CBB *cbb) {
|
|
522
|
+
if (!ssl_has_certificate(ssl)) {
|
|
523
|
+
return CBB_add_u24(cbb, 0);
|
|
524
|
+
}
|
|
430
525
|
|
|
526
|
+
CERT *cert = ssl->cert;
|
|
431
527
|
X509 *x = cert->x509;
|
|
432
|
-
STACK_OF(X509) *chain = cert->chain;
|
|
433
528
|
|
|
434
|
-
|
|
435
|
-
|
|
529
|
+
CBB child;
|
|
530
|
+
if (!CBB_add_u24_length_prefixed(cbb, &child)) {
|
|
531
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
436
532
|
return 0;
|
|
437
533
|
}
|
|
438
534
|
|
|
535
|
+
int no_chain = 0;
|
|
536
|
+
STACK_OF(X509) *chain = cert->chain;
|
|
439
537
|
if ((ssl->mode & SSL_MODE_NO_AUTO_CHAIN) || chain != NULL) {
|
|
440
538
|
no_chain = 1;
|
|
441
539
|
}
|
|
442
540
|
|
|
443
541
|
if (no_chain) {
|
|
444
|
-
if (!
|
|
542
|
+
if (!ssl_add_cert_with_length(&child, x)) {
|
|
445
543
|
return 0;
|
|
446
544
|
}
|
|
447
545
|
|
|
448
|
-
for (i = 0; i < sk_X509_num(chain); i++) {
|
|
546
|
+
for (size_t i = 0; i < sk_X509_num(chain); i++) {
|
|
449
547
|
x = sk_X509_value(chain, i);
|
|
450
|
-
if (!
|
|
548
|
+
if (!ssl_add_cert_with_length(&child, x)) {
|
|
451
549
|
return 0;
|
|
452
550
|
}
|
|
453
551
|
}
|
|
@@ -461,10 +559,10 @@ int ssl_add_cert_chain(SSL *ssl, unsigned long *l) {
|
|
|
461
559
|
X509_verify_cert(&xs_ctx);
|
|
462
560
|
/* Don't leave errors in the queue */
|
|
463
561
|
ERR_clear_error();
|
|
464
|
-
for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
|
|
465
|
-
x = sk_X509_value(xs_ctx.chain, i);
|
|
466
562
|
|
|
467
|
-
|
|
563
|
+
for (size_t i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
|
|
564
|
+
x = sk_X509_value(xs_ctx.chain, i);
|
|
565
|
+
if (!ssl_add_cert_with_length(&child, x)) {
|
|
468
566
|
X509_STORE_CTX_cleanup(&xs_ctx);
|
|
469
567
|
return 0;
|
|
470
568
|
}
|
|
@@ -472,9 +570,146 @@ int ssl_add_cert_chain(SSL *ssl, unsigned long *l) {
|
|
|
472
570
|
X509_STORE_CTX_cleanup(&xs_ctx);
|
|
473
571
|
}
|
|
474
572
|
|
|
573
|
+
return CBB_flush(cbb);
|
|
574
|
+
}
|
|
575
|
+
|
|
576
|
+
static int ca_dn_cmp(const X509_NAME **a, const X509_NAME **b) {
|
|
577
|
+
return X509_NAME_cmp(*a, *b);
|
|
578
|
+
}
|
|
579
|
+
|
|
580
|
+
STACK_OF(X509_NAME) *
|
|
581
|
+
ssl_parse_client_CA_list(SSL *ssl, uint8_t *out_alert, CBS *cbs) {
|
|
582
|
+
STACK_OF(X509_NAME) *ret = sk_X509_NAME_new(ca_dn_cmp);
|
|
583
|
+
X509_NAME *name = NULL;
|
|
584
|
+
if (ret == NULL) {
|
|
585
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
586
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
587
|
+
return NULL;
|
|
588
|
+
}
|
|
589
|
+
|
|
590
|
+
CBS child;
|
|
591
|
+
if (!CBS_get_u16_length_prefixed(cbs, &child)) {
|
|
592
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
593
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_LENGTH_MISMATCH);
|
|
594
|
+
goto err;
|
|
595
|
+
}
|
|
596
|
+
|
|
597
|
+
while (CBS_len(&child) > 0) {
|
|
598
|
+
CBS distinguished_name;
|
|
599
|
+
