grpc 1.10.0 → 1.11.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +2098 -501
- data/include/grpc/byte_buffer.h +2 -0
- data/include/grpc/byte_buffer_reader.h +2 -0
- data/include/grpc/census.h +2 -0
- data/include/grpc/fork.h +2 -0
- data/include/grpc/grpc.h +10 -0
- data/include/grpc/grpc_cronet.h +2 -0
- data/include/grpc/grpc_posix.h +2 -1
- data/include/grpc/grpc_security.h +21 -0
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/byte_buffer.h +2 -0
- data/include/grpc/impl/codegen/grpc_types.h +24 -0
- data/include/grpc/impl/codegen/slice.h +1 -1
- data/include/grpc/impl/codegen/sync.h +1 -0
- data/include/grpc/impl/codegen/sync_custom.h +2 -0
- data/include/grpc/impl/codegen/sync_generic.h +2 -0
- data/include/grpc/impl/codegen/sync_posix.h +2 -0
- data/include/grpc/impl/codegen/sync_windows.h +2 -0
- data/include/grpc/slice.h +2 -0
- data/include/grpc/slice_buffer.h +2 -0
- data/include/grpc/status.h +2 -0
- data/include/grpc/support/alloc.h +2 -2
- data/include/grpc/support/atm.h +2 -0
- data/include/grpc/support/atm_gcc_atomic.h +2 -0
- data/include/grpc/support/atm_gcc_sync.h +2 -0
- data/include/grpc/support/atm_windows.h +2 -0
- data/include/grpc/support/log.h +1 -1
- data/include/grpc/support/sync.h +2 -0
- data/include/grpc/support/sync_custom.h +2 -0
- data/include/grpc/support/sync_generic.h +2 -0
- data/include/grpc/support/sync_posix.h +2 -0
- data/include/grpc/support/sync_windows.h +2 -0
- data/include/grpc/support/time.h +2 -0
- data/src/boringssl/err_data.c +444 -438
- data/src/core/ext/census/grpc_context.cc +2 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +13 -8
- data/src/core/ext/filters/client_channel/backup_poller.h +3 -2
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +2 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +1988 -433
- data/src/core/ext/filters/client_channel/client_channel.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -0
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +2 -27
- data/src/core/ext/filters/client_channel/connector.cc +2 -0
- data/src/core/ext/filters/client_channel/connector.h +2 -0
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -0
- data/src/core/ext/filters/client_channel/http_proxy.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +96 -78
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +70 -62
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +4 -2
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +2 -1
- data/src/core/ext/filters/client_channel/method_params.cc +178 -0
- data/src/core/ext/filters/client_channel/method_params.h +74 -0
- data/src/core/ext/filters/client_channel/parse_address.cc +17 -13
- data/src/core/ext/filters/client_channel/parse_address.h +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper.cc +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper.h +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +2 -0
- data/src/core/ext/filters/client_channel/resolver.cc +2 -0
- data/src/core/ext/filters/client_channel/resolver.h +6 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +2 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +55 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +8 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +1 -0
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +30 -3
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -1
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -0
- data/src/core/ext/filters/client_channel/resolver_registry.cc +2 -0
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -0
- data/src/core/ext/filters/client_channel/retry_throttle.cc +102 -120
- data/src/core/ext/filters/client_channel/retry_throttle.h +52 -25
- data/src/core/ext/filters/client_channel/subchannel.cc +14 -4
- data/src/core/ext/filters/client_channel/subchannel.h +10 -1
- data/src/core/ext/filters/client_channel/subchannel_index.cc +2 -0
- data/src/core/ext/filters/client_channel/subchannel_index.h +2 -0
- data/src/core/ext/filters/client_channel/uri_parser.cc +2 -1
- data/src/core/ext/filters/client_channel/uri_parser.h +2 -1
- data/src/core/ext/filters/deadline/deadline_filter.cc +2 -1
- data/src/core/ext/filters/deadline/deadline_filter.h +2 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +27 -25
- data/src/core/ext/filters/http/client/http_client_filter.h +2 -0
- data/src/core/ext/filters/http/client_authority_filter.cc +156 -0
- data/src/core/ext/filters/http/client_authority_filter.h +34 -0
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -0
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +21 -22
- data/src/core/ext/filters/http/message_compress/message_compress_filter.h +2 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +11 -8
- data/src/core/ext/filters/http/server/http_server_filter.h +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.cc +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_filter.h +2 -0
- data/src/core/ext/filters/load_reporting/server_load_reporting_plugin.h +2 -0
- data/src/core/ext/filters/max_age/max_age_filter.cc +2 -0
- data/src/core/ext/filters/max_age/max_age_filter.h +2 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +52 -49
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -0
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +5 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +2 -0
- data/src/core/ext/filters/workarounds/workaround_utils.cc +2 -0
- data/src/core/ext/filters/workarounds/workaround_utils.h +2 -0
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +3 -1
- data/src/core/ext/transport/chttp2/alpn/alpn.h +2 -0
- data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
- data/src/core/ext/transport/chttp2/client/authority.h +36 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -0
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +10 -3
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +37 -25
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +2 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +3 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +2 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +152 -182
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +2 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +15 -19
- data/src/core/ext/transport/chttp2/transport/frame_data.h +7 -5
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -2
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -1
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +2 -0
- data/src/core/ext/transport/chttp2/transport/huffsyms.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -0
- data/src/core/ext/transport/chttp2/transport/internal.h +60 -24
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -4
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/stream_map.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -0
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -6
- data/src/core/ext/transport/inproc/inproc_plugin.cc +2 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -23
- data/src/core/ext/transport/inproc/inproc_transport.h +2 -0
- data/src/core/lib/avl/avl.cc +2 -0
- data/src/core/lib/avl/avl.h +2 -0
- data/src/core/lib/backoff/backoff.cc +2 -0
- data/src/core/lib/backoff/backoff.h +2 -0
- data/src/core/lib/channel/channel_args.h +2 -0
- data/src/core/lib/channel/channel_stack.cc +3 -1
- data/src/core/lib/channel/channel_stack.h +2 -0
- data/src/core/lib/channel/channel_stack_builder.cc +2 -0
- data/src/core/lib/channel/channel_stack_builder.h +2 -0
- data/src/core/lib/channel/channel_trace.cc +239 -0
- data/src/core/lib/channel/channel_trace.h +133 -0
- data/src/core/lib/channel/channel_trace_registry.cc +80 -0
- data/src/core/lib/channel/channel_trace_registry.h +43 -0
- data/src/core/lib/channel/connected_channel.cc +2 -0
- data/src/core/lib/channel/connected_channel.h +2 -0
- data/src/core/lib/channel/handshaker.cc +2 -0
- data/src/core/lib/channel/handshaker.h +2 -0
- data/src/core/lib/channel/handshaker_factory.cc +2 -0
- data/src/core/lib/channel/handshaker_factory.h +2 -1
- data/src/core/lib/channel/handshaker_registry.cc +2 -0
- data/src/core/lib/channel/handshaker_registry.h +2 -1
- data/src/core/lib/channel/status_util.cc +100 -0
- data/src/core/lib/channel/status_util.h +58 -0
- data/src/core/lib/compression/algorithm_metadata.h +2 -0
- data/src/core/lib/compression/compression.cc +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -0
- data/src/core/lib/compression/compression_internal.h +2 -0
- data/src/core/lib/compression/message_compress.cc +2 -0
- data/src/core/lib/compression/message_compress.h +2 -0
- data/src/core/lib/compression/stream_compression.cc +2 -0
- data/src/core/lib/compression/stream_compression.h +2 -0
- data/src/core/lib/compression/stream_compression_gzip.cc +2 -0
- data/src/core/lib/compression/stream_compression_gzip.h +2 -0
- data/src/core/lib/compression/stream_compression_identity.cc +2 -1
- data/src/core/lib/compression/stream_compression_identity.h +2 -0
