grpc 1.10.0 → 1.11.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +2098 -501
- data/include/grpc/byte_buffer.h +2 -0
- data/include/grpc/byte_buffer_reader.h +2 -0
- data/include/grpc/census.h +2 -0
- data/include/grpc/fork.h +2 -0
- data/include/grpc/grpc.h +10 -0
- data/include/grpc/grpc_cronet.h +2 -0
- data/include/grpc/grpc_posix.h +2 -1
- data/include/grpc/grpc_security.h +21 -0
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/byte_buffer.h +2 -0
- data/include/grpc/impl/codegen/grpc_types.h +24 -0
- data/include/grpc/impl/codegen/slice.h +1 -1
- data/include/grpc/impl/codegen/sync.h +1 -0
- data/include/grpc/impl/codegen/sync_custom.h +2 -0
- data/include/grpc/impl/codegen/sync_generic.h +2 -0
- data/include/grpc/impl/codegen/sync_posix.h +2 -0
- data/include/grpc/impl/codegen/sync_windows.h +2 -0
- data/include/grpc/slice.h +2 -0
- data/include/grpc/slice_buffer.h +2 -0
- data/include/grpc/status.h +2 -0
- data/include/grpc/support/alloc.h +2 -2
- data/include/grpc/support/atm.h +2 -0
- data/include/grpc/support/atm_gcc_atomic.h +2 -0
- data/include/grpc/support/atm_gcc_sync.h +2 -0
- data/include/grpc/support/atm_windows.h +2 -0
- data/include/grpc/support/log.h +1 -1
- data/include/grpc/support/sync.h +2 -0
- data/include/grpc/support/sync_custom.h +2 -0
- data/include/grpc/support/sync_generic.h +2 -0
- data/include/grpc/support/sync_posix.h +2 -0
- data/include/grpc/support/sync_windows.h +2 -0
- data/include/grpc/support/time.h +2 -0
- data/src/boringssl/err_data.c +444 -438
- data/src/core/ext/census/grpc_context.cc +2 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +13 -8
- data/src/core/ext/filters/client_channel/backup_poller.h +3 -2
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +2 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +1988 -433
- data/src/core/ext/filters/client_channel/client_channel.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -0
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +2 -27
- data/src/core/ext/filters/client_channel/connector.cc +2 -0
- data/src/core/ext/filters/client_channel/connector.h +2 -0
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -0
- data/src/core/ext/filters/client_channel/http_proxy.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +96 -78
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +70 -62
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +4 -2
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +2 -1
- data/src/core/ext/filters/client_channel/method_params.cc +178 -0
- data/src/core/ext/filters/client_channel/method_params.h +74 -0
- data/src/core/ext/filters/client_channel/parse_address.cc +17 -13
- data/src/core/ext/filters/client_channel/parse_address.h +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper.cc +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper.h +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +2 -0
- data/src/core/ext/filters/client_channel/resolver.cc +2 -0
- data/src/core/ext/filters/client_channel/resolver.h +6 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +2 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +55 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +8 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +1 -0
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +30 -3
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -1
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -0
- data/src/core/ext/filters/client_channel/resolver_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -0
- data/src/core/ext/filters/client_channel/retry_throttle.cc +102 -120
- data/src/core/ext/filters/client_channel/retry_throttle.h +52 -25
- data/src/core/ext/filters/client_channel/subchannel.cc +14 -4
- data/src/core/ext/filters/client_channel/subchannel.h +10 -1
- data/src/core/ext/filters/client_channel/subchannel_index.cc +2 -0
- data/src/core/ext/filters/client_channel/subchannel_index.h +2 -0
- data/src/core/ext/filters/client_channel/uri_parser.cc +2 -1
- data/src/core/ext/filters/client_channel/uri_parser.h +2 -1
- data/src/core/ext/filters/deadline/deadline_filter.cc +2 -1
- data/src/core/ext/filters/deadline/deadline_filter.h +2 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +27 -25
- data/src/core/ext/filters/http/client/http_client_filter.h +2 -0
- data/src/core/ext/filters/http/client_authority_filter.cc +156 -0
- data/src/core/ext/filters/http/client_authority_filter.h +34 -0
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -0
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +21 -22
- data/src/core/ext/filters/http/message_compress/message_compress_filter.h +2 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +11 -8
- data/src/core/ext/filters/http/server/http_server_filter.h +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +2 -0
- data/src/core/ext/filters/max_age/max_age_filter.cc +2 -0
- data/src/core/ext/filters/max_age/max_age_filter.h +2 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +52 -49
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -0
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +5 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +2 -0
- data/src/core/ext/filters/workarounds/workaround_utils.cc +2 -0
- data/src/core/ext/filters/workarounds/workaround_utils.h +2 -0
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +3 -1
- data/src/core/ext/transport/chttp2/alpn/alpn.h +2 -0
- data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
- data/src/core/ext/transport/chttp2/client/authority.h +36 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -0
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +10 -3
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +37 -25
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +2 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +3 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +2 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +152 -182
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +2 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +15 -19
- data/src/core/ext/transport/chttp2/transport/frame_data.h +7 -5
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -2
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -1
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +2 -0
- data/src/core/ext/transport/chttp2/transport/huffsyms.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -0
- data/src/core/ext/transport/chttp2/transport/internal.h +60 -24
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -4
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/stream_map.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -6
- data/src/core/ext/transport/inproc/inproc_plugin.cc +2 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -23
- data/src/core/ext/transport/inproc/inproc_transport.h +2 -0
- data/src/core/lib/avl/avl.cc +2 -0
- data/src/core/lib/avl/avl.h +2 -0
- data/src/core/lib/backoff/backoff.cc +2 -0
- data/src/core/lib/backoff/backoff.h +2 -0
- data/src/core/lib/channel/channel_args.h +2 -0
- data/src/core/lib/channel/channel_stack.cc +3 -1
- data/src/core/lib/channel/channel_stack.h +2 -0
- data/src/core/lib/channel/channel_stack_builder.cc +2 -0
- data/src/core/lib/channel/channel_stack_builder.h +2 -0
- data/src/core/lib/channel/channel_trace.cc +239 -0
- data/src/core/lib/channel/channel_trace.h +133 -0
- data/src/core/lib/channel/channel_trace_registry.cc +80 -0
- data/src/core/lib/channel/channel_trace_registry.h +43 -0
- data/src/core/lib/channel/connected_channel.cc +2 -0
- data/src/core/lib/channel/connected_channel.h +2 -0
- data/src/core/lib/channel/handshaker.cc +2 -0
- data/src/core/lib/channel/handshaker.h +2 -0
- data/src/core/lib/channel/handshaker_factory.cc +2 -0
- data/src/core/lib/channel/handshaker_factory.h +2 -1
- data/src/core/lib/channel/handshaker_registry.cc +2 -0
- data/src/core/lib/channel/handshaker_registry.h +2 -1
- data/src/core/lib/channel/status_util.cc +100 -0
- data/src/core/lib/channel/status_util.h +58 -0
- data/src/core/lib/compression/algorithm_metadata.h +2 -0
- data/src/core/lib/compression/compression.cc +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -0
- data/src/core/lib/compression/compression_internal.h +2 -0
- data/src/core/lib/compression/message_compress.cc +2 -0
- data/src/core/lib/compression/message_compress.h +2 -0
- data/src/core/lib/compression/stream_compression.cc +2 -0
- data/src/core/lib/compression/stream_compression.h +2 -0
- data/src/core/lib/compression/stream_compression_gzip.cc +2 -0
- data/src/core/lib/compression/stream_compression_gzip.h +2 -0
- data/src/core/lib/compression/stream_compression_identity.cc +2 -1
- data/src/core/lib/compression/stream_compression_identity.h +2 -0
- data/src/core/lib/debug/stats.cc +2 -0
- data/src/core/lib/debug/stats.h +2 -0
- data/src/core/lib/debug/stats_data.cc +3 -1
- data/src/core/lib/debug/stats_data.h +2 -0
- data/src/core/lib/debug/trace.cc +2 -0
- data/src/core/lib/debug/trace.h +2 -1
- data/src/core/lib/gpr/alloc.cc +2 -1
- data/src/core/lib/gpr/arena.cc +47 -0
- data/src/core/lib/gpr/arena.h +2 -0
- data/src/core/lib/gpr/atm.cc +2 -0
- data/src/core/lib/gpr/cpu_linux.cc +5 -1
- data/src/core/lib/gpr/cpu_posix.cc +1 -1
- data/src/core/lib/gpr/env.h +2 -0
- data/src/core/lib/gpr/fork.cc +2 -0
- data/src/core/lib/gpr/host_port.cc +2 -0
- data/src/core/lib/gpr/log.cc +2 -1
- data/src/core/lib/gpr/log_linux.cc +1 -0
- data/src/core/lib/gpr/mpscq.cc +2 -0
- data/src/core/lib/gpr/mpscq.h +2 -0
- data/src/core/lib/gpr/murmur_hash.cc +2 -0
- data/src/core/lib/gpr/spinlock.h +2 -0
- data/src/core/lib/gpr/string.cc +2 -1
- data/src/core/lib/gpr/string.h +2 -2
- data/src/core/lib/gpr/sync.cc +2 -0
- data/src/core/lib/gpr/time.cc +2 -0
- data/src/core/lib/gpr/time_posix.cc +1 -0
- data/src/core/lib/gpr/time_precise.cc +2 -0
- data/src/core/lib/gpr/time_precise.h +2 -0
- data/src/core/lib/gpr/tls_gcc.h +2 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_pthread.h +2 -0