if (!CBS_get_u16_length_prefixed(&child, &distinguished_name)) {
|
|
600
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
601
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_CA_DN_TOO_LONG);
|
|
602
|
+
goto err;
|
|
603
|
+
}
|
|
604
|
+
|
|
605
|
+
const uint8_t *ptr = CBS_data(&distinguished_name);
|
|
606
|
+
/* A u16 length cannot overflow a long. */
|
|
607
|
+
name = d2i_X509_NAME(NULL, &ptr, (long)CBS_len(&distinguished_name));
|
|
608
|
+
if (name == NULL ||
|
|
609
|
+
ptr != CBS_data(&distinguished_name) + CBS_len(&distinguished_name)) {
|
|
610
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
611
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
612
|
+
goto err;
|
|
613
|
+
}
|
|
614
|
+
|
|
615
|
+
if (!sk_X509_NAME_push(ret, name)) {
|
|
616
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
617
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
618
|
+
goto err;
|
|
619
|
+
}
|
|
620
|
+
name = NULL;
|
|
621
|
+
}
|
|
622
|
+
|
|
623
|
+
return ret;
|
|
624
|
+
|
|
625
|
+
err:
|
|
626
|
+
X509_NAME_free(name);
|
|
627
|
+
sk_X509_NAME_pop_free(ret, X509_NAME_free);
|
|
628
|
+
return NULL;
|
|
629
|
+
}
|
|
630
|
+
|
|
631
|
+
int ssl_add_client_CA_list(SSL *ssl, CBB *cbb) {
|
|
632
|
+
CBB child, name_cbb;
|
|
633
|
+
if (!CBB_add_u16_length_prefixed(cbb, &child)) {
|
|
634
|
+
return 0;
|
|
635
|
+
}
|
|
636
|
+
|
|
637
|
+
STACK_OF(X509_NAME) *sk = SSL_get_client_CA_list(ssl);
|
|
638
|
+
if (sk == NULL) {
|
|
639
|
+
return CBB_flush(cbb);
|
|
640
|
+
}
|
|
641
|
+
|
|
642
|
+
for (size_t i = 0; i < sk_X509_NAME_num(sk); i++) {
|
|
643
|
+
X509_NAME *name = sk_X509_NAME_value(sk, i);
|
|
644
|
+
int len = i2d_X509_NAME(name, NULL);
|
|
645
|
+
if (len < 0) {
|
|
646
|
+
return 0;
|
|
647
|
+
}
|
|
648
|
+
uint8_t *ptr;
|
|
649
|
+
if (!CBB_add_u16_length_prefixed(&child, &name_cbb) ||
|
|
650
|
+
!CBB_add_space(&name_cbb, &ptr, (size_t)len) ||
|
|
651
|
+
(len > 0 && i2d_X509_NAME(name, &ptr) < 0)) {
|
|
652
|
+
return 0;
|
|
653
|
+
}
|
|
654
|
+
}
|
|
655
|
+
|
|
656
|
+
return CBB_flush(cbb);
|
|
657
|
+
}
|
|
658
|
+
|
|
659
|
+
int ssl_do_client_cert_cb(SSL *ssl, int *out_should_retry) {
|
|
660
|
+
if (ssl_has_certificate(ssl) || ssl->ctx->client_cert_cb == NULL) {
|
|
661
|
+
return 1;
|
|
662
|
+
}
|
|
663
|
+
|
|
664
|
+
X509 *x509 = NULL;
|
|
665
|
+
EVP_PKEY *pkey = NULL;
|
|
666
|
+
int ret = ssl->ctx->client_cert_cb(ssl, &x509, &pkey);
|
|
667
|
+
if (ret < 0) {
|
|
668
|
+
*out_should_retry = 1;
|
|
669
|
+
return 0;
|
|
670
|
+
}
|
|
671
|
+
|
|
672
|
+
if (ret != 0) {
|
|
673
|
+
if (!SSL_use_certificate(ssl, x509) ||
|
|
674
|
+
!SSL_use_PrivateKey(ssl, pkey)) {
|
|
675
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
|
676
|
+
*out_should_retry = 0;
|
|
677
|
+
return 0;
|
|
678
|
+
}
|
|
679
|
+
}
|
|
680
|
+
|
|
681
|
+
X509_free(x509);
|
|
682
|
+
EVP_PKEY_free(pkey);
|
|
683
|
+