- data/src/core/lib/debug/stats.cc +2 -0
- data/src/core/lib/debug/stats.h +2 -0
- data/src/core/lib/debug/stats_data.cc +3 -1
- data/src/core/lib/debug/stats_data.h +2 -0
- data/src/core/lib/debug/trace.cc +2 -0
- data/src/core/lib/debug/trace.h +2 -1
- data/src/core/lib/gpr/alloc.cc +2 -1
- data/src/core/lib/gpr/arena.cc +47 -0
- data/src/core/lib/gpr/arena.h +2 -0
- data/src/core/lib/gpr/atm.cc +2 -0
- data/src/core/lib/gpr/cpu_linux.cc +5 -1
- data/src/core/lib/gpr/cpu_posix.cc +1 -1
- data/src/core/lib/gpr/env.h +2 -0
- data/src/core/lib/gpr/fork.cc +2 -0
- data/src/core/lib/gpr/host_port.cc +2 -0
- data/src/core/lib/gpr/log.cc +2 -1
- data/src/core/lib/gpr/log_linux.cc +1 -0
- data/src/core/lib/gpr/mpscq.cc +2 -0
- data/src/core/lib/gpr/mpscq.h +2 -0
- data/src/core/lib/gpr/murmur_hash.cc +2 -0
- data/src/core/lib/gpr/spinlock.h +2 -0
- data/src/core/lib/gpr/string.cc +2 -1
- data/src/core/lib/gpr/string.h +2 -2
- data/src/core/lib/gpr/sync.cc +2 -0
- data/src/core/lib/gpr/time.cc +2 -0
- data/src/core/lib/gpr/time_posix.cc +1 -0
- data/src/core/lib/gpr/time_precise.cc +2 -0
- data/src/core/lib/gpr/time_precise.h +2 -0
- data/src/core/lib/gpr/tls_gcc.h +2 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_pthread.h +2 -0
- data/src/core/lib/gpr/tmpfile.h +2 -0
- data/src/core/lib/gprpp/atomic_with_atm.h +2 -0
- data/src/core/lib/gprpp/atomic_with_std.h +2 -0
- data/src/core/lib/gprpp/inlined_vector.h +2 -0
- data/src/core/lib/gprpp/manual_constructor.h +3 -1
- data/src/core/lib/gprpp/memory.h +5 -3
- data/src/core/lib/gprpp/orphanable.h +3 -0
- data/src/core/lib/gprpp/ref_counted.h +4 -0
- data/src/core/lib/gprpp/ref_counted_ptr.h +3 -0
- data/src/core/lib/gprpp/thd.h +135 -0
- data/src/core/lib/gprpp/thd_posix.cc +209 -0
- data/src/core/lib/gprpp/thd_windows.cc +162 -0
- data/src/core/lib/http/format_request.cc +2 -0
- data/src/core/lib/http/format_request.h +2 -0
- data/src/core/lib/http/httpcli.cc +2 -0
- data/src/core/lib/http/httpcli.h +2 -0
- data/src/core/lib/http/httpcli_security_connector.cc +16 -7
- data/src/core/lib/http/parser.cc +2 -0
- data/src/core/lib/http/parser.h +2 -1
- data/src/core/lib/iomgr/call_combiner.cc +2 -0
- data/src/core/lib/iomgr/call_combiner.h +2 -1
- data/src/core/lib/iomgr/combiner.cc +2 -0
- data/src/core/lib/iomgr/combiner.h +2 -0
- data/src/core/lib/iomgr/endpoint.cc +4 -0
- data/src/core/lib/iomgr/endpoint.h +2 -0
- data/src/core/lib/iomgr/endpoint_pair.h +2 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -0
- data/src/core/lib/iomgr/endpoint_pair_uv.cc +2 -0
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +7 -4
- data/src/core/lib/iomgr/error.h +2 -0
- data/src/core/lib/iomgr/error_internal.h +2 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.h +2 -0
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -18
- data/src/core/lib/iomgr/ev_epollex_linux.h +2 -0
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +2 -0
- data/src/core/lib/iomgr/ev_epollsig_linux.h +2 -0
- data/src/core/lib/iomgr/ev_poll_posix.cc +61 -31
- data/src/core/lib/iomgr/ev_poll_posix.h +2 -0
- data/src/core/lib/iomgr/ev_posix.cc +35 -19
- data/src/core/lib/iomgr/ev_posix.h +2 -0
- data/src/core/lib/iomgr/ev_windows.cc +2 -0
- data/src/core/lib/iomgr/exec_ctx.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +21 -9
- data/src/core/lib/iomgr/executor.cc +13 -11
- data/src/core/lib/iomgr/executor.h +2 -0
- data/src/core/lib/iomgr/fork_posix.cc +4 -2
- data/src/core/lib/iomgr/fork_windows.cc +2 -0
- data/src/core/lib/iomgr/gethostname_fallback.cc +2 -0
- data/src/core/lib/iomgr/gethostname_host_name_max.cc +2 -0
- data/src/core/lib/iomgr/gethostname_sysconf.cc +2 -0
- data/src/core/lib/iomgr/iocp_windows.cc +3 -1
- data/src/core/lib/iomgr/iocp_windows.h +3 -0
- data/src/core/lib/iomgr/iomgr.cc +2 -1
- data/src/core/lib/iomgr/iomgr.h +2 -0
- data/src/core/lib/iomgr/iomgr_custom.cc +63 -0
- data/src/core/lib/iomgr/iomgr_custom.h +47 -0
- data/src/core/lib/iomgr/iomgr_internal.cc +43 -0
- data/src/core/lib/iomgr/iomgr_internal.h +14 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +30 -3
- data/src/core/lib/iomgr/iomgr_posix.h +2 -0
- data/src/core/lib/iomgr/iomgr_uv.cc +17 -20
- data/src/core/lib/iomgr/iomgr_windows.cc +29 -3
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +2 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.h +2 -0
- data/src/core/lib/iomgr/load_file.cc +2 -0
- data/src/core/lib/iomgr/load_file.h +2 -0
- data/src/core/lib/iomgr/lockfree_event.cc +2 -0
- data/src/core/lib/iomgr/lockfree_event.h +14 -1
- data/src/core/lib/iomgr/nameser.h +2 -0
- data/src/core/lib/iomgr/network_status_tracker.cc +3 -1
- data/src/core/lib/iomgr/network_status_tracker.h +2 -0
- data/src/core/lib/iomgr/polling_entity.cc +2 -0
- data/src/core/lib/iomgr/polling_entity.h +2 -0
- data/src/core/lib/iomgr/pollset.cc +56 -0
- data/src/core/lib/iomgr/pollset.h +19 -0
- data/src/core/lib/iomgr/pollset_custom.cc +106 -0
- data/src/core/lib/iomgr/{timer_generic.h → pollset_custom.h} +15 -17
- data/src/core/lib/iomgr/pollset_set.cc +55 -0
- data/src/core/lib/iomgr/pollset_set.h +13 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
- data/src/core/lib/iomgr/{pollset_uv.h → pollset_set_custom.h} +6 -7
- data/src/core/lib/iomgr/pollset_set_windows.cc +17 -10
- data/src/core/lib/iomgr/pollset_set_windows.h +2 -0
- data/src/core/lib/iomgr/pollset_uv.cc +42 -105
- data/src/core/lib/iomgr/pollset_windows.cc +20 -12
- data/src/core/lib/iomgr/pollset_windows.h +2 -0
- data/src/core/lib/iomgr/port.h +10 -19
- data/src/core/lib/iomgr/resolve_address.cc +50 -0
- data/src/core/lib/iomgr/resolve_address.h +39 -10
- data/src/core/lib/iomgr/resolve_address_custom.cc +187 -0
- data/src/core/lib/iomgr/resolve_address_custom.h +43 -0
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -22
- data/src/core/lib/iomgr/resolve_address_windows.cc +10 -22
- data/src/core/lib/iomgr/resource_quota.cc +2 -0
- data/src/core/lib/iomgr/resource_quota.h +3 -5
- data/src/core/lib/iomgr/sockaddr.h +3 -11
- data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
- data/src/core/lib/iomgr/sockaddr_posix.h +26 -0
- data/src/core/lib/iomgr/sockaddr_utils.cc +91 -71
- data/src/core/lib/iomgr/sockaddr_utils.h +4 -0
- data/src/core/lib/iomgr/sockaddr_windows.h +21 -0
- data/src/core/lib/iomgr/socket_factory_posix.cc +2 -0
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -0
- data/src/core/lib/iomgr/socket_mutator.cc +2 -0
- data/src/core/lib/iomgr/socket_mutator.h +2 -0
- data/src/core/lib/iomgr/socket_utils.h +11 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +15 -6
- data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -0
- data/src/core/lib/iomgr/socket_utils_uv.cc +13 -2
- data/src/core/lib/iomgr/socket_utils_windows.cc +10 -0
- data/src/core/lib/iomgr/socket_windows.cc +2 -0
- data/src/core/lib/iomgr/socket_windows.h +2 -1
- data/src/core/lib/iomgr/sys_epoll_wrapper.h +2 -0
- data/src/core/lib/iomgr/tcp_client.cc +36 -0
- data/src/core/lib/iomgr/tcp_client.h +13 -0
- data/src/core/lib/iomgr/tcp_client_custom.cc +151 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +11 -24
- data/src/core/lib/iomgr/tcp_client_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -23
- data/src/core/lib/iomgr/tcp_custom.cc +365 -0
- data/src/core/lib/iomgr/tcp_custom.h +81 -0
- data/src/core/lib/iomgr/tcp_posix.cc +3 -1
- data/src/core/lib/iomgr/tcp_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_server.cc +73 -0
- data/src/core/lib/iomgr/tcp_server.h +24 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +472 -0
- data/src/core/lib/iomgr/tcp_server_posix.cc +41 -23
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +2 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -6
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +2 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +43 -21
- data/src/core/lib/iomgr/tcp_uv.cc +308 -314
- data/src/core/lib/iomgr/tcp_windows.cc +3 -1
- data/src/core/lib/iomgr/tcp_windows.h +2 -0
- data/src/core/lib/iomgr/time_averaged_stats.cc +2 -0
- data/src/core/lib/iomgr/timer.cc +45 -0
- data/src/core/lib/iomgr/timer.h +36 -15
- data/src/core/lib/iomgr/timer_custom.cc +93 -0
- data/src/core/lib/iomgr/timer_custom.h +43 -0
- data/src/core/lib/iomgr/timer_generic.cc +12 -10
- data/src/core/lib/iomgr/timer_heap.cc +2 -4
- data/src/core/lib/iomgr/timer_heap.h +2 -0
- data/src/core/lib/iomgr/timer_manager.cc +12 -20
- data/src/core/lib/iomgr/timer_manager.h +2 -0
- data/src/core/lib/iomgr/timer_uv.cc +15 -49
- data/src/core/lib/iomgr/udp_server.cc +271 -230
- data/src/core/lib/iomgr/udp_server.h +44 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +10 -7
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_cv.cc +3 -1
- data/src/core/lib/iomgr/wakeup_fd_cv.h +2 -0
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.h +2 -0
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +2 -0