- data/src/core/lib/gpr/tmpfile.h +2 -0
- data/src/core/lib/gprpp/atomic_with_atm.h +2 -0
- data/src/core/lib/gprpp/atomic_with_std.h +2 -0
- data/src/core/lib/gprpp/inlined_vector.h +2 -0
- data/src/core/lib/gprpp/manual_constructor.h +3 -1
- data/src/core/lib/gprpp/memory.h +5 -3
- data/src/core/lib/gprpp/orphanable.h +3 -0
- data/src/core/lib/gprpp/ref_counted.h +4 -0
- data/src/core/lib/gprpp/ref_counted_ptr.h +3 -0
- data/src/core/lib/gprpp/thd.h +135 -0
- data/src/core/lib/gprpp/thd_posix.cc +209 -0
- data/src/core/lib/gprpp/thd_windows.cc +162 -0
- data/src/core/lib/http/format_request.cc +2 -0
- data/src/core/lib/http/format_request.h +2 -0
- data/src/core/lib/http/httpcli.cc +2 -0
- data/src/core/lib/http/httpcli.h +2 -0
- data/src/core/lib/http/httpcli_security_connector.cc +16 -7
- data/src/core/lib/http/parser.cc +2 -0
- data/src/core/lib/http/parser.h +2 -1
- data/src/core/lib/iomgr/call_combiner.cc +2 -0
- data/src/core/lib/iomgr/call_combiner.h +2 -1
- data/src/core/lib/iomgr/combiner.cc +2 -0
- data/src/core/lib/iomgr/combiner.h +2 -0
- data/src/core/lib/iomgr/endpoint.cc +4 -0
- data/src/core/lib/iomgr/endpoint.h +2 -0
- data/src/core/lib/iomgr/endpoint_pair.h +2 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -0
- data/src/core/lib/iomgr/endpoint_pair_uv.cc +2 -0
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +7 -4
- data/src/core/lib/iomgr/error.h +2 -0
- data/src/core/lib/iomgr/error_internal.h +2 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.h +2 -0
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -18
- data/src/core/lib/iomgr/ev_epollex_linux.h +2 -0
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +2 -0
- data/src/core/lib/iomgr/ev_epollsig_linux.h +2 -0
- data/src/core/lib/iomgr/ev_poll_posix.cc +61 -31
- data/src/core/lib/iomgr/ev_poll_posix.h +2 -0
- data/src/core/lib/iomgr/ev_posix.cc +35 -19
- data/src/core/lib/iomgr/ev_posix.h +2 -0
- data/src/core/lib/iomgr/ev_windows.cc +2 -0
- data/src/core/lib/iomgr/exec_ctx.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +21 -9
- data/src/core/lib/iomgr/executor.cc +13 -11
- data/src/core/lib/iomgr/executor.h +2 -0
- data/src/core/lib/iomgr/fork_posix.cc +4 -2
- data/src/core/lib/iomgr/fork_windows.cc +2 -0
- data/src/core/lib/iomgr/gethostname_fallback.cc +2 -0
- data/src/core/lib/iomgr/gethostname_host_name_max.cc +2 -0
- data/src/core/lib/iomgr/gethostname_sysconf.cc +2 -0
- data/src/core/lib/iomgr/iocp_windows.cc +3 -1
- data/src/core/lib/iomgr/iocp_windows.h +3 -0
- data/src/core/lib/iomgr/iomgr.cc +2 -1
- data/src/core/lib/iomgr/iomgr.h +2 -0
- data/src/core/lib/iomgr/iomgr_custom.cc +63 -0
- data/src/core/lib/iomgr/iomgr_custom.h +47 -0
- data/src/core/lib/iomgr/iomgr_internal.cc +43 -0
- data/src/core/lib/iomgr/iomgr_internal.h +14 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +30 -3
- data/src/core/lib/iomgr/iomgr_posix.h +2 -0
- data/src/core/lib/iomgr/iomgr_uv.cc +17 -20
- data/src/core/lib/iomgr/iomgr_windows.cc +29 -3
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +2 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.h +2 -0
- data/src/core/lib/iomgr/load_file.cc +2 -0
- data/src/core/lib/iomgr/load_file.h +2 -0
- data/src/core/lib/iomgr/lockfree_event.cc +2 -0
- data/src/core/lib/iomgr/lockfree_event.h +14 -1
- data/src/core/lib/iomgr/nameser.h +2 -0
- data/src/core/lib/iomgr/network_status_tracker.cc +3 -1
- data/src/core/lib/iomgr/network_status_tracker.h +2 -0
- data/src/core/lib/iomgr/polling_entity.cc +2 -0
- data/src/core/lib/iomgr/polling_entity.h +2 -0
- data/src/core/lib/iomgr/pollset.cc +56 -0
- data/src/core/lib/iomgr/pollset.h +19 -0
- data/src/core/lib/iomgr/pollset_custom.cc +106 -0
- data/src/core/lib/iomgr/{timer_generic.h → pollset_custom.h} +15 -17
- data/src/core/lib/iomgr/pollset_set.cc +55 -0
- data/src/core/lib/iomgr/pollset_set.h +13 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
- data/src/core/lib/iomgr/{pollset_uv.h → pollset_set_custom.h} +6 -7
- data/src/core/lib/iomgr/pollset_set_windows.cc +17 -10
- data/src/core/lib/iomgr/pollset_set_windows.h +2 -0
- data/src/core/lib/iomgr/pollset_uv.cc +42 -105
- data/src/core/lib/iomgr/pollset_windows.cc +20 -12
- data/src/core/lib/iomgr/pollset_windows.h +2 -0
- data/src/core/lib/iomgr/port.h +10 -19
- data/src/core/lib/iomgr/resolve_address.cc +50 -0
- data/src/core/lib/iomgr/resolve_address.h +39 -10
- data/src/core/lib/iomgr/resolve_address_custom.cc +187 -0
- data/src/core/lib/iomgr/resolve_address_custom.h +43 -0
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -22
- data/src/core/lib/iomgr/resolve_address_windows.cc +10 -22
- data/src/core/lib/iomgr/resource_quota.cc +2 -0
- data/src/core/lib/iomgr/resource_quota.h +3 -5
- data/src/core/lib/iomgr/sockaddr.h +3 -11
- data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
- data/src/core/lib/iomgr/sockaddr_posix.h +26 -0
- data/src/core/lib/iomgr/sockaddr_utils.cc +91 -71
- data/src/core/lib/iomgr/sockaddr_utils.h +4 -0
- data/src/core/lib/iomgr/sockaddr_windows.h +21 -0
- data/src/core/lib/iomgr/socket_factory_posix.cc +2 -0
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -0
- data/src/core/lib/iomgr/socket_mutator.cc +2 -0
- data/src/core/lib/iomgr/socket_mutator.h +2 -0
- data/src/core/lib/iomgr/socket_utils.h +11 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +15 -6
- data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -0
- data/src/core/lib/iomgr/socket_utils_uv.cc +13 -2
- data/src/core/lib/iomgr/socket_utils_windows.cc +10 -0
- data/src/core/lib/iomgr/socket_windows.cc +2 -0
- data/src/core/lib/iomgr/socket_windows.h +2 -1
- data/src/core/lib/iomgr/sys_epoll_wrapper.h +2 -0
- data/src/core/lib/iomgr/tcp_client.cc +36 -0
- data/src/core/lib/iomgr/tcp_client.h +13 -0
- data/src/core/lib/iomgr/tcp_client_custom.cc +151 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +11 -24
- data/src/core/lib/iomgr/tcp_client_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -23
- data/src/core/lib/iomgr/tcp_custom.cc +365 -0
- data/src/core/lib/iomgr/tcp_custom.h +81 -0
- data/src/core/lib/iomgr/tcp_posix.cc +3 -1
- data/src/core/lib/iomgr/tcp_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_server.cc +73 -0
- data/src/core/lib/iomgr/tcp_server.h +24 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +472 -0
- data/src/core/lib/iomgr/tcp_server_posix.cc +41 -23
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -6
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +2 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +43 -21
- data/src/core/lib/iomgr/tcp_uv.cc +308 -314
- data/src/core/lib/iomgr/tcp_windows.cc +3 -1
- data/src/core/lib/iomgr/tcp_windows.h +2 -0
- data/src/core/lib/iomgr/time_averaged_stats.cc +2 -0
- data/src/core/lib/iomgr/timer.cc +45 -0
- data/src/core/lib/iomgr/timer.h +36 -15
- data/src/core/lib/iomgr/timer_custom.cc +93 -0
- data/src/core/lib/iomgr/timer_custom.h +43 -0
- data/src/core/lib/iomgr/timer_generic.cc +12 -10
- data/src/core/lib/iomgr/timer_heap.cc +2 -4
- data/src/core/lib/iomgr/timer_heap.h +2 -0
- data/src/core/lib/iomgr/timer_manager.cc +12 -20
- data/src/core/lib/iomgr/timer_manager.h +2 -0
- data/src/core/lib/iomgr/timer_uv.cc +15 -49
- data/src/core/lib/iomgr/udp_server.cc +271 -230
- data/src/core/lib/iomgr/udp_server.h +44 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +10 -7
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_cv.cc +3 -1
- data/src/core/lib/iomgr/wakeup_fd_cv.h +2 -0
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.h +2 -0
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_posix.h +2 -0
- data/src/core/lib/json/json.cc +38 -0
- data/src/core/lib/json/json.h +22 -1
- data/src/core/lib/json/json_reader.cc +2 -2
- data/src/core/lib/json/json_reader.h +1 -0
- data/src/core/lib/json/json_string.cc +2 -0
- data/src/core/lib/json/json_writer.cc +2 -2
- data/src/core/lib/json/json_writer.h +2 -0
- data/src/core/lib/profiling/basic_timers.cc +11 -9
- data/src/core/lib/profiling/timers.h +6 -3
- data/src/core/lib/security/context/security_context.cc +2 -0
- data/src/core/lib/security/context/security_context.h +2 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +119 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.h +102 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +67 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +114 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +126 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +112 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +58 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +2 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.cc +2 -0
- data/src/core/lib/security/credentials/credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials_metadata.cc +2 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -3
- data/src/core/lib/security/credentials/fake/fake_credentials.h +5 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +2 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +2 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +2 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +11 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -0
- data/src/core/lib/security/security_connector/alts_security_connector.cc +287 -0
- data/src/core/lib/security/security_connector/alts_security_connector.h +69 -0
- data/src/core/lib/security/security_connector/security_connector.cc +174 -74
- data/src/core/lib/security/security_connector/security_connector.h +41 -7
- data/src/core/lib/security/transport/auth_filters.h +2 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +14 -28
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -0
- data/src/core/lib/security/transport/secure_endpoint.h +2 -0
- data/src/core/lib/security/transport/security_handshaker.cc +2 -0
- data/src/core/lib/security/transport/security_handshaker.h +2 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -0