return 1;
|
|
684
|
+
}
|
|
685
|
+
|
|
686
|
+
static int set_cert_store(X509_STORE **store_ptr, X509_STORE *new_store, int take_ref) {
|
|
687
|
+
X509_STORE_free(*store_ptr);
|
|
688
|
+
*store_ptr = new_store;
|
|
689
|
+
|
|
690
|
+
if (new_store != NULL && take_ref) {
|
|
691
|
+
X509_STORE_up_ref(new_store);
|
|
692
|
+
}
|
|
693
|
+
|
|
475
694
|
return 1;
|
|
476
695
|
}
|
|
477
696
|
|
|
697
|
+
int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
|
|
698
|
+
return set_cert_store(&ctx->cert->verify_store, store, 0);
|
|
699
|
+
}
|
|
700
|
+
|
|
701
|
+
int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *store) {
|
|
702
|
+
return set_cert_store(&ctx->cert->verify_store, store, 1);
|
|
703
|
+
}
|
|
704
|
+
|
|
705
|
+
int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store) {
|
|
706
|
+
return set_cert_store(&ssl->cert->verify_store, store, 0);
|
|
707
|
+
}
|
|
708
|
+
|
|
709
|
+
int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store) {
|
|
710
|
+
return set_cert_store(&ssl->cert->verify_store, store, 1);
|
|
711
|
+
}
|
|
712
|
+
|
|
478
713
|
int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain) {
|
|
479
714
|
return ssl_cert_set0_chain(ctx->cert, chain);
|
|
480
715
|
}
|
|
@@ -537,3 +772,43 @@ int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain) {
|
|
|
537
772
|
*out_chain = ssl->cert->chain;
|
|
538
773
|
return 1;
|
|
539
774
|
}
|
|
775
|
+
|
|
776
|
+
int ssl_check_leaf_certificate(SSL *ssl, X509 *leaf) {
|
|
777
|
+
int ret = 0;
|
|
778
|
+
EVP_PKEY *pkey = X509_get_pubkey(leaf);
|
|
779
|
+
if (pkey == NULL) {
|
|
780
|
+
goto err;
|
|
781
|
+
}
|
|
782
|
+
|
|
783
|
+
/* Check the certificate's type matches the cipher. */
|
|
784
|
+
const SSL_CIPHER *cipher = ssl->s3->tmp.new_cipher;
|
|
785
|
+
int expected_type = ssl_cipher_get_key_type(cipher);
|
|
786
|
+
assert(expected_type != EVP_PKEY_NONE);
|
|
787
|
+
if (pkey->type != expected_type) {
|
|
788
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);
|
|
789
|
+
goto err;
|
|
790
|
+
}
|
|
791
|
+
|
|
792
|
+
if (cipher->algorithm_auth & SSL_aECDSA) {
|
|
793
|
+
/* TODO(davidben): This behavior is preserved from upstream. Should key
|
|
794
|
+
* usages be checked in other cases as well? */
|
|
795
|
+
/* This call populates the ex_flags field correctly */
|
|
796
|
+
X509_check_purpose(leaf, -1, 0);
|
|
797
|
+
if ((leaf->ex_flags & EXFLAG_KUSAGE) &&
|
|
798
|
+
!(leaf->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE)) {
|
|
799
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
|
|
800
|
+
goto err;
|
|
801
|
+
}
|
|
802
|
+
|
|
803
|
+
if (!tls1_check_ec_cert(ssl, leaf)) {
|
|
804
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
|
|
805
|
+
goto err;
|
|
806
|
+
}
|
|
807
|
+
}
|
|
808
|
+
|
|
809
|
+
ret = 1;
|
|
810
|
+
|
|
811
|
+
err:
|
|
812
|
+
EVP_PKEY_free(pkey);
|
|
813
|
+
return ret;
|
|
814
|
+
}
|