- data/src/core/lib/iomgr/wakeup_fd_posix.h +2 -0
- data/src/core/lib/json/json.cc +38 -0
- data/src/core/lib/json/json.h +22 -1
- data/src/core/lib/json/json_reader.cc +2 -2
- data/src/core/lib/json/json_reader.h +1 -0
- data/src/core/lib/json/json_string.cc +2 -0
- data/src/core/lib/json/json_writer.cc +2 -2
- data/src/core/lib/json/json_writer.h +2 -0
- data/src/core/lib/profiling/basic_timers.cc +11 -9
- data/src/core/lib/profiling/timers.h +6 -3
- data/src/core/lib/security/context/security_context.cc +2 -0
- data/src/core/lib/security/context/security_context.h +2 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +119 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.h +102 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +67 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +114 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +126 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +112 -0
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +58 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +2 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.cc +2 -0
- data/src/core/lib/security/credentials/credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials_metadata.cc +2 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -3
- data/src/core/lib/security/credentials/fake/fake_credentials.h +5 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +2 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +2 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +2 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +11 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -0
- data/src/core/lib/security/security_connector/alts_security_connector.cc +287 -0
- data/src/core/lib/security/security_connector/alts_security_connector.h +69 -0
- data/src/core/lib/security/security_connector/security_connector.cc +174 -74
- data/src/core/lib/security/security_connector/security_connector.h +41 -7
- data/src/core/lib/security/transport/auth_filters.h +2 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +14 -28
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -0
- data/src/core/lib/security/transport/secure_endpoint.h +2 -0
- data/src/core/lib/security/transport/security_handshaker.cc +2 -0
- data/src/core/lib/security/transport/security_handshaker.h +2 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -0
- data/src/core/lib/security/transport/target_authority_table.cc +75 -0
- data/src/core/lib/security/transport/{lb_targets_info.h → target_authority_table.h} +16 -8
- data/src/core/lib/security/transport/tsi_error.cc +2 -0
- data/src/core/lib/security/transport/tsi_error.h +2 -0
- data/src/core/lib/security/util/json_util.cc +2 -0
- data/src/core/lib/security/util/json_util.h +2 -0
- data/src/core/lib/slice/b64.cc +2 -0
- data/src/core/lib/slice/b64.h +2 -0
- data/src/core/lib/slice/percent_encoding.cc +2 -0
- data/src/core/lib/slice/percent_encoding.h +2 -0
- data/src/core/lib/slice/slice.cc +2 -0
- data/src/core/lib/slice/slice_buffer.cc +3 -1
- data/src/core/lib/slice/slice_hash_table.h +178 -45
- data/src/core/lib/slice/slice_intern.cc +2 -0
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/slice/slice_string_helpers.cc +2 -0
- data/src/core/lib/slice/slice_string_helpers.h +2 -1
- data/src/core/lib/slice/slice_weak_hash_table.h +105 -0
- data/src/core/lib/surface/api_trace.cc +3 -1
- data/src/core/lib/surface/api_trace.h +2 -0
- data/src/core/lib/surface/byte_buffer.cc +3 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +3 -0
- data/src/core/lib/surface/call.cc +46 -80
- data/src/core/lib/surface/call.h +2 -0
- data/src/core/lib/surface/call_details.cc +2 -0
- data/src/core/lib/surface/call_log_batch.cc +2 -0
- data/src/core/lib/surface/call_test_only.h +2 -0
- data/src/core/lib/surface/channel.cc +72 -41
- data/src/core/lib/surface/channel.h +2 -0
- data/src/core/lib/surface/channel_init.cc +2 -0
- data/src/core/lib/surface/channel_init.h +2 -0
- data/src/core/lib/surface/channel_ping.cc +2 -0
- data/src/core/lib/surface/channel_stack_type.cc +3 -2
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.h +2 -0
- data/src/core/lib/surface/completion_queue_factory.cc +3 -1
- data/src/core/lib/surface/completion_queue_factory.h +2 -0
- data/src/core/lib/surface/event_string.cc +2 -0
- data/src/core/lib/surface/event_string.h +2 -0
- data/src/core/lib/surface/init.cc +5 -2
- data/src/core/lib/surface/init_secure.cc +5 -2
- data/src/core/lib/surface/lame_client.cc +7 -5
- data/src/core/lib/surface/lame_client.h +2 -0
- data/src/core/lib/surface/metadata_array.cc +2 -0
- data/src/core/lib/surface/server.cc +2 -0
- data/src/core/lib/surface/server.h +2 -0
- data/src/core/lib/surface/validate_metadata.cc +2 -1
- data/src/core/lib/surface/validate_metadata.h +2 -0
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/bdp_estimator.cc +2 -0
- data/src/core/lib/transport/byte_stream.cc +94 -116
- data/src/core/lib/transport/byte_stream.h +111 -78
- data/src/core/lib/transport/connectivity_state.cc +2 -0
- data/src/core/lib/transport/connectivity_state.h +3 -1
- data/src/core/lib/transport/error_utils.cc +2 -0
- data/src/core/lib/transport/error_utils.h +2 -0
- data/src/core/lib/transport/metadata.cc +2 -0
- data/src/core/lib/transport/metadata.h +3 -1
- data/src/core/lib/transport/metadata_batch.cc +26 -0
- data/src/core/lib/transport/metadata_batch.h +12 -1
- data/src/core/lib/transport/pid_controller.cc +2 -0
- data/src/core/lib/transport/pid_controller.h +2 -0
- data/src/core/lib/transport/service_config.cc +21 -175
- data/src/core/lib/transport/service_config.h +223 -35
- data/src/core/lib/transport/static_metadata.cc +310 -294
- data/src/core/lib/transport/static_metadata.h +96 -82
- data/src/core/lib/transport/status_conversion.cc +2 -0
- data/src/core/lib/transport/status_conversion.h +3 -0
- data/src/core/lib/transport/status_metadata.cc +54 -0
- data/src/core/lib/{iomgr/timer_uv.h → transport/status_metadata.h} +10 -12
- data/src/core/lib/transport/timeout_encoding.cc +2 -1
- data/src/core/lib/transport/timeout_encoding.h +2 -0
- data/src/core/lib/transport/transport.cc +3 -1
- data/src/core/lib/transport/transport.h +33 -7
- data/src/core/lib/transport/transport_impl.h +2 -0
- data/src/core/lib/transport/transport_op_string.cc +10 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +10 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
- data/src/core/tsi/alts/crypt/gsec.cc +189 -0
- data/src/core/tsi/alts/crypt/gsec.h +454 -0
- data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
- data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
- data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
- data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
- data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
- data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +316 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +137 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +520 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +323 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +143 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +149 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_event.cc +73 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_event.h +93 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +483 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +83 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +52 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +58 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +52 -0
- data/src/core/tsi/alts/handshaker/altscontext.pb.c +48 -0
- data/src/core/tsi/alts/handshaker/altscontext.pb.h +64 -0
- data/src/core/tsi/alts/handshaker/handshaker.pb.c +123 -0
- data/src/core/tsi/alts/handshaker/handshaker.pb.h +255 -0
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +50 -0
- data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +78 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +196 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +163 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +180 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +52 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +100 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +296 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +52 -0
- data/src/core/tsi/alts_transport_security.cc +3 -1
- data/src/core/tsi/alts_transport_security.h +4 -2
- data/src/core/tsi/fake_transport_security.cc +2 -1
- data/src/core/tsi/fake_transport_security.h +2 -0
- data/src/core/tsi/ssl/session_cache/ssl_session.h +73 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +58 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +211 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +93 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +76 -0
- data/src/core/tsi/ssl_transport_security.cc +266 -62