- data/src/core/lib/security/transport/target_authority_table.cc +75 -0
- data/src/core/lib/security/transport/{lb_targets_info.h → target_authority_table.h} +16 -8
- data/src/core/lib/security/transport/tsi_error.cc +2 -0
- data/src/core/lib/security/transport/tsi_error.h +2 -0
- data/src/core/lib/security/util/json_util.cc +2 -0
- data/src/core/lib/security/util/json_util.h +2 -0
- data/src/core/lib/slice/b64.cc +2 -0
- data/src/core/lib/slice/b64.h +2 -0
- data/src/core/lib/slice/percent_encoding.cc +2 -0
- data/src/core/lib/slice/percent_encoding.h +2 -0
- data/src/core/lib/slice/slice.cc +2 -0
- data/src/core/lib/slice/slice_buffer.cc +3 -1
- data/src/core/lib/slice/slice_hash_table.h +178 -45
- data/src/core/lib/slice/slice_intern.cc +2 -0
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/slice/slice_string_helpers.cc +2 -0
- data/src/core/lib/slice/slice_string_helpers.h +2 -1
- data/src/core/lib/slice/slice_weak_hash_table.h +105 -0
- data/src/core/lib/surface/api_trace.cc +3 -1
- data/src/core/lib/surface/api_trace.h +2 -0
- data/src/core/lib/surface/byte_buffer.cc +3 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +3 -0
- data/src/core/lib/surface/call.cc +46 -80
- data/src/core/lib/surface/call.h +2 -0
- data/src/core/lib/surface/call_details.cc +2 -0
- data/src/core/lib/surface/call_log_batch.cc +2 -0
- data/src/core/lib/surface/call_test_only.h +2 -0
- data/src/core/lib/surface/channel.cc +72 -41
- data/src/core/lib/surface/channel.h +2 -0
- data/src/core/lib/surface/channel_init.cc +2 -0
- data/src/core/lib/surface/channel_init.h +2 -0
- data/src/core/lib/surface/channel_ping.cc +2 -0
- data/src/core/lib/surface/channel_stack_type.cc +3 -2
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.h +2 -0
- data/src/core/lib/surface/completion_queue_factory.cc +3 -1
- data/src/core/lib/surface/completion_queue_factory.h +2 -0
- data/src/core/lib/surface/event_string.cc +2 -0
- data/src/core/lib/surface/event_string.h +2 -0
- data/src/core/lib/surface/init.cc +5 -2
- data/src/core/lib/surface/init_secure.cc +5 -2
- data/src/core/lib/surface/lame_client.cc +7 -5
- data/src/core/lib/surface/lame_client.h +2 -0
- data/src/core/lib/surface/metadata_array.cc +2 -0
- data/src/core/lib/surface/server.cc +2 -0
- data/src/core/lib/surface/server.h +2 -0
- data/src/core/lib/surface/validate_metadata.cc +2 -1
- data/src/core/lib/surface/validate_metadata.h +2 -0
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/bdp_estimator.cc +2 -0
- data/src/core/lib/transport/byte_stream.cc +94 -116
- data/src/core/lib/transport/byte_stream.h +111 -78
- data/src/core/lib/transport/connectivity_state.cc +2 -0
- data/src/core/lib/transport/connectivity_state.h +3 -1
- data/src/core/lib/transport/error_utils.cc +2 -0
- data/src/core/lib/transport/error_utils.h +2 -0
- data/src/core/lib/transport/metadata.cc +2 -0
- data/src/core/lib/transport/metadata.h +3 -1
- data/src/core/lib/transport/metadata_batch.cc +26 -0
- data/src/core/lib/transport/metadata_batch.h +12 -1
- data/src/core/lib/transport/pid_controller.cc +2 -0
- data/src/core/lib/transport/pid_controller.h +2 -0
- data/src/core/lib/transport/service_config.cc +21 -175
- data/src/core/lib/transport/service_config.h +223 -35
- data/src/core/lib/transport/static_metadata.cc +310 -294
- data/src/core/lib/transport/static_metadata.h +96 -82
- data/src/core/lib/transport/status_conversion.cc +2 -0
- data/src/core/lib/transport/status_conversion.h +3 -0
- data/src/core/lib/transport/status_metadata.cc +54 -0
- data/src/core/lib/{iomgr/timer_uv.h → transport/status_metadata.h} +10 -12
- data/src/core/lib/transport/timeout_encoding.cc +2 -1
- data/src/core/lib/transport/timeout_encoding.h +2 -0
- data/src/core/lib/transport/transport.cc +3 -1
- data/src/core/lib/transport/transport.h +33 -7
- data/src/core/lib/transport/transport_impl.h +2 -0
- data/src/core/lib/transport/transport_op_string.cc +10 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +10 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
- data/src/core/tsi/alts/crypt/gsec.cc +189 -0
- data/src/core/tsi/alts/crypt/gsec.h +454 -0
- data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
- data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
- data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
- data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
- data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
- data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +316 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +137 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +520 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +323 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +143 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +149 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +73 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_event.h +93 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +483 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +83 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +52 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +58 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +52 -0
- data/src/core/tsi/alts/handshaker/altscontext.pb.c +48 -0
- data/src/core/tsi/alts/handshaker/altscontext.pb.h +64 -0
- data/src/core/tsi/alts/handshaker/handshaker.pb.c +123 -0
- data/src/core/tsi/alts/handshaker/handshaker.pb.h +255 -0
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +50 -0
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +78 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +196 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +163 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +180 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +52 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +100 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +296 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +52 -0
- data/src/core/tsi/alts_transport_security.cc +3 -1
- data/src/core/tsi/alts_transport_security.h +4 -2
- data/src/core/tsi/fake_transport_security.cc +2 -1
- data/src/core/tsi/fake_transport_security.h +2 -0
- data/src/core/tsi/ssl/session_cache/ssl_session.h +73 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +58 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +211 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +93 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +76 -0
- data/src/core/tsi/ssl_transport_security.cc +266 -62
- data/src/core/tsi/ssl_transport_security.h +128 -6
- data/src/core/tsi/ssl_types.h +2 -0
- data/src/core/tsi/transport_security.cc +2 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_adapter.cc +2 -0
- data/src/core/tsi/transport_security_adapter.h +2 -0
- data/src/core/tsi/transport_security_grpc.cc +2 -0
- data/src/core/tsi/transport_security_grpc.h +2 -0
- data/src/core/tsi/transport_security_interface.h +2 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -2
- data/src/ruby/ext/grpc/rb_call.c +1 -13
- data/src/ruby/ext/grpc/rb_channel.c +6 -6
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +15 -0
- data/src/ruby/lib/grpc/core/time_consts.rb +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +19 -8
- data/src/ruby/lib/grpc/generic/client_stub.rb +6 -10
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/generic/client_stub_spec.rb +133 -0
- data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +54 -0
- data/src/ruby/spec/pb/package_with_underscore/data.proto +23 -0
- data/src/ruby/spec/pb/package_with_underscore/service.proto +23 -0
- data/third_party/address_sorting/address_sorting.c +369 -0
- data/third_party/address_sorting/address_sorting_internal.h +70 -0
- data/third_party/address_sorting/address_sorting_posix.c +97 -0
- data/third_party/address_sorting/address_sorting_windows.c +55 -0
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +110 -0
- data/third_party/boringssl/crypto/asn1/a_enum.c +20 -9
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +3 -0
- data/third_party/boringssl/crypto/asn1/a_int.c +19 -8
- data/third_party/boringssl/crypto/asn1/a_object.c +0 -128
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/asn1/tasn_fre.c +2 -4
- data/third_party/boringssl/crypto/asn1/tasn_new.c +3 -2
- data/third_party/boringssl/crypto/bn_extra/bn_asn1.c +0 -16
- data/third_party/boringssl/crypto/buf/buf.c +14 -0
- data/third_party/boringssl/crypto/bytestring/cbb.c +93 -0
- data/third_party/boringssl/crypto/conf/conf.c +2 -2
- data/third_party/boringssl/crypto/cpu-intel.c +17 -17
- data/third_party/boringssl/crypto/crypto.c +16 -4
- data/third_party/boringssl/crypto/curve25519/spake25519.c +11 -11
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +9 -21
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +2 -2
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -8
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +2 -23
- data/third_party/boringssl/crypto/ex_data.c +0 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +7 -11
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +19 -16
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +15 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +53 -46
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +242 -85
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +42 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +176 -34
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +118 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +94 -61
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +79 -63
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +26 -28
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +250 -149
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -27
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +54 -20
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +7 -41
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +6 -40