- data/src/core/tsi/ssl_transport_security.h +128 -6
- data/src/core/tsi/ssl_types.h +2 -0
- data/src/core/tsi/transport_security.cc +2 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_adapter.cc +2 -0
- data/src/core/tsi/transport_security_adapter.h +2 -0
- data/src/core/tsi/transport_security_grpc.cc +2 -0
- data/src/core/tsi/transport_security_grpc.h +2 -0
- data/src/core/tsi/transport_security_interface.h +2 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -2
- data/src/ruby/ext/grpc/rb_call.c +1 -13
- data/src/ruby/ext/grpc/rb_channel.c +6 -6
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +15 -0
- data/src/ruby/lib/grpc/core/time_consts.rb +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +19 -8
- data/src/ruby/lib/grpc/generic/client_stub.rb +6 -10
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/generic/client_stub_spec.rb +133 -0
- data/src/ruby/spec/pb/package_with_underscore/checker_spec.rb +54 -0
- data/src/ruby/spec/pb/package_with_underscore/data.proto +23 -0
- data/src/ruby/spec/pb/package_with_underscore/service.proto +23 -0
- data/third_party/address_sorting/address_sorting.c +369 -0
- data/third_party/address_sorting/address_sorting_internal.h +70 -0
- data/third_party/address_sorting/address_sorting_posix.c +97 -0
- data/third_party/address_sorting/address_sorting_windows.c +55 -0
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +110 -0
- data/third_party/boringssl/crypto/asn1/a_enum.c +20 -9
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +3 -0
- data/third_party/boringssl/crypto/asn1/a_int.c +19 -8
- data/third_party/boringssl/crypto/asn1/a_object.c +0 -128
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/asn1/tasn_fre.c +2 -4
- data/third_party/boringssl/crypto/asn1/tasn_new.c +3 -2
- data/third_party/boringssl/crypto/bn_extra/bn_asn1.c +0 -16
- data/third_party/boringssl/crypto/buf/buf.c +14 -0
- data/third_party/boringssl/crypto/bytestring/cbb.c +93 -0
- data/third_party/boringssl/crypto/conf/conf.c +2 -2
- data/third_party/boringssl/crypto/cpu-intel.c +17 -17
- data/third_party/boringssl/crypto/crypto.c +16 -4
- data/third_party/boringssl/crypto/curve25519/spake25519.c +11 -11
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +9 -21
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +2 -2
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -8
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +2 -23
- data/third_party/boringssl/crypto/ex_data.c +0 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +7 -11
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +19 -16
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +15 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +53 -46
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +242 -85
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +42 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +176 -34
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +118 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +94 -61
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +79 -63
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +26 -28
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +250 -149
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -27
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +54 -20
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +7 -41
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +6 -40
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +3 -64
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +27 -9
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +203 -205
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +14 -15
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +12 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +25 -36
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +10 -0
- data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -4
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +9 -19
- data/third_party/boringssl/crypto/lhash/lhash.c +19 -0
- data/third_party/boringssl/crypto/obj/obj.c +29 -69
- data/third_party/boringssl/crypto/pem/pem_lib.c +2 -2
- data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +4 -55
- data/third_party/boringssl/crypto/rsa_extra/rsa_asn1.c +3 -22
- data/third_party/boringssl/crypto/x509/by_dir.c +1 -3
- data/third_party/boringssl/crypto/x509/by_file.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_obj.c +1 -3
- data/third_party/boringssl/crypto/x509/x509_txt.c +0 -6
- data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -1
- data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -1
- data/third_party/boringssl/crypto/x509/x_algor.c +2 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +3 -4
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_info.c +1 -2
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +15 -7
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +41 -2
- data/third_party/boringssl/include/openssl/asn1.h +0 -1
- data/third_party/boringssl/include/openssl/base.h +1 -1
- data/third_party/boringssl/include/openssl/bio.h +5 -2
- data/third_party/boringssl/include/openssl/bn.h +2 -17
- data/third_party/boringssl/include/openssl/buf.h +4 -0
- data/third_party/boringssl/include/openssl/bytestring.h +11 -0
- data/third_party/boringssl/include/openssl/chacha.h +5 -1
- data/third_party/boringssl/include/openssl/cipher.h +10 -0
- data/third_party/boringssl/include/openssl/conf.h +4 -8
- data/third_party/boringssl/include/openssl/dsa.h +2 -18
- data/third_party/boringssl/include/openssl/ec.h +5 -5
- data/third_party/boringssl/include/openssl/ecdsa.h +10 -28
- data/third_party/boringssl/include/openssl/evp.h +0 -4
- data/third_party/boringssl/include/openssl/lhash.h +1 -18
- data/third_party/boringssl/include/openssl/obj.h +1 -0
- data/third_party/boringssl/include/openssl/rsa.h +3 -4
- data/third_party/boringssl/include/openssl/ssl.h +35 -54
- data/third_party/boringssl/include/openssl/ssl3.h +2 -0
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +1 -16
- data/third_party/boringssl/include/openssl/x509.h +3 -2
- data/third_party/boringssl/include/openssl/x509_vfy.h +0 -2
- data/third_party/boringssl/include/openssl/x509v3.h +1 -0
- data/third_party/boringssl/ssl/custom_extensions.cc +1 -1
- data/third_party/boringssl/ssl/d1_both.cc +120 -129
- data/third_party/boringssl/ssl/d1_lib.cc +23 -21
- data/third_party/boringssl/ssl/d1_pkt.cc +39 -143
- data/third_party/boringssl/ssl/dtls_method.cc +16 -23
- data/third_party/boringssl/ssl/dtls_record.cc +11 -4
- data/third_party/boringssl/ssl/handshake.cc +109 -40
- data/third_party/boringssl/ssl/handshake_client.cc +104 -96
- data/third_party/boringssl/ssl/handshake_server.cc +62 -72
- data/third_party/boringssl/ssl/internal.h +397 -318
- data/third_party/boringssl/ssl/s3_both.cc +173 -191
- data/third_party/boringssl/ssl/s3_lib.cc +26 -34
- data/third_party/boringssl/ssl/s3_pkt.cc +105 -247
- data/third_party/boringssl/ssl/ssl_asn1.cc +22 -22
- data/third_party/boringssl/ssl/ssl_buffer.cc +98 -108
- data/third_party/boringssl/ssl/ssl_cert.cc +12 -1
- data/third_party/boringssl/ssl/ssl_cipher.cc +23 -28
- data/third_party/boringssl/ssl/ssl_key_share.cc +11 -6
- data/third_party/boringssl/ssl/ssl_lib.cc +190 -113
- data/third_party/boringssl/ssl/ssl_privkey.cc +76 -106
- data/third_party/boringssl/ssl/ssl_session.cc +3 -3
- data/third_party/boringssl/ssl/ssl_stat.cc +3 -3
- data/third_party/boringssl/ssl/ssl_transcript.cc +38 -22
- data/third_party/boringssl/ssl/ssl_versions.cc +64 -31
- data/third_party/boringssl/ssl/t1_enc.cc +137 -154
- data/third_party/boringssl/ssl/t1_lib.cc +463 -478
- data/third_party/boringssl/ssl/tls13_both.cc +57 -58
- data/third_party/boringssl/ssl/tls13_client.cc +256 -121
- data/third_party/boringssl/ssl/tls13_enc.cc +187 -72
- data/third_party/boringssl/ssl/tls13_server.cc +187 -86
- data/third_party/boringssl/ssl/tls_method.cc +20 -30
- data/third_party/boringssl/ssl/tls_record.cc +77 -40
- data/third_party/boringssl/third_party/fiat/curve25519.c +5062 -0
- data/third_party/boringssl/{crypto/curve25519 → third_party/fiat}/internal.h +40 -27
- data/third_party/nanopb/pb.h +1 -1
- metadata +147 -45
- data/src/core/lib/gpr/thd.cc +0 -49
- data/src/core/lib/gpr/thd.h +0 -71
- data/src/core/lib/gpr/thd_posix.cc +0 -154
- data/src/core/lib/gpr/thd_windows.cc +0 -107
- data/src/core/lib/iomgr/iomgr_uv.h +0 -37
- data/src/core/lib/iomgr/pollset_set_uv.cc +0 -43
- data/src/core/lib/iomgr/resolve_address_uv.cc +0 -284
- data/src/core/lib/iomgr/tcp_client_uv.cc +0 -175
- data/src/core/lib/iomgr/tcp_server_uv.cc +0 -471
- data/src/core/lib/iomgr/tcp_uv.h +0 -51
- data/src/core/lib/security/transport/lb_targets_info.cc +0 -59
- data/src/core/lib/slice/slice_hash_table.cc +0 -145
- data/third_party/boringssl/crypto/curve25519/curve25519.c +0 -4938
@@ -37,57 +37,61 @@ namespace bssl {
|
|
37
37
|
// without being able to return application data.