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +3 -64
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +27 -9
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +203 -205
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +14 -15
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +12 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +25 -36
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +10 -0
- data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -4
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +9 -19
- data/third_party/boringssl/crypto/lhash/lhash.c +19 -0
- data/third_party/boringssl/crypto/obj/obj.c +29 -69
- data/third_party/boringssl/crypto/pem/pem_lib.c +2 -2
- data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +4 -55
- data/third_party/boringssl/crypto/rsa_extra/rsa_asn1.c +3 -22
- data/third_party/boringssl/crypto/x509/by_dir.c +1 -3
- data/third_party/boringssl/crypto/x509/by_file.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_obj.c +1 -3
- data/third_party/boringssl/crypto/x509/x509_txt.c +0 -6
- data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -1
- data/third_party/boringssl/crypto/x509/x_algor.c +2 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +3 -4
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_info.c +1 -2
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +15 -7
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +41 -2
- data/third_party/boringssl/include/openssl/asn1.h +0 -1
- data/third_party/boringssl/include/openssl/base.h +1 -1
- data/third_party/boringssl/include/openssl/bio.h +5 -2
- data/third_party/boringssl/include/openssl/bn.h +2 -17
- data/third_party/boringssl/include/openssl/buf.h +4 -0
- data/third_party/boringssl/include/openssl/bytestring.h +11 -0
- data/third_party/boringssl/include/openssl/chacha.h +5 -1
- data/third_party/boringssl/include/openssl/cipher.h +10 -0
- data/third_party/boringssl/include/openssl/conf.h +4 -8
- data/third_party/boringssl/include/openssl/dsa.h +2 -18
- data/third_party/boringssl/include/openssl/ec.h +5 -5
- data/third_party/boringssl/include/openssl/ecdsa.h +10 -28
- data/third_party/boringssl/include/openssl/evp.h +0 -4
- data/third_party/boringssl/include/openssl/lhash.h +1 -18
- data/third_party/boringssl/include/openssl/obj.h +1 -0
- data/third_party/boringssl/include/openssl/rsa.h +3 -4
- data/third_party/boringssl/include/openssl/ssl.h +35 -54
- data/third_party/boringssl/include/openssl/ssl3.h +2 -0
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +1 -16
- data/third_party/boringssl/include/openssl/x509.h +3 -2
- data/third_party/boringssl/include/openssl/x509_vfy.h +0 -2
- data/third_party/boringssl/include/openssl/x509v3.h +1 -0
- data/third_party/boringssl/ssl/custom_extensions.cc +1 -1
- data/third_party/boringssl/ssl/d1_both.cc +120 -129
- data/third_party/boringssl/ssl/d1_lib.cc +23 -21
- data/third_party/boringssl/ssl/d1_pkt.cc +39 -143
- data/third_party/boringssl/ssl/dtls_method.cc +16 -23
- data/third_party/boringssl/ssl/dtls_record.cc +11 -4
- data/third_party/boringssl/ssl/handshake.cc +109 -40
- data/third_party/boringssl/ssl/handshake_client.cc +104 -96
- data/third_party/boringssl/ssl/handshake_server.cc +62 -72
- data/third_party/boringssl/ssl/internal.h +397 -318
- data/third_party/boringssl/ssl/s3_both.cc +173 -191
- data/third_party/boringssl/ssl/s3_lib.cc +26 -34
- data/third_party/boringssl/ssl/s3_pkt.cc +105 -247
- data/third_party/boringssl/ssl/ssl_asn1.cc +22 -22
- data/third_party/boringssl/ssl/ssl_buffer.cc +98 -108
- data/third_party/boringssl/ssl/ssl_cert.cc +12 -1
- data/third_party/boringssl/ssl/ssl_cipher.cc +23 -28
- data/third_party/boringssl/ssl/ssl_key_share.cc +11 -6
- data/third_party/boringssl/ssl/ssl_lib.cc +190 -113
- data/third_party/boringssl/ssl/ssl_privkey.cc +76 -106
- data/third_party/boringssl/ssl/ssl_session.cc +3 -3
- data/third_party/boringssl/ssl/ssl_stat.cc +3 -3
- data/third_party/boringssl/ssl/ssl_transcript.cc +38 -22
- data/third_party/boringssl/ssl/ssl_versions.cc +64 -31
- data/third_party/boringssl/ssl/t1_enc.cc +137 -154
- data/third_party/boringssl/ssl/t1_lib.cc +463 -478
- data/third_party/boringssl/ssl/tls13_both.cc +57 -58
- data/third_party/boringssl/ssl/tls13_client.cc +256 -121
- data/third_party/boringssl/ssl/tls13_enc.cc +187 -72
- data/third_party/boringssl/ssl/tls13_server.cc +187 -86
- data/third_party/boringssl/ssl/tls_method.cc +20 -30
- data/third_party/boringssl/ssl/tls_record.cc +77 -40
- data/third_party/boringssl/third_party/fiat/curve25519.c +5062 -0
- data/third_party/boringssl/{crypto/curve25519 → third_party/fiat}/internal.h +40 -27
- data/third_party/nanopb/pb.h +1 -1
- metadata +147 -45
- data/src/core/lib/gpr/thd.cc +0 -49
- data/src/core/lib/gpr/thd.h +0 -71
- data/src/core/lib/gpr/thd_posix.cc +0 -154
- data/src/core/lib/gpr/thd_windows.cc +0 -107
- data/src/core/lib/iomgr/iomgr_uv.h +0 -37
- data/src/core/lib/iomgr/pollset_set_uv.cc +0 -43
- data/src/core/lib/iomgr/resolve_address_uv.cc +0 -284
- data/src/core/lib/iomgr/tcp_client_uv.cc +0 -175
- data/src/core/lib/iomgr/tcp_server_uv.cc +0 -471
- data/src/core/lib/iomgr/tcp_uv.h +0 -51
- data/src/core/lib/security/transport/lb_targets_info.cc +0 -59
- data/src/core/lib/slice/slice_hash_table.cc +0 -145
- data/third_party/boringssl/crypto/curve25519/curve25519.c +0 -4938
@@ -127,6 +127,7 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
|
|
127
127
|
scts_requested(false),
|
128
128
|
needs_psk_binder(false),
|
129
129
|
received_hello_retry_request(false),
|
130
|
+
sent_hello_retry_request(false),
|
130
131
|
received_custom_extension(false),
|
131
132
|
handshake_finalized(false),
|
132
133
|
accept_psk_mode(false),
|
@@ -149,36 +150,34 @@ SSL_HANDSHAKE::~SSL_HANDSHAKE() {
|
|
149
150
|
ssl->ctx->x509_method->hs_flush_cached_ca_names(this);
|
150
151
|
}
|
151
152
|
|
152
|
-
SSL_HANDSHAKE
|
153
|
+
UniquePtr<SSL_HANDSHAKE> ssl_handshake_new(SSL *ssl) {
|
153
154
|
UniquePtr<SSL_HANDSHAKE> hs = MakeUnique<SSL_HANDSHAKE>(ssl);
|
154
155
|
if (!hs ||
|
155
156
|
!hs->transcript.Init()) {
|
156
157
|
return nullptr;
|
157
158
|
}
|
158
|
-
return hs
|
159
|
+
return hs;
|
159
160
|
}
|
160
161
|
|
161
|
-
|
162
|
-
|
163
|
-
int ssl_check_message_type(SSL *ssl, const SSLMessage &msg, int type) {
|
162
|
+
bool ssl_check_message_type(SSL *ssl, const SSLMessage &msg, int type) {
|
164
163
|
if (msg.type != type) {
|
165
|
-
|
164
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
166
165
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
|
167
166
|
ERR_add_error_dataf("got type %d, wanted type %d", msg.type, type);
|
168
|
-
return
|
167
|
+
return false;
|
169
168
|
}
|
170
169
|
|
171
|
-
return
|
170
|
+
return true;
|
172
171
|
}
|
173
172
|
|
174
|
-
|
173
|
+
bool ssl_add_message_cbb(SSL *ssl, CBB *cbb) {
|
175
174
|
Array<uint8_t> msg;
|
176
175
|
if (!ssl->method->finish_message(ssl, cbb, &msg) ||
|
177
176
|
!ssl->method->add_message(ssl, std::move(msg))) {
|
178
|
-
return
|
177
|
+
return false;
|
179
178
|
}
|
180
179
|
|
181
|
-
return
|
180
|
+
return true;
|
182
181
|
}
|
183
182
|
|
184
183
|
size_t ssl_max_handshake_message_len(const SSL *ssl) {
|
@@ -194,7 +193,7 @@ size_t ssl_max_handshake_message_len(const SSL *ssl) {
|
|
194
193
|
return kMaxMessageLen;
|
195
194
|
}
|
196
195
|
|
197
|
-
if (
|
196
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
198
197
|
// In TLS 1.2 and below, the largest acceptable post-handshake message is
|
199
198
|
// a HelloRequest.
|
200
199
|
return 0;
|
@@ -216,7 +215,7 @@ bool ssl_hash_message(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
|
216
215
|
return true;
|
217
216
|
}
|
218
217
|
|
219
|
-
return hs->transcript.Update(
|
218
|
+
return hs->transcript.Update(msg.raw);
|
220
219
|
}
|
221
220
|
|
222
221
|
int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert,
|
@@ -282,7 +281,7 @@ static void set_crypto_buffer(CRYPTO_BUFFER **dest, CRYPTO_BUFFER *src) {
|
|
282
281
|
|
283
282
|
enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs) {
|
284
283
|
SSL *const ssl = hs->ssl;
|
285
|
-
const SSL_SESSION *prev_session = ssl->s3->established_session;
|
284
|
+
const SSL_SESSION *prev_session = ssl->s3->established_session.get();
|
286
285
|
if (prev_session != NULL) {
|
287
286
|
// If renegotiating, the server must not change the server certificate. See
|
288
287
|
// https://mitls.org/pages/attacks/3SHAKE. We never resume on renegotiation,
|
@@ -292,7 +291,7 @@ enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs) {
|
|
292
291
|
if (sk_CRYPTO_BUFFER_num(prev_session->certs) !=
|
293
292
|
sk_CRYPTO_BUFFER_num(hs->new_session->certs)) {
|
294
293
|
OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_CERT_CHANGED);
|
295
|
-
|
294
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
296
295
|
return ssl_verify_invalid;
|
297
296
|
}
|
298
297
|
|
@@ -306,7 +305,7 @@ enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs) {
|
|
306
305
|
CRYPTO_BUFFER_data(new_cert),
|
307
306
|
CRYPTO_BUFFER_len(old_cert)) != 0) {
|
308
307
|
OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_CERT_CHANGED);
|
309
|
-
|
308
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
310
309
|
return ssl_verify_invalid;
|
311
310
|
}
|
312
311
|
}
|
@@ -346,7 +345,7 @@ enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs) {
|
|
346
345
|
|
347
346
|
if (ret == ssl_verify_invalid) {
|
348
347
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
|
349
|
-
|
348
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
350
349
|
}
|
351
350
|
|
352
351
|
return ret;
|
@@ -362,7 +361,7 @@ uint16_t ssl_get_grease_value(const SSL *ssl, enum ssl_grease_index_t index) {
|
|
362
361
|
: ssl->s3->client_random[index];
|
363
362
|
// The first four bytes of server_random are a timestamp prior to TLS 1.3, but
|
364
363
|
// servers have no fields to GREASE until TLS 1.3.
|
365
|
-
assert(!ssl->server ||
|
364
|
+
assert(!ssl->server || ssl_protocol_version(ssl) >= TLS1_3_VERSION);
|
366
365
|
// This generates a random value of the form 0xωaωa, for all 0 ≤ ω < 16.
|
367
366
|
ret = (ret & 0xf0) | 0x0a;
|
368
367
|
ret |= ret << 8;
|
@@ -394,7 +393,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
394
393
|
finished_ok = 1;
|
395
394
|
#endif
|
396
395
|
if (!finished_ok) {
|
397
|
-
|
396
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
398
397
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
|
399
398
|
return ssl_hs_error;
|
400
399
|
}
|
@@ -420,6 +419,66 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
420
419
|
return ssl_hs_ok;
|
421
420
|
}
|
422
421
|
|
422
|
+
bool ssl_send_finished(SSL_HANDSHAKE *hs) {
|
423
|
+
SSL *const ssl = hs->ssl;
|
424
|
+
const SSL_SESSION *session = SSL_get_session(ssl);
|
425
|
+
|
426
|
+
uint8_t finished[EVP_MAX_MD_SIZE];
|
427
|
+
size_t finished_len;
|
428
|
+
if (!hs->transcript.GetFinishedMAC(finished, &finished_len, session,
|
429
|
+
ssl->server)) {
|
430
|
+
return 0;
|
431
|
+
}
|
432
|
+
|
433
|
+
// Log the master secret, if logging is enabled.
|
434
|
+
if (!ssl_log_secret(ssl, "CLIENT_RANDOM",
|
435
|
+
session->master_key,
|
436
|
+
session->master_key_length)) {
|
437
|
+
return 0;
|
438
|
+
}
|
439
|
+
|
440
|
+
// Copy the Finished so we can use it for renegotiation checks.
|
441
|
+
if (ssl->version != SSL3_VERSION) {
|
442
|
+
if (finished_len > sizeof(ssl->s3->previous_client_finished) ||
|
443
|
+
finished_len > sizeof(ssl->s3->previous_server_finished)) {
|
444
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
445
|
+
return 0;
|
446
|
+
}
|
447
|
+
|
448
|
+
if (ssl->server) {
|
449
|
+
OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
|
450
|
+
ssl->s3->previous_server_finished_len = finished_len;
|
451
|
+
} else {
|
452
|
+
OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
|
453
|
+
ssl->s3->previous_client_finished_len = finished_len;
|
454
|
+
}
|
455
|
+
}
|
456
|
+
|
457
|
+
ScopedCBB cbb;
|
458
|
+
CBB body;
|
459
|
+
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_FINISHED) ||
|
460
|
+
!CBB_add_bytes(&body, finished, finished_len) ||
|
461
|
+
!ssl_add_message_cbb(ssl, cbb.get())) {
|
462
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
463
|
+
return 0;
|
464
|
+
}
|
465
|
+
|
466
|
+
return 1;
|
467
|
+
}
|
468
|
+
|
469
|
+
bool ssl_output_cert_chain(SSL *ssl) {
|
470
|
+
ScopedCBB cbb;
|
471
|
+
CBB body;
|
472
|
+
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CERTIFICATE) ||
|
473
|
+
!ssl_add_cert_chain(ssl, &body) ||
|
474
|
+
!ssl_add_message_cbb(ssl, cbb.get())) {
|
475
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
476
|
+
return false;
|
477
|
+
}
|
478
|
+
|
479
|
+
return true;
|
480
|
+
}
|
481
|
+
|
423
482
|
int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
424
483
|
SSL *const ssl = hs->ssl;
|
425
484
|
for (;;) {
|
@@ -438,12 +497,22 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
438
497
|
}
|
439
498
|
|
440
499
|
case ssl_hs_read_server_hello:
|
441
|
-
case ssl_hs_read_message:
|
442
|
-
|
443
|
-
|
500
|
+
case ssl_hs_read_message:
|
501
|
+
case ssl_hs_read_change_cipher_spec: {
|
502
|
+
uint8_t alert = SSL_AD_DECODE_ERROR;
|
503
|
+
size_t consumed = 0;
|
504
|
+
ssl_open_record_t ret;
|
505
|
+
if (hs->wait == ssl_hs_read_change_cipher_spec) {
|
506
|
+
ret = ssl_open_change_cipher_spec(ssl, &consumed, &alert,
|
507
|
+
ssl->s3->read_buffer.span());
|
508
|
+
} else {
|
509
|
+
ret = ssl_open_handshake(ssl, &consumed, &alert,
|
510
|
+
ssl->s3->read_buffer.span());
|
511
|
+
}
|
512
|
+
if (ret == ssl_open_record_error &&
|
513
|
+
hs->wait == ssl_hs_read_server_hello) {
|
444
514
|
uint32_t err = ERR_peek_error();
|
445
|
-
if (
|
446
|
-
ERR_GET_LIB(err) == ERR_LIB_SSL &&
|
515
|
+
if (ERR_GET_LIB(err) == ERR_LIB_SSL &&
|
447
516
|
ERR_GET_REASON(err) == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE) {
|
448
517
|
// Add a dedicated error code to the queue for a handshake_failure
|
449
518
|
// alert in response to ClientHello. This matches NSS's client
|
@@ -454,16 +523,16 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
454
523
|
// See https://crbug.com/446505.
|
455
524
|
OPENSSL_PUT_ERROR(SSL, SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO);
|
456
525
|
}
|
457
|
-
return ret;
|
458
526
|
}
|
459
|
-
|
460
|
-
|
461
|
-
|
462
|
-
|
463
|
-
|
464
|
-
if (
|
465
|
-
|
527
|
+
bool retry;
|
528
|
+
int bio_ret = ssl_handle_open_record(ssl, &retry, ret, consumed, alert);
|
529
|
+
if (bio_ret <= 0) {
|
530
|
+
return bio_ret;
|
531
|
+
}
|
532
|
+
if (retry) {
|
533
|
+
continue;
|
466
534
|
}
|
535
|
+
ssl->s3->read_buffer.DiscardConsumed();
|
467
536
|
break;
|
468
537
|
}
|
469
538
|
|
@@ -478,42 +547,42 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
478
547
|
}
|
479
548
|
|
480
549
|
case ssl_hs_certificate_selection_pending:
|
481
|
-
ssl->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
|
550
|
+
ssl->s3->rwstate = SSL_CERTIFICATE_SELECTION_PENDING;
|
482
551
|
hs->wait = ssl_hs_ok;
|
483
552
|
return -1;
|
484
553
|
|
485
554
|
case ssl_hs_x509_lookup:
|
486
|
-
ssl->rwstate = SSL_X509_LOOKUP;
|
555
|
+
ssl->s3->rwstate = SSL_X509_LOOKUP;
|
487
556
|
hs->wait = ssl_hs_ok;
|
488
557
|
return -1;
|
489
558
|
|
490
559
|
case ssl_hs_channel_id_lookup:
|
491
|
-
ssl->rwstate = SSL_CHANNEL_ID_LOOKUP;
|
560
|
+
ssl->s3->rwstate = SSL_CHANNEL_ID_LOOKUP;
|
492
561
|
hs->wait = ssl_hs_ok;
|
493
562
|
return -1;
|
494
563
|
|
495
564
|
case ssl_hs_private_key_operation:
|
496
|
-
ssl->rwstate = SSL_PRIVATE_KEY_OPERATION;
|
565
|
+
ssl->s3->rwstate = SSL_PRIVATE_KEY_OPERATION;
|
497
566
|
hs->wait = ssl_hs_ok;
|
498
567
|
return -1;
|
499
568
|
|
500
569
|
case ssl_hs_pending_session:
|
501
|
-
ssl->rwstate = SSL_PENDING_SESSION;
|
570
|
+
ssl->s3->rwstate = SSL_PENDING_SESSION;
|
502
571
|
hs->wait = ssl_hs_ok;
|
503
572
|
return -1;
|
504
573
|
|
505
574
|
case ssl_hs_pending_ticket:
|
506
|
-
ssl->rwstate = SSL_PENDING_TICKET;
|
575
|
+
ssl->s3->rwstate = SSL_PENDING_TICKET;
|
507
576
|
hs->wait = ssl_hs_ok;
|
508
577
|
return -1;
|
509
578
|
|
510
579
|
case ssl_hs_certificate_verify:
|
511
|
-
ssl->rwstate = SSL_CERTIFICATE_VERIFY;
|
580
|
+
ssl->s3->rwstate = SSL_CERTIFICATE_VERIFY;
|
512
581
|
hs->wait = ssl_hs_ok;
|
513
582
|
return -1;
|
514
583
|
|
515
584
|
case ssl_hs_early_data_rejected:
|
516
|
-
ssl->rwstate = SSL_EARLY_DATA_REJECTED;
|
585
|
+
ssl->s3->rwstate = SSL_EARLY_DATA_REJECTED;
|
517
586
|
// Cause |SSL_write| to start failing immediately.