|
38
38
|
static const uint8_t kMaxKeyUpdates = 32;
|
39
39
|
|
40
|
-
|
41
|
-
|
40
|
+
const uint8_t kHelloRetryRequest[SSL3_RANDOM_SIZE] = {
|
41
|
+
0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c,
|
42
|
+
0x02, 0x1e, 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb,
|
43
|
+
0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c,
|
44
|
+
};
|
45
|
+
|
46
|
+
bool tls13_get_cert_verify_signature_input(
|
47
|
+
SSL_HANDSHAKE *hs, Array<uint8_t> *out,
|
42
48
|
enum ssl_cert_verify_context_t cert_verify_context) {
|
43
49
|
ScopedCBB cbb;
|
44
50
|
if (!CBB_init(cbb.get(), 64 + 33 + 1 + 2 * EVP_MAX_MD_SIZE)) {
|
45
51
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
46
|
-
return
|
52
|
+
return false;
|
47
53
|
}
|
48
54
|
|
49
55
|
for (size_t i = 0; i < 64; i++) {
|
50
56
|
if (!CBB_add_u8(cbb.get(), 0x20)) {
|
51
57
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
52
|
-
return
|
58
|
+
return false;
|
53
59
|
}
|
54
60
|
}
|
55
61
|
|
56
|
-
const
|
57
|
-
size_t context_len;
|
62
|
+
Span<const char> context;
|
58
63
|
if (cert_verify_context == ssl_cert_verify_server) {
|
59
|
-
// Include the NUL byte.
|
60
64
|
static const char kContext[] = "TLS 1.3, server CertificateVerify";
|
61
|
-
context =
|
62
|
-
context_len = sizeof(kContext);
|
65
|
+
context = kContext;
|
63
66
|
} else if (cert_verify_context == ssl_cert_verify_client) {
|
64
67
|
static const char kContext[] = "TLS 1.3, client CertificateVerify";
|
65
|
-
context =
|
66
|
-
context_len = sizeof(kContext);
|
68
|
+
context = kContext;
|
67
69
|
} else if (cert_verify_context == ssl_cert_verify_channel_id) {
|
68
70
|
static const char kContext[] = "TLS 1.3, Channel ID";
|
69
|
-
context =
|
70
|
-
context_len = sizeof(kContext);
|
71
|
+
context = kContext;
|
71
72
|
} else {
|
72
73
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
73
|
-
return
|
74
|
+
return false;
|
74
75
|
}
|
75
76
|
|
76
|
-
|
77
|
+
// Note |context| includes the NUL byte separator.
|
78
|
+
if (!CBB_add_bytes(cbb.get(),
|
79
|
+
reinterpret_cast<const uint8_t *>(context.data()),
|
80
|
+
context.size())) {
|
77
81
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
78
|
-
return
|
82
|
+
return false;
|
79
83
|
}
|
80
84
|
|
81
85
|
uint8_t context_hash[EVP_MAX_MD_SIZE];
|
82
86
|
size_t context_hash_len;
|
83
87
|
if (!hs->transcript.GetHash(context_hash, &context_hash_len) ||
|
84
88
|
!CBB_add_bytes(cbb.get(), context_hash, context_hash_len) ||
|
85
|
-
!
|
89
|
+
!CBBFinishArray(cbb.get(), out)) {
|
86
90
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
87
|
-
return
|
91
|
+
return false;
|
88
92
|
}
|
89
93
|
|
90
|
-
return
|
94
|
+
return true;
|
91
95
|
}
|
92
96
|
|
93
97
|
int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
@@ -98,14 +102,14 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
98
102
|
CBS_len(&context) != 0 ||
|
99
103
|
!CBS_get_u24_length_prefixed(&body, &certificate_list) ||
|
100
104
|
CBS_len(&body) != 0) {
|
101
|
-
|
105
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
102
106
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
103
107
|
return 0;
|
104
108
|
}
|
105
109
|
|
106
110
|
UniquePtr<STACK_OF(CRYPTO_BUFFER)> certs(sk_CRYPTO_BUFFER_new_null());
|
107
111
|
if (!certs) {
|
108
|
-
|
112
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
109
113
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
110
114
|
return 0;
|
111
115
|
}
|
@@ -118,7 +122,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
118
122
|
if (!CBS_get_u24_length_prefixed(&certificate_list, &certificate) ||
|
119
123
|
!CBS_get_u16_length_prefixed(&certificate_list, &extensions) ||
|
120
124
|
CBS_len(&certificate) == 0) {
|
121
|
-
|
125
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
122
126
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
|
123
127
|
return 0;
|
124
128
|
}
|
@@ -126,14 +130,14 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
126
130
|
if (sk_CRYPTO_BUFFER_num(certs.get()) == 0) {
|
127
131
|
pkey = ssl_cert_parse_pubkey(&certificate);
|
128
132
|
if (!pkey) {
|
129
|
-
|
133
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
130
134
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
131
135
|
return 0;
|
132
136
|
}
|
133
137
|
// TLS 1.3 always uses certificate keys for signing thus the correct
|
134
138
|
// keyUsage is enforced.
|
135
139
|
if (!ssl_cert_check_digital_signature_key_usage(&certificate)) {
|
136
|
-
|
140
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
137
141
|
return 0;
|
138
142
|
}
|
139
143
|
|
@@ -148,7 +152,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
148
152
|
CRYPTO_BUFFER_new_from_CBS(&certificate, ssl->ctx->pool));
|
149
153
|
if (!buf ||
|
150
154
|
!PushToStack(certs.get(), std::move(buf))) {
|
151
|
-
|
155
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
152
156
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
153
157
|
return 0;
|
154
158
|
}
|
@@ -165,7 +169,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
165
169
|
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
166
170
|
OPENSSL_ARRAY_SIZE(ext_types),
|
167
171
|
0 /* reject unknown */)) {
|
168
|
-
|
172
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
169
173
|
return 0;
|
170
174
|
}
|
171
175
|
|
@@ -174,7 +178,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
174
178
|
if (have_status_request) {
|
175
179
|
if (ssl->server || !ssl->ocsp_stapling_enabled) {
|
176
180
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
177
|
-
|
181
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
178
182
|
return 0;
|
179
183
|
}
|
180
184
|
|
@@ -185,7 +189,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
185
189
|
!CBS_get_u24_length_prefixed(&status_request, &ocsp_response) ||
|
186
190
|
CBS_len(&ocsp_response) == 0 ||
|
187
191
|
CBS_len(&status_request) != 0) {
|
188
|
-
|
192
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
189
193
|
return 0;
|
190
194
|
}
|
191
195
|
|
@@ -194,7 +198,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
194
198
|
hs->new_session->ocsp_response =
|
195
199
|
CRYPTO_BUFFER_new_from_CBS(&ocsp_response, ssl->ctx->pool);
|
196
200
|
if (hs->new_session->ocsp_response == nullptr) {
|
197
|
-
|
201
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
198
202
|
return 0;
|
199
203
|
}
|
200
204
|
}
|
@@ -203,13 +207,13 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
203
207
|
if (have_sct) {
|
204
208
|
if (ssl->server || !ssl->signed_cert_timestamps_enabled) {
|
205
209
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
206
|
-
|
210
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
207
211
|
return 0;
|
208
212
|
}
|
209
213
|
|
210
214
|
if (!ssl_is_sct_list_valid(&sct)) {
|
211
215
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
|
212
|
-
|
216
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
213
217
|
return 0;
|
214
218
|
}
|
215
219
|
|
@@ -218,7 +222,7 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
218
222
|
hs->new_session->signed_cert_timestamp_list =
|
219
223
|
CRYPTO_BUFFER_new_from_CBS(&sct, ssl->ctx->pool);
|
220
224
|
if (hs->new_session->signed_cert_timestamp_list == nullptr) {
|
221
|
-
|
225
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
222
226
|
return 0;
|
223
227
|
}
|
224
228
|
}
|
@@ -238,14 +242,14 @@ int tls13_process_certificate(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
238
242
|
|
239
243
|
if (!ssl->ctx->x509_method->session_cache_objects(hs->new_session.get())) {
|
240
244
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
241
|
-
|
245
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
242
246
|
return 0;
|
243
247
|
}
|
244
248
|
|
245
249
|
if (sk_CRYPTO_BUFFER_num(hs->new_session->certs) == 0) {
|
246
250
|
if (!allow_anonymous) {
|
247
251