|
518
587
|
hs->can_early_write = false;
|
519
588
|
return -1;
|
@@ -358,7 +358,7 @@ static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
|
|
358
358
|
SSL *const ssl = hs->ssl;
|
359
359
|
if (msg.type != SSL3_MT_SERVER_HELLO &&
|
360
360
|
msg.type != SSL3_MT_HELLO_RETRY_REQUEST) {
|
361
|
-
|
361
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
362
362
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
|
363
363
|
return 0;
|
364
364
|
}
|
@@ -366,7 +366,7 @@ static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
|
|
366
366
|
CBS server_hello = msg.body;
|
367
367
|
if (!CBS_get_u16(&server_hello, out)) {
|
368
368
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
369
|
-
|
369
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
370
370
|
return 0;
|
371
371
|
}
|
372
372
|
|
@@ -382,7 +382,7 @@ static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
|
|
382
382
|
!CBS_skip(&server_hello, sid_length + 2 /* cipher_suite */ +
|
383
383
|
1 /* compression_method */)) {
|
384
384
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
385
|
-
|
385
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
386
386
|
return 0;
|
387
387
|
}
|
388
388
|
|
@@ -395,7 +395,7 @@ static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
|
|
395
395
|
if (!CBS_get_u16_length_prefixed(&server_hello, &extensions) ||
|
396
396
|
CBS_len(&server_hello) != 0) {
|
397
397
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
398
|
-
|
398
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
399
399
|
return 0;
|
400
400
|
}
|
401
401
|
|
@@ -410,14 +410,14 @@ static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
|
|
410
410
|
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
411
411
|
OPENSSL_ARRAY_SIZE(ext_types),
|
412
412
|
1 /* ignore unknown */)) {
|
413
|
-
|
413
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
414
414
|
return 0;
|
415
415
|
}
|
416
416
|
|
417
417
|
if (have_supported_versions &&
|
418
418
|
(!CBS_get_u16(&supported_versions, out) ||
|
419
419
|
CBS_len(&supported_versions) != 0)) {
|
420
|
-
|
420
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
421
421
|
return 0;
|
422
422
|
}
|
423
423
|
|
@@ -500,9 +500,14 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
|
|
500
500
|
return ssl_hs_ok;
|
501
501
|
}
|
502
502
|
|
503
|
-
|
504
|
-
|
505
|
-
|
503
|
+
ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->session->ssl_version);
|
504
|
+
if (ssl_is_draft22(ssl->session->ssl_version) &&
|
505
|
+
!ssl->method->add_change_cipher_spec(ssl)) {
|
506
|
+
return ssl_hs_error;
|
507
|
+
}
|
508
|
+
|
509
|
+
if (!tls13_init_early_key_schedule(hs, ssl->session->master_key,
|
510
|
+
ssl->session->master_key_length) ||
|
506
511
|
!tls13_derive_early_secrets(hs) ||
|
507
512
|
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->early_traffic_secret,
|
508
513
|
hs->hash_len)) {
|
@@ -542,7 +547,7 @@ static enum ssl_hs_wait_t do_read_hello_verify_request(SSL_HANDSHAKE *hs) {
|
|
542
547
|
CBS_len(&cookie) > sizeof(ssl->d1->cookie) ||
|
543
548
|
CBS_len(&hello_verify_request) != 0) {
|
544
549
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
545
|
-
|
550
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
546
551
|
return ssl_hs_error;
|
547
552
|
}
|
548
553
|
|
@@ -578,7 +583,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
578
583
|
|
579
584
|
if (!ssl_supports_version(hs, server_version)) {
|
580
585
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL);
|
581
|
-
|
586
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
|
582
587
|
return ssl_hs_error;
|
583
588
|
}
|
584
589
|
|
@@ -591,11 +596,11 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
591
596
|
ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
|
592
597
|
} else if (server_version != ssl->version) {
|
593
598
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SSL_VERSION);
|
594
|
-
|
599
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
|
595
600
|
return ssl_hs_error;
|
596
601
|
}
|
597
602
|
|
598
|
-
if (
|
603
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
|
599
604
|
hs->state = state_tls13;
|
600
605
|
return ssl_hs_ok;
|
601
606
|
}
|
@@ -609,7 +614,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
609
614
|
// fallback described in draft-ietf-tls-tls13-18 appendix C.3.
|
610
615
|
if (hs->early_data_offered) {
|
611
616
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_ON_EARLY_DATA);
|
612
|
-
|
617
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION);
|
613
618
|
return ssl_hs_error;
|
614
619
|
}
|
615
620
|
|
@@ -627,7 +632,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
627
632
|
!CBS_get_u16(&server_hello, &cipher_suite) ||
|
628
633
|
!CBS_get_u8(&server_hello, &compression_method)) {
|
629
634
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
630
|
-
|
635
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
631
636
|
return ssl_hs_error;
|
632
637
|
}
|
633
638
|
|
@@ -648,7 +653,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
648
653
|
// fill out.
|
649
654
|
ssl_set_session(ssl, NULL);
|
650
655
|
if (!ssl_get_new_session(hs, 0 /* client */)) {
|
651
|
-
|
656
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
652
657
|
return ssl_hs_error;
|
653
658
|
}
|
654
659
|
// Note: session_id could be empty.
|
@@ -661,7 +666,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
661
666
|
if (cipher == NULL) {
|
662
667
|
// unknown cipher
|
663
668
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
|
664
|
-
|
669
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
665
670
|
return ssl_hs_error;
|
666
671
|
}
|
667
672
|
|
@@ -669,30 +674,30 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
669
674
|
uint32_t mask_a, mask_k;
|
670
675
|
ssl_get_client_disabled(ssl, &mask_a, &mask_k);
|
671
676
|
if ((cipher->algorithm_mkey & mask_k) || (cipher->algorithm_auth & mask_a) ||
|
672
|
-
SSL_CIPHER_get_min_version(cipher) >
|
673
|
-
SSL_CIPHER_get_max_version(cipher) <
|
677
|
+
SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
|
678
|
+
SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl) ||
|
674
679
|
!sk_SSL_CIPHER_find(SSL_get_ciphers(ssl), NULL, cipher)) {
|
675
680
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
|
676
|
-
|
681
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
677
682
|
return ssl_hs_error;
|
678
683
|
}
|
679
684
|
|
680
685
|
if (ssl->session != NULL) {
|
681
686
|
if (ssl->session->ssl_version != ssl->version) {
|
682
687
|
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
|
683
|
-
|
688
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
684
689
|
return ssl_hs_error;
|
685
690
|
}
|
686
691
|
if (ssl->session->cipher != cipher) {
|
687
692
|
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
|
688
|
-
|
693
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
689
694
|
return ssl_hs_error;
|
690
695
|
}
|
691
696
|
if (!ssl_session_is_context_valid(ssl, ssl->session)) {
|
692
697
|
// This is actually a client application bug.
|
693
698
|
OPENSSL_PUT_ERROR(SSL,
|
694
699
|
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
|
695
|
-
|
700
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
696
701
|
return ssl_hs_error;
|
697
702
|
}
|
698
703
|
} else {
|
@@ -702,9 +707,9 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
702
707
|
|
703
708
|
// Now that the cipher is known, initialize the handshake hash and hash the
|
704
709
|
// ServerHello.
|
705
|
-
if (!hs->transcript.InitHash(
|
710
|
+
if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
|
706
711
|
!ssl_hash_message(hs, msg)) {
|
707
|
-
|
712
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
708
713
|
return ssl_hs_error;
|
709
714
|
}
|
710
715
|
|
@@ -719,7 +724,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
719
724
|
// Only the NULL compression algorithm is supported.
|
720
725
|
if (compression_method != 0) {
|
721
726
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
|
722
|
-
|
727
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
723
728
|
return ssl_hs_error;
|
724
729
|
}
|
725
730
|
|
@@ -733,7 +738,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
733
738
|
if (CBS_len(&server_hello) != 0) {
|
734
739
|
// wrong packet length
|
735
740
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
736
|
-
|
741
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
737
742
|
return ssl_hs_error;
|
738
743
|
}
|
739
744
|
|
@@ -744,7 +749,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
744
749
|
} else {
|
745
750
|
OPENSSL_PUT_ERROR(SSL, SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION);
|
746
751
|
}
|
747
|
-
|
752
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
748
753
|
return ssl_hs_error;
|
749
754
|
}
|
750
755
|
|
@@ -792,7 +797,7 @@ static enum ssl_hs_wait_t do_read_server_certificate(SSL_HANDSHAKE *hs) {
|
|
792
797
|
UniquePtr<STACK_OF(CRYPTO_BUFFER)> chain;
|
793
798
|
if (!ssl_parse_cert_chain(&alert, &chain, &hs->peer_pubkey, NULL, &body,
|
794
799
|
ssl->ctx->pool)) {
|
795
|
-
|
800
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
796
801
|
return ssl_hs_error;
|
797
802
|
}
|
798
803
|
sk_CRYPTO_BUFFER_pop_free(hs->new_session->certs, CRYPTO_BUFFER_free);
|
@@ -802,14 +807,14 @@ static enum ssl_hs_wait_t do_read_server_certificate(SSL_HANDSHAKE *hs) {
|
|
802
807
|
CBS_len(&body) != 0 ||
|
803
808
|
!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
|
804
809
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
805
|
-
|
810
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
806
811
|
return ssl_hs_error;
|
807
812
|
}
|
808
813
|
|
809
814
|
if (!ssl_check_leaf_certificate(
|
810
815
|
hs, hs->peer_pubkey.get(),
|
811
816
|
sk_CRYPTO_BUFFER_value(hs->new_session->certs, 0))) {
|
812
|
-
|
817
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
813
818
|
return ssl_hs_error;
|
814
819
|
}
|
815
820
|
|
@@ -851,7 +856,7 @@ static enum ssl_hs_wait_t do_read_certificate_status(SSL_HANDSHAKE *hs) {
|
|
851
856
|
CBS_len(&ocsp_response) == 0 ||
|
852
857
|
CBS_len(&certificate_status) != 0) {
|
853
858
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
854
|
-
|
859
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
855
860
|
return ssl_hs_error;
|
856
861
|
}
|
857
862
|
|
@@ -859,7 +864,7 @@ static enum ssl_hs_wait_t do_read_certificate_status(SSL_HANDSHAKE *hs) {
|
|
859
864
|
hs->new_session->ocsp_response =
|
860
865
|
CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool);
|
861
866
|
if (hs->new_session->ocsp_response == nullptr) {
|
862
|
-
|
867
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
863
868
|
return ssl_hs_error;
|
864
869
|
}
|
865
870
|
|
@@ -900,7 +905,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
900
905
|
// Some ciphers (pure PSK) have an optional ServerKeyExchange message.