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
|
248
|
-
|
252
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_CERTIFICATE_REQUIRED);
|
249
253
|
return 0;
|
250
254
|
}
|
251
255
|
|
@@ -274,37 +278,34 @@ int tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
|
274
278
|
!CBS_get_u16_length_prefixed(&body, &signature) ||
|
275
279
|
CBS_len(&body) != 0) {
|
276
280
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
277
|
-
|
281
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
278
282
|
return 0;
|
279
283
|
}
|
280
284
|
|
281
285
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
282
286
|
if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
|
283
|
-
|
287
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
284
288
|
return 0;
|
285
289
|
}
|
286
290
|
hs->new_session->peer_signature_algorithm = signature_algorithm;
|
287
291
|
|
288
|
-
uint8_t
|
289
|
-
size_t input_len;
|
292
|
+
Array<uint8_t> input;
|
290
293
|
if (!tls13_get_cert_verify_signature_input(
|
291
|
-
hs, &input,
|
294
|
+
hs, &input,
|
292
295
|
ssl->server ? ssl_cert_verify_client : ssl_cert_verify_server)) {
|
293
|
-
|
296
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
294
297
|
return 0;
|
295
298
|
}
|
296
|
-
UniquePtr<uint8_t> free_input(input);
|
297
299
|
|
298
|
-
|
299
|
-
|
300
|
-
hs->peer_pubkey.get(), input, input_len);
|
300
|
+
bool sig_ok = ssl_public_key_verify(ssl, signature, signature_algorithm,
|
301
|
+
hs->peer_pubkey.get(), input);
|
301
302
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
302
|
-
sig_ok =
|
303
|
+
sig_ok = true;
|
303
304
|
ERR_clear_error();
|
304
305
|
#endif
|
305
306
|
if (!sig_ok) {
|
306
307
|
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SIGNATURE);
|
307
|
-
|
308
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
308
309
|
return 0;
|
309
310
|
}
|
310
311
|
|
@@ -334,7 +335,7 @@ int tls13_process_finished(SSL_HANDSHAKE *hs, const SSLMessage &msg,
|
|
334
335
|
finished_ok = 1;
|
335
336
|
#endif
|
336
337
|
if (!finished_ok) {
|
337
|
-
|
338
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
338
339
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
|
339
340
|
return 0;
|
340
341
|
}
|
@@ -437,22 +438,20 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
437
438
|
size_t sig_len;
|
438
439
|
if (!CBB_add_u16_length_prefixed(&body, &child) ||
|
439
440
|
!CBB_reserve(&child, &sig, max_sig_len)) {
|
440
|
-
|
441
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
441
442
|
return ssl_private_key_failure;
|
442
443
|
}
|
443
444
|
|
444
|
-
uint8_t
|
445
|
-
size_t msg_len;
|
445
|
+
Array<uint8_t> msg;
|
446
446
|
if (!tls13_get_cert_verify_signature_input(
|
447
|
-
hs, &msg,
|
447
|
+
hs, &msg,
|
448
448
|
ssl->server ? ssl_cert_verify_server : ssl_cert_verify_client)) {
|
449
|
-
|
449
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
450
450
|
return ssl_private_key_failure;
|
451
451
|
}
|
452
|
-
UniquePtr<uint8_t> free_msg(msg);
|
453
452
|
|
454
453
|
enum ssl_private_key_result_t sign_result = ssl_private_key_sign(
|
455
|
-
hs, sig, &sig_len, max_sig_len, signature_algorithm, msg
|
454
|
+
hs, sig, &sig_len, max_sig_len, signature_algorithm, msg);
|
456
455
|
if (sign_result != ssl_private_key_success) {
|
457
456
|
return sign_result;
|
458
457
|
}
|
@@ -471,7 +470,7 @@ int tls13_add_finished(SSL_HANDSHAKE *hs) {
|
|
471
470
|
uint8_t verify_data[EVP_MAX_MD_SIZE];
|
472
471
|
|
473
472
|
if (!tls13_finished_mac(hs, verify_data, &verify_data_len, ssl->server)) {
|
474
|
-
|
473
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
475
474
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DIGEST_CHECK_FAILED);
|
476
475
|
return 0;
|
477
476
|
}
|
@@ -495,7 +494,7 @@ static int tls13_receive_key_update(SSL *ssl, const SSLMessage &msg) {
|
|
495
494
|
(key_update_request != SSL_KEY_UPDATE_NOT_REQUESTED &&
|
496
495
|
key_update_request != SSL_KEY_UPDATE_REQUESTED)) {
|
497
496
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
498
|
-
|
497
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
499
498
|
return 0;
|
500
499
|
}
|
501
500
|
|
@@ -531,7 +530,7 @@ int tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
|
|
531
530
|
ssl->s3->key_update_count++;
|
532
531
|
if (ssl->s3->key_update_count > kMaxKeyUpdates) {
|
533
532
|
OPENSSL_PUT_ERROR(SSL, SSL_R_TOO_MANY_KEY_UPDATES);
|
534
|
-
|
533
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
535
534
|
return 0;
|
536
535
|
}
|
537
536
|
|
@@ -544,7 +543,7 @@ int tls13_post_handshake(SSL *ssl, const SSLMessage &msg) {
|
|
544
543
|
return tls13_process_new_session_ticket(ssl, msg);
|
545
544
|
}
|
546
545
|
|
547
|
-
|
546
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
548
547
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
|
549
548
|
return 0;
|
550
549
|
}
|
@@ -36,7 +36,6 @@ enum client_hs_state_t {
|
|
36
36
|
state_read_hello_retry_request = 0,
|
37
37
|
state_send_second_client_hello,
|
38
38
|
state_read_server_hello,
|
39
|
-
state_process_change_cipher_spec,
|
40
39
|
state_read_encrypted_extensions,
|
41
40
|
state_read_certificate_request,
|
42
41
|
state_read_server_certificate,
|
@@ -53,49 +52,119 @@ static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
|
|
53
52
|
|
54
53
|
static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
|
55
54
|
SSL *const ssl = hs->ssl;
|
55
|
+
assert(ssl->s3->have_version);
|
56
56
|
SSLMessage msg;
|
57
57
|
if (!ssl->method->get_message(ssl, &msg)) {
|
58
58
|
return ssl_hs_read_message;
|
59
59
|
}
|
60
|
-
|
61
|
-
|
62
|
-
|
60
|
+
|
61
|
+
CBS extensions;
|
62
|
+
uint16_t cipher_suite = 0;
|
63
|
+
if (ssl_is_draft22(ssl->version)) {
|
64
|
+
// Queue up a ChangeCipherSpec for whenever we next send something. This
|
65
|
+
// will be before the second ClientHello. If we offered early data, this was
|
66
|
+
// already done.
|
67
|
+
if (!hs->early_data_offered &&
|
68
|
+
!ssl->method->add_change_cipher_spec(ssl)) {
|
69
|
+
return ssl_hs_error;
|
70
|
+
}
|
71
|
+
|
72
|
+
if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO)) {
|
73
|
+
return ssl_hs_error;
|
74
|
+
}
|
75
|
+
|
76
|
+
CBS body = msg.body, server_random, session_id;
|
77
|
+
uint16_t server_version;
|
78
|
+
if (!CBS_get_u16(&body, &server_version) ||
|
79
|
+
!CBS_get_bytes(&body, &server_random, SSL3_RANDOM_SIZE) ||
|
80
|
+
!CBS_get_u8_length_prefixed(&body, &session_id) ||
|
81
|
+
!CBS_get_u16(&body, &cipher_suite) ||
|
82
|
+
!CBS_skip(&body, 1) ||
|
83
|
+
!CBS_get_u16_length_prefixed(&body, &extensions) ||
|
84
|
+
CBS_len(&extensions) == 0 ||
|
85
|
+
CBS_len(&body) != 0) {
|
86
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
87
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
88
|
+
return ssl_hs_error;
|
89
|
+
}
|
90
|
+
|
91
|
+
if (!CBS_mem_equal(&server_random, kHelloRetryRequest, SSL3_RANDOM_SIZE)) {
|
92
|
+
hs->tls13_state = state_read_server_hello;
|
93
|
+
return ssl_hs_ok;
|
94
|
+
}
|
95
|
+
} else {
|
96
|
+
if (msg.type != SSL3_MT_HELLO_RETRY_REQUEST) {
|
97
|
+
hs->tls13_state = state_read_server_hello;
|
98
|
+
return ssl_hs_ok;
|
99
|
+
}
|
100
|
+
|
101
|
+
CBS body = msg.body;
|
102
|
+
uint16_t server_version;
|
103
|
+
if (!CBS_get_u16(&body, &server_version) ||
|
104
|
+
(ssl_is_draft21(ssl->version) &&
|
105
|
+
!CBS_get_u16(&body, &cipher_suite)) ||
|
106
|
+
!CBS_get_u16_length_prefixed(&body, &extensions) ||
|
107
|
+
CBS_len(&body) != 0) {
|
108
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
109
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
110
|
+
return ssl_hs_error;
|
111
|
+
}
|
63
112
|
}
|
64
113
|
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
114
|
+
if (ssl_is_draft21(ssl->version)) {
|
115
|
+
const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
|
116
|
+
// Check if the cipher is a TLS 1.3 cipher.