|
901
906
|
if (ssl_cipher_requires_server_key_exchange(hs->new_cipher)) {
|
902
907
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
|
903
|
-
|
908
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
904
909
|
return ssl_hs_error;
|
905
910
|
}
|
906
911
|
|
@@ -922,21 +927,21 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
922
927
|
if (!CBS_get_u16_length_prefixed(&server_key_exchange,
|
923
928
|
&psk_identity_hint)) {
|
924
929
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
925
|
-
|
930
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
926
931
|
return ssl_hs_error;
|
927
932
|
}
|
928
933
|
|
929
|
-
// Store PSK identity hint for
|
930
|
-
//
|
931
|
-
//
|
932
|
-
//
|
934
|
+
// Store the PSK identity hint for the ClientKeyExchange. Assume that the
|
935
|
+
// maximum length of a PSK identity hint can be as long as the maximum
|
936
|
+
// length of a PSK identity. Also do not allow NULL characters; identities
|
937
|
+
// are saved as C strings.
|
933
938
|
//
|
934
939
|
// TODO(davidben): Should invalid hints be ignored? It's a hint rather than
|
935
940
|
// a specific identity.
|
936
941
|
if (CBS_len(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN ||
|
937
942
|
CBS_contains_zero_byte(&psk_identity_hint)) {
|
938
943
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DATA_LENGTH_TOO_LONG);
|
939
|
-
|
944
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
940
945
|
return ssl_hs_error;
|
941
946
|
}
|
942
947
|
|
@@ -949,7 +954,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
949
954
|
if (CBS_len(&psk_identity_hint) != 0 &&
|
950
955
|
!CBS_strdup(&psk_identity_hint, &raw)) {
|
951
956
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
952
|
-
|
957
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
953
958
|
return ssl_hs_error;
|
954
959
|
}
|
955
960
|
hs->peer_psk_identity_hint.reset(raw);
|
@@ -965,7 +970,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
965
970
|
!CBS_get_u16(&server_key_exchange, &group_id) ||
|
966
971
|
!CBS_get_u8_length_prefixed(&server_key_exchange, &point)) {
|
967
972
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
968
|
-
|
973
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
969
974
|
return ssl_hs_error;
|
970
975
|
}
|
971
976
|
hs->new_session->group_id = group_id;
|
@@ -973,7 +978,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
973
978
|
// Ensure the group is consistent with preferences.
|
974
979
|
if (!tls1_check_group_id(ssl, group_id)) {
|
975
980
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
976
|
-
|
981
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
977
982
|
return ssl_hs_error;
|
978
983
|
}
|
979
984
|
|
@@ -985,7 +990,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
985
990
|
}
|
986
991
|
} else if (!(alg_k & SSL_kPSK)) {
|
987
992
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
|
988
|
-
|
993
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
989
994
|
return ssl_hs_error;
|
990
995
|
}
|
991
996
|
|
@@ -999,22 +1004,22 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
999
1004
|
// ServerKeyExchange should be signed by the server's public key.
|
1000
1005
|
if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
|
1001
1006
|
uint16_t signature_algorithm = 0;
|
1002
|
-
if (
|
1007
|
+
if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
|
1003
1008
|
if (!CBS_get_u16(&server_key_exchange, &signature_algorithm)) {
|
1004
1009
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1005
|
-
|
1010
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1006
1011
|
return ssl_hs_error;
|
1007
1012
|
}
|
1008
1013
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
1009
1014
|
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
|
1010
|
-
|
1015
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
1011
1016
|
return ssl_hs_error;
|
1012
1017
|
}
|
1013
1018
|
hs->new_session->peer_signature_algorithm = signature_algorithm;
|
1014
1019
|
} else if (!tls1_get_legacy_signature_algorithm(&signature_algorithm,
|
1015
1020
|
hs->peer_pubkey.get())) {
|
1016
1021
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
|
1017
|
-
|
1022
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_CERTIFICATE);
|
1018
1023
|
return ssl_hs_error;
|
1019
1024
|
}
|
1020
1025
|
|
@@ -1023,13 +1028,12 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1023
1028
|
if (!CBS_get_u16_length_prefixed(&server_key_exchange, &signature) ||
|
1024
1029
|
CBS_len(&server_key_exchange) != 0) {
|
1025
1030
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1026
|
-
|
1031
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1027
1032
|
return ssl_hs_error;
|
1028
1033
|
}
|
1029
1034
|
|
1030
1035
|
ScopedCBB transcript;
|
1031
|
-
uint8_t
|
1032
|
-
size_t transcript_len;
|
1036
|
+
Array<uint8_t> transcript_data;
|
1033
1037
|
if (!CBB_init(transcript.get(),
|
1034
1038
|
2 * SSL3_RANDOM_SIZE + CBS_len(¶meter)) ||
|
1035
1039
|
!CBB_add_bytes(transcript.get(), ssl->s3->client_random,
|
@@ -1038,25 +1042,22 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1038
1042
|
SSL3_RANDOM_SIZE) ||
|
1039
1043
|
!CBB_add_bytes(transcript.get(), CBS_data(¶meter),
|
1040
1044
|
CBS_len(¶meter)) ||
|
1041
|
-
!
|
1045
|
+
!CBBFinishArray(transcript.get(), &transcript_data)) {
|
1042
1046
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
1043
|
-
|
1047
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
1044
1048
|
return ssl_hs_error;
|
1045
1049
|
}
|
1046
1050
|
|
1047
|
-
|
1048
|
-
|
1049
|
-
hs->peer_pubkey.get(), transcript_data, transcript_len);
|
1050
|
-
OPENSSL_free(transcript_data);
|
1051
|
-
|
1051
|
+
bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
|
1052
|
+
hs->peer_pubkey.get(), transcript_data);
|
1052
1053
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
1053
|
-
sig_ok =
|
1054
|
+
sig_ok = true;
|
1054
1055
|
ERR_clear_error();
|
1055
1056
|
#endif
|
1056
1057
|
if (!sig_ok) {
|
1057
1058
|
// bad signature
|
1058
1059
|
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
|
1059
|
-
|
1060
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
1060
1061
|
return ssl_hs_error;
|
1061
1062
|
}
|
1062
1063
|
} else {
|
@@ -1065,7 +1066,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1065
1066
|
|
1066
1067
|
if (CBS_len(&server_key_exchange) > 0) {
|
1067
1068
|
OPENSSL_PUT_ERROR(SSL, SSL_R_EXTRA_DATA_IN_MESSAGE);
|
1068
|
-
|
1069
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1069
1070
|
return ssl_hs_error;
|
1070
1071
|
}
|
1071
1072
|
}
|
@@ -1104,21 +1105,21 @@ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) {
|
|
1104
1105
|
// Get the certificate types.
|
1105
1106
|
CBS body = msg.body, certificate_types;
|
1106
1107
|
if (!CBS_get_u8_length_prefixed(&body, &certificate_types)) {
|
1107
|
-
|
1108
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1108
1109
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1109
1110
|
return ssl_hs_error;
|
1110
1111
|
}
|
1111
1112
|
|
1112
1113
|
if (!hs->certificate_types.CopyFrom(certificate_types)) {
|
1113
|
-
|
1114
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
1114
1115
|
return ssl_hs_error;
|
1115
1116
|
}
|
1116
1117
|
|
1117
|
-
if (
|
1118
|
+
if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
|
1118
1119
|
CBS supported_signature_algorithms;
|
1119
1120
|
if (!CBS_get_u16_length_prefixed(&body, &supported_signature_algorithms) ||
|
1120
1121
|
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
|
1121
|
-
|
1122
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1122
1123
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1123
1124
|
return ssl_hs_error;
|
1124
1125
|
}
|
@@ -1128,12 +1129,12 @@ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) {
|
|
1128
1129
|
UniquePtr<STACK_OF(CRYPTO_BUFFER)> ca_names =
|
1129
1130
|
ssl_parse_client_CA_list(ssl, &alert, &body);
|
1130
1131
|
if (!ca_names) {
|
1131
|
-
|
1132
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
1132
1133
|
return ssl_hs_error;
|
1133
1134
|
}
|
1134
1135
|
|
1135
1136
|
if (CBS_len(&body) != 0) {
|
1136
|
-
|
1137
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1137
1138
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1138
1139
|
return ssl_hs_error;
|
1139
1140
|
}
|
@@ -1161,7 +1162,7 @@ static enum ssl_hs_wait_t do_read_server_hello_done(SSL_HANDSHAKE *hs) {
|
|
1161
1162
|
|
1162
1163
|
// ServerHelloDone is empty.
|
1163
1164
|
if (CBS_len(&msg.body) != 0) {
|
1164
|
-
|
1165
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1165
1166
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1166
1167
|
return ssl_hs_error;
|
1167
1168
|
}
|
@@ -1184,7 +1185,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
|
|
1184
1185
|
if (ssl->cert->cert_cb != NULL) {
|
1185
1186
|
int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
|
1186
1187
|
if (rv == 0) {
|
1187
|
-
|
1188
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
1188
1189
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
|
1189
1190
|
return ssl_hs_error;
|
1190
1191
|
}
|
@@ -1210,7 +1211,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
|
|
1210
1211
|
}
|
1211
1212
|
|
1212
1213
|
if (!ssl_on_certificate_selected(hs) ||
|
1213
|
-
!
|
1214
|
+
!ssl_output_cert_chain(ssl)) {
|
1214
1215
|
return ssl_hs_error;
|
1215
1216
|
}
|
1216
1217
|
|
@@ -1251,7 +1252,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1251
1252
|
identity, sizeof(identity), psk, sizeof(psk));
|
1252
1253
|
if (psk_len == 0) {
|
1253
1254
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
|
1254
|
-
|
1255
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
1255
1256
|
return ssl_hs_error;
|
1256
1257
|
}
|
1257
1258
|
assert(psk_len <= PSK_MAX_PSK_LEN);
|
@@ -1319,7 +1320,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1319
1320
|
// Compute the premaster.
|
1320
1321
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
1321
1322
|
if (!hs->key_share->Accept(&child, &pms, &alert, hs->peer_key)) {
|
1322
|
-
|
1323
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
1323
1324
|
return ssl_hs_error;
|
1324
1325
|
}
|
1325
1326
|
if (!CBB_flush(&body)) {
|
@@ -1337,7 +1338,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1337
1338
|
}
|
1338
1339
|
OPENSSL_memset(pms.data(), 0, pms.size());
|
1339
1340
|
} else {
|
1340
|
-
|
1341
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
1341
1342
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
1342
1343
|
return ssl_hs_error;
|
1343
1344
|
}
|
@@ -1347,19 +1348,15 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1347
1348
|
if (alg_a & SSL_aPSK) {
|
1348
1349
|
ScopedCBB pms_cbb;
|
1349
1350
|
CBB child;
|
1350
|
-
uint8_t *new_pms;
|
1351
|
-
size_t new_pms_len;
|
1352
|
-
|
1353
1351
|
if (!CBB_init(pms_cbb.get(), 2 + psk_len + 2 + pms.size()) ||
|
1354
1352
|
!CBB_add_u16_length_prefixed(pms_cbb.get(), &child) ||
|
1355
1353
|
!CBB_add_bytes(&child, pms.data(), pms.size()) ||
|
1356
1354
|
!CBB_add_u16_length_prefixed(pms_cbb.get(), &child) ||
|
1357
1355
|
!CBB_add_bytes(&child, psk, psk_len) ||
|
1358
|
-
!
|
1356
|
+
!CBBFinishArray(pms_cbb.get(), &pms)) {
|
1359
1357
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
1360
1358
|
return ssl_hs_error;
|
1361
1359
|
}
|
1362
|
-
pms.Reset(new_pms, new_pms_len);
|
1363
1360
|
}
|
1364
1361
|
|
1365
1362
|
// The message must be added to the finished hash before calculating the
|
@@ -1368,8 +1365,8 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1368
1365
|
return ssl_hs_error;
|
1369
1366
|
}
|
1370
1367
|
|
1371
|
-
hs->new_session->master_key_length =
|
1372
|
-
hs, hs->new_session->master_key, pms
|
1368
|
+
hs->new_session->master_key_length =
|
1369
|
+
tls1_generate_master_secret(hs, hs->new_session->master_key, pms);
|
1373
1370
|
if (hs->new_session->master_key_length == 0) {
|
1374
1371
|
return ssl_hs_error;
|
1375
1372
|
}
|
@@ -1399,7 +1396,7 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
1399
1396
|
if (!tls1_choose_signature_algorithm(hs, &signature_algorithm)) {
|
1400
1397
|
return ssl_hs_error;
|
1401
1398
|
}
|
1402
|
-
if (
|
1399
|
+
if (ssl_protocol_version(ssl) >= TLS1_2_VERSION) {
|
1403
1400
|
// Write out the digest type in TLS 1.2.
|
1404
1401
|
if (!CBB_add_u16(&body, signature_algorithm)) {
|
1405
1402
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
@@ -1418,7 +1415,7 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
1418
1415
|
size_t sig_len = max_sig_len;
|
1419
1416
|
// The SSL3 construction for CertificateVerify does not decompose into a
|
1420
1417
|
// single final digest and signature, and must be special-cased.
|
1421
|
-
if (
|
1418
|
+
if (ssl_protocol_version(ssl) == SSL3_VERSION) {
|
1422
1419
|
if (ssl->cert->key_method != NULL) {
|
1423
1420
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY);
|
1424
1421
|
return ssl_hs_error;
|
@@ -1438,9 +1435,9 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
1438
1435
|
return ssl_hs_error;
|
1439
1436
|
}
|
1440
1437
|
} else {
|
1441
|
-
switch (ssl_private_key_sign(
|
1442
|
-
|
1443
|
-
|
1438
|
+
switch (ssl_private_key_sign(hs, ptr, &sig_len, max_sig_len,
|
1439
|
+
signature_algorithm,
|
1440
|
+
hs->transcript.buffer())) {
|
1444
1441
|
case ssl_private_key_success:
|
1445
1442
|
break;
|
1446
1443
|
case ssl_private_key_failure:
|
@@ -1484,14 +1481,15 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
|
|
1484
1481
|
|
1485
1482
|
if (hs->next_proto_neg_seen) {
|
1486
1483
|
static const uint8_t kZero[32] = {0};
|
1487
|
-
size_t padding_len =
|
1484
|
+
size_t padding_len =
|
1485
|
+
32 - ((ssl->s3->next_proto_negotiated.size() + 2) % 32);
|
1488
1486
|
|
1489
1487
|
ScopedCBB cbb;
|
1490
1488
|
CBB body, child;
|
1491
1489
|
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_NEXT_PROTO) ||
|
1492
1490
|
!CBB_add_u8_length_prefixed(&body, &child) ||
|
1493
|
-
!CBB_add_bytes(&child, ssl->s3->next_proto_negotiated,
|
1494
|
-
ssl->s3->
|
1491
|
+
!CBB_add_bytes(&child, ssl->s3->next_proto_negotiated.data(),
|
1492
|
+
ssl->s3->next_proto_negotiated.size()) ||
|
1495
1493
|
!CBB_add_u8_length_prefixed(&body, &child) ||
|
1496
1494
|
!CBB_add_bytes(&child, kZero, padding_len) ||
|
1497
1495
|
!ssl_add_message_cbb(ssl, cbb.get())) {
|
@@ -1511,7 +1509,7 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
|
|
1511
1509
|
}
|
1512
1510
|
}
|
1513
1511
|
|
1514
|
-
if (!
|
1512
|
+
if (!ssl_send_finished(hs)) {
|
1515
1513
|
return ssl_hs_error;
|
1516
1514
|
}
|
1517
1515
|
|
@@ -1519,6 +1517,18 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
|
|
1519
1517
|
return ssl_hs_flush;
|
1520
1518
|
}
|
1521
1519
|
|
1520
|
+
static bool can_false_start(const SSL_HANDSHAKE *hs) {
|
1521
|
+
SSL *const ssl = hs->ssl;
|
1522
|
+
|
1523
|
+
// False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN.
|
1524
|
+
return !SSL_is_dtls(ssl) &&
|
1525
|
+
SSL_version(ssl) == TLS1_2_VERSION &&
|
1526
|
+
(!ssl->s3->alpn_selected.empty() ||
|
1527
|
+
!ssl->s3->next_proto_negotiated.empty()) &&
|
1528
|
+
hs->new_cipher->algorithm_mkey == SSL_kECDHE &&
|
1529
|
+
hs->new_cipher->algorithm_mac == SSL_AEAD;
|
1530
|
+
}
|
1531
|
+
|
1522
1532
|
static enum ssl_hs_wait_t do_finish_flight(SSL_HANDSHAKE *hs) {
|
1523
1533
|
SSL *const ssl = hs->ssl;
|
1524
1534
|
if (ssl->session != NULL) {
|
@@ -1536,7 +1546,7 @@ static enum ssl_hs_wait_t do_finish_flight(SSL_HANDSHAKE *hs) {
|
|
1536
1546
|
hs->state = state_read_session_ticket;
|
1537
1547
|
|
1538
1548
|
if ((SSL_get_mode(ssl) & SSL_MODE_ENABLE_FALSE_START) &&
|
1539
|
-
|
1549
|
+
can_false_start(hs) &&
|
1540
1550
|
// No False Start on renegotiation (would complicate the state machine).
|
1541
1551
|
!ssl->s3->initial_handshake_complete) {
|
1542
1552
|
hs->in_false_start = true;
|
@@ -1570,7 +1580,7 @@ static enum ssl_hs_wait_t do_read_session_ticket(SSL_HANDSHAKE *hs) {
|
|
1570
1580
|
if (!CBS_get_u32(&new_session_ticket, &tlsext_tick_lifetime_hint) ||
|
1571
1581
|
!CBS_get_u16_length_prefixed(&new_session_ticket, &ticket) ||
|
1572
1582
|
CBS_len(&new_session_ticket) != 0) {
|
1573
|
-
|
1583
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
1574
1584
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
1575
1585
|
return ssl_hs_error;
|
1576
1586
|
}
|
@@ -1660,18 +1670,16 @@ static enum ssl_hs_wait_t do_finish_client_handshake(SSL_HANDSHAKE *hs) {
|
|
1660
1670
|
|
1661
1671
|
ssl->method->on_handshake_complete(ssl);
|
1662
1672
|
|
1663
|
-
SSL_SESSION_free(ssl->s3->established_session);
|
1664
1673
|
if (ssl->session != NULL) {
|
1665
1674
|
SSL_SESSION_up_ref(ssl->session);
|
1666
|
-
ssl->s3->established_session
|
1675
|
+
ssl->s3->established_session.reset(ssl->session);
|
1667
1676
|
} else {
|
1668
1677
|
// We make a copy of the session in order to maintain the immutability
|
1669
1678
|
// of the new established_session due to False Start. The caller may
|
1670
1679
|
// have taken a reference to the temporary session.
|
1671
1680
|
ssl->s3->established_session =
|
1672
|
-
SSL_SESSION_dup(hs->new_session.get(), SSL_SESSION_DUP_ALL)
|
1673
|
-
|
1674
|
-
if (ssl->s3->established_session == NULL) {
|
1681
|
+
SSL_SESSION_dup(hs->new_session.get(), SSL_SESSION_DUP_ALL);
|
1682
|
+
if (!ssl->s3->established_session) {
|
1675
1683
|
return ssl_hs_error;
|
1676
1684
|
}
|
1677
1685
|
// Renegotiations do not participate in session resumption.
|