|
117
|
+
if (cipher == NULL ||
|
118
|
+
SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
|
119
|
+
SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl)) {
|
120
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
|
121
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
122
|
+
return ssl_hs_error;
|
123
|
+
}
|
124
|
+
|
125
|
+
hs->new_cipher = cipher;
|
126
|
+
|
127
|
+
if (!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
|
128
|
+
!hs->transcript.UpdateForHelloRetryRequest()) {
|
129
|
+
return ssl_hs_error;
|
130
|
+
}
|
75
131
|
}
|
76
132
|
|
77
|
-
|
78
|
-
|
133
|
+
|
134
|
+
bool have_cookie, have_key_share, have_supported_versions;
|
135
|
+
CBS cookie, key_share, supported_versions;
|
79
136
|
const SSL_EXTENSION_TYPE ext_types[] = {
|
80
137
|
{TLSEXT_TYPE_key_share, &have_key_share, &key_share},
|
81
138
|
{TLSEXT_TYPE_cookie, &have_cookie, &cookie},
|
139
|
+
{TLSEXT_TYPE_supported_versions, &have_supported_versions,
|
140
|
+
&supported_versions},
|
82
141
|
};
|
83
142
|
|
84
143
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
85
144
|
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
86
145
|
OPENSSL_ARRAY_SIZE(ext_types),
|
87
146
|
0 /* reject unknown */)) {
|
88
|
-
|
147
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
89
148
|
return ssl_hs_error;
|
90
149
|
}
|
91
150
|
|
151
|
+
if (!ssl_is_draft22(ssl->version) && have_supported_versions) {
|
152
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
153
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
154
|
+
return ssl_hs_error;
|
155
|
+
}
|
156
|
+
if (!have_cookie && !have_key_share) {
|
157
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EMPTY_HELLO_RETRY_REQUEST);
|
158
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
159
|
+
return ssl_hs_error;
|
160
|
+
}
|
92
161
|
if (have_cookie) {
|
93
162
|
CBS cookie_value;
|
94
163
|
if (!CBS_get_u16_length_prefixed(&cookie, &cookie_value) ||
|
95
164
|
CBS_len(&cookie_value) == 0 ||
|
96
165
|
CBS_len(&cookie) != 0) {
|
97
166
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
98
|
-
|
167
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
99
168
|
return ssl_hs_error;
|
100
169
|
}
|
101
170
|
|
@@ -108,13 +177,13 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
|
|
108
177
|
uint16_t group_id;
|
109
178
|
if (!CBS_get_u16(&key_share, &group_id) || CBS_len(&key_share) != 0) {
|
110
179
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
111
|
-
|
180
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
112
181
|
return ssl_hs_error;
|
113
182
|
}
|
114
183
|
|
115
184
|
// The group must be supported.
|
116
185
|
if (!tls1_check_group_id(ssl, group_id)) {
|
117
|
-
|
186
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
118
187
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
119
188
|
return ssl_hs_error;
|
120
189
|
}
|
@@ -122,7 +191,7 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
|
|
122
191
|
// Check that the HelloRetryRequest does not request the key share that
|
123
192
|
// was provided in the initial ClientHello.
|
124
193
|
if (hs->key_share->GroupID() == group_id) {
|
125
|
-
|
194
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
126
195
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
127
196
|
return ssl_hs_error;
|
128
197
|
}
|
@@ -188,7 +257,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
188
257
|
(!CBS_get_u8(&body, &compression_method) || compression_method != 0)) ||
|
189
258
|
!CBS_get_u16_length_prefixed(&body, &extensions) ||
|
190
259
|
CBS_len(&body) != 0) {
|
191
|
-
|
260
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
192
261
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
193
262
|
return ssl_hs_error;
|
194
263
|
}
|
@@ -197,27 +266,38 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
197
266
|
? TLS1_2_VERSION
|
198
267
|
: ssl->version;
|
199
268
|
if (server_version != expected_version) {
|
200
|
-
|
269
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
201
270
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_NUMBER);
|
202
271
|
return ssl_hs_error;
|
203
272
|
}
|
204
273
|
|
205
|
-
|
274
|
+
// Forbid a second HelloRetryRequest.
|
275
|
+
if (ssl_is_draft22(ssl->version) &&
|
276
|
+
CBS_mem_equal(&server_random, kHelloRetryRequest, SSL3_RANDOM_SIZE)) {
|
277
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
278
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
|
279
|
+
return ssl_hs_error;
|
280
|
+
}
|
281
|
+
|
206
282
|
OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
|
207
283
|
SSL3_RANDOM_SIZE);
|
208
284
|
|
285
|
+
// Check if the cipher is a TLS 1.3 cipher.
|
209
286
|
const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
|
210
|
-
if (cipher ==
|
211
|
-
|
212
|
-
|
287
|
+
if (cipher == nullptr ||
|
288
|
+
SSL_CIPHER_get_min_version(cipher) > ssl_protocol_version(ssl) ||
|
289
|
+
SSL_CIPHER_get_max_version(cipher) < ssl_protocol_version(ssl)) {
|
290
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
|
291
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
213
292
|
return ssl_hs_error;
|
214
293
|
}
|
215
294
|
|
216
|
-
// Check
|
217
|
-
if (
|
218
|
-
|
295
|
+
// Check that the cipher matches the one in the HelloRetryRequest.
|
296
|
+
if (ssl_is_draft21(ssl->version) &&
|
297
|
+
hs->received_hello_retry_request &&
|
298
|
+
hs->new_cipher != cipher) {
|
219
299
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
|
220
|
-
|
300
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
221
301
|
return ssl_hs_error;
|
222
302
|
}
|
223
303
|
|
@@ -236,7 +316,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
236
316
|
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
237
317
|
OPENSSL_ARRAY_SIZE(ext_types),
|
238
318
|
0 /* reject unknown */)) {
|
239
|
-
|
319
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
240
320
|
return ssl_hs_error;
|
241
321
|
}
|
242
322
|
|
@@ -244,7 +324,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
244
324
|
// TLS 1.3 version.
|
245
325
|
if (have_supported_versions && !ssl_is_resumption_experiment(ssl->version)) {
|
246
326
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
247
|
-
|
327
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
248
328
|
return ssl_hs_error;
|
249
329
|
}
|
250
330
|
|
@@ -252,25 +332,25 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
252
332
|
if (have_pre_shared_key) {
|
253
333
|
if (ssl->session == NULL) {
|
254
334
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
255
|
-
|
335
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
256
336
|
return ssl_hs_error;
|
257
337
|
}
|
258
338
|
|
259
339
|
if (!ssl_ext_pre_shared_key_parse_serverhello(hs, &alert,
|
260
340
|
&pre_shared_key)) {
|
261
|
-
|
341
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
262
342
|
return ssl_hs_error;
|
263
343
|
}
|
264
344
|
|
265
345
|
if (ssl->session->ssl_version != ssl->version) {
|
266
346
|
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
|
267
|
-
|
347
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
268
348
|
return ssl_hs_error;
|
269
349
|
}
|
270
350
|
|
271
351
|
if (ssl->session->cipher->algorithm_prf != cipher->algorithm_prf) {
|
272
352
|
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_PRF_HASH_MISMATCH);
|
273
|
-
|
353
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
274
354
|
return ssl_hs_error;
|
275
355
|
}
|
276
356
|
|
@@ -278,7 +358,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
278
358
|
// This is actually a client application bug.
|
279
359
|
OPENSSL_PUT_ERROR(SSL,
|
280
360
|
SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
|
281
|
-
|
361
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
282
362
|
return ssl_hs_error;
|
283
363
|
}
|
284
364
|
|
@@ -286,7 +366,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
286
366
|
// Only authentication information carries over in TLS 1.3.
|
287
367
|
hs->new_session = SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY);
|
288
368
|
if (!hs->new_session) {
|
289
|
-
|
369
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
290
370
|
return ssl_hs_error;
|
291
371
|
}
|
292
372
|
ssl_set_session(ssl, NULL);
|
@@ -295,32 +375,30 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
295
375
|
ssl_session_renew_timeout(ssl, hs->new_session.get(),
|
296
376
|
ssl->session_ctx->session_psk_dhe_timeout);
|
297
377
|
} else if (!ssl_get_new_session(hs, 0)) {
|
298
|
-
|
378
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
299
379
|
return ssl_hs_error;
|
300
380
|
}
|
301
381
|
|
302
382
|
hs->new_session->cipher = cipher;
|
303
383
|
hs->new_cipher = cipher;
|
304
384
|
|
305
|
-
|
306
|
-
|
307
|
-
return ssl_hs_error;
|
308
|
-
}
|
385
|
+
size_t hash_len =
|
386
|
+
EVP_MD_size(ssl_get_handshake_digest(ssl_protocol_version(ssl), cipher));
|
309
387
|
|
310
|
-
//
|
388
|
+
// Set up the key schedule and incorporate the PSK into the running secret.
|
311
389
|
if (ssl->s3->session_reused) {
|
312
|
-
if (!
|
313
|
-
|
390
|
+
if (!tls13_init_key_schedule(hs, hs->new_session->master_key,
|
391
|
+
hs->new_session->master_key_length)) {
|
314
392
|
return ssl_hs_error;
|
315
393
|
}
|
316
|
-
} else if (!
|
394
|
+
} else if (!tls13_init_key_schedule(hs, kZeroes, hash_len)) {
|
317
395
|
return ssl_hs_error;
|
318
396
|
}
|
319
397
|
|
320
398
|
if (!have_key_share) {
|
321
399
|
// We do not support psk_ke and thus always require a key share.
|
322
400
|
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
|
323
|
-
|
401
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
|
324
402
|
return ssl_hs_error;
|
325
403
|
}
|
326
404
|
|
@@ -329,41 +407,36 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
329
407
|
alert = SSL_AD_DECODE_ERROR;
|
330
408
|
if (!ssl_ext_key_share_parse_serverhello(hs, &dhe_secret, &alert,
|
331
409
|
&key_share)) {
|
332
|
-
|
410
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
333
411
|
return ssl_hs_error;
|
334
412
|
}
|
335
413
|
|
336
414
|
if (!tls13_advance_key_schedule(hs, dhe_secret.data(), dhe_secret.size()) ||
|
337
415
|
!ssl_hash_message(hs, msg) ||
|
338
|
-
!tls13_derive_handshake_secrets(hs)
|
339
|
-
|
340
|
-
}
|
341
|
-
|
342
|
-
ssl->method->next_message(ssl);
|
343
|
-
hs->tls13_state = state_process_change_cipher_spec;
|
344
|
-
return ssl_is_resumption_experiment(ssl->version)
|
345
|
-
? ssl_hs_read_change_cipher_spec
|
346
|
-
: ssl_hs_ok;
|
347
|
-
}
|
348
|
-
|
349
|
-
static enum ssl_hs_wait_t do_process_change_cipher_spec(SSL_HANDSHAKE *hs) {
|
350
|
-
SSL *const ssl = hs->ssl;
|
351
|
-
if (!tls13_set_traffic_key(ssl, evp_aead_open, hs->server_handshake_secret,
|
416
|
+
!tls13_derive_handshake_secrets(hs) ||
|
417
|
+
!tls13_set_traffic_key(ssl, evp_aead_open, hs->server_handshake_secret,
|
352
418
|
hs->hash_len)) {
|
353
419
|
return ssl_hs_error;
|
354
420
|
}
|
355
421
|
|
356
422
|
if (!hs->early_data_offered) {
|
423
|
+
// Earlier versions of the resumption experiment added ChangeCipherSpec just
|
424
|
+
// before the Finished flight.
|
425
|
+
if (ssl_is_resumption_client_ccs_experiment(ssl->version) &&
|
426
|
+
!ssl_is_draft22(ssl->version) &&
|
427
|
+
!ssl->method->add_change_cipher_spec(ssl)) {
|
428
|
+
return ssl_hs_error;
|
429
|
+
}
|
430
|
+
|
357
431
|
// If not sending early data, set client traffic keys now so that alerts are
|
358
432
|
// encrypted.
|
359
|
-
if ((
|
360
|
-
!ssl3_add_change_cipher_spec(ssl)) ||
|
361
|
-
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_handshake_secret,
|
433
|
+
if (!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_handshake_secret,
|
362
434
|
hs->hash_len)) {
|
363
435
|
return ssl_hs_error;
|
364
436
|
}
|
365
437
|
}
|
366
438
|
|
439
|
+
ssl->method->next_message(ssl);
|
367
440
|
hs->tls13_state = state_read_encrypted_extensions;
|
368
441
|
return ssl_hs_ok;
|
369
442
|
}
|
@@ -385,26 +458,26 @@ static enum ssl_hs_wait_t do_read_encrypted_extensions(SSL_HANDSHAKE *hs) {
|
|
385
458
|
}
|
386
459
|
if (CBS_len(&body) != 0) {
|
387
460
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
388
|
-
|
461
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
389
462
|
return ssl_hs_error;
|
390
463
|
}
|
391
464
|
|
392
465
|
// Store the negotiated ALPN in the session.
|
393
|
-
if (ssl->s3->alpn_selected
|
466
|
+
if (!ssl->s3->alpn_selected.empty()) {
|
394
467
|
hs->new_session->early_alpn = (uint8_t *)BUF_memdup(
|
395
|
-
ssl->s3->alpn_selected, ssl->s3->
|
468
|
+
ssl->s3->alpn_selected.data(), ssl->s3->alpn_selected.size());
|
396
469
|
if (hs->new_session->early_alpn == NULL) {
|
397
|
-
|
470
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
398
471
|
return ssl_hs_error;
|
399
472
|
}
|
400
|
-
hs->new_session->early_alpn_len = ssl->s3->
|
473
|
+
hs->new_session->early_alpn_len = ssl->s3->alpn_selected.size();
|
401
474
|
}
|
402
475
|
|
403
476
|
if (ssl->early_data_accepted) {
|
404
477
|
if (hs->early_session->cipher != hs->new_session->cipher ||
|
405
|
-
hs->early_session->
|
406
|
-
|
407
|
-
|
478
|
+
MakeConstSpan(hs->early_session->early_alpn,
|
479
|
+
hs->early_session->early_alpn_len) !=
|
480
|
+
ssl->s3->alpn_selected) {
|
408
481
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ALPN_MISMATCH_ON_EARLY_DATA);
|
409
482
|
return ssl_hs_error;
|
410
483
|
}
|
@@ -445,37 +518,81 @@ static enum ssl_hs_wait_t do_read_certificate_request(SSL_HANDSHAKE *hs) {
|
|
445
518
|
return ssl_hs_ok;
|
446
519
|
}
|
447
520
|
|
448
|
-
CBS body = msg.body, context, supported_signature_algorithms;
|
449
|
-
if (!CBS_get_u8_length_prefixed(&body, &context) ||
|
450
|
-
// The request context is always empty during the handshake.
|
451
|
-
CBS_len(&context) != 0 ||
|
452
|
-
!CBS_get_u16_length_prefixed(&body, &supported_signature_algorithms) ||
|
453
|
-
CBS_len(&supported_signature_algorithms) == 0 ||
|
454
|
-
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
|
455
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
456
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
457
|
-
return ssl_hs_error;
|
458
|
-
}
|
459
521
|
|
460
|
-
|
461
|
-
|
462
|
-
|
463
|
-
|
464
|
-
|
465
|
-
|
466
|
-
|
522
|
+
if (ssl_is_draft21(ssl->version)) {
|
523
|
+
bool have_sigalgs = false, have_ca = false;
|
524
|
+
CBS sigalgs, ca;
|
525
|
+
const SSL_EXTENSION_TYPE ext_types[] = {
|
526
|
+
{TLSEXT_TYPE_signature_algorithms, &have_sigalgs, &sigalgs},
|
527
|
+
{TLSEXT_TYPE_certificate_authorities, &have_ca, &ca},
|
528
|
+
};
|
529
|
+
|
530
|
+
CBS body = msg.body, context, extensions, supported_signature_algorithms;
|
531
|
+
uint8_t alert = SSL_AD_DECODE_ERROR;
|
532
|
+
if (!CBS_get_u8_length_prefixed(&body, &context) ||
|
533
|
+
// The request context is always empty during the handshake.
|
534
|
+
CBS_len(&context) != 0 ||
|
535
|
+
!CBS_get_u16_length_prefixed(&body, &extensions) ||
|
536
|
+
CBS_len(&body) != 0 ||
|
537
|
+
!ssl_parse_extensions(&extensions, &alert, ext_types,
|
538
|
+
OPENSSL_ARRAY_SIZE(ext_types),
|
539
|
+
1 /* accept unknown */) ||
|
540
|
+
(have_ca && CBS_len(&ca) == 0) ||
|
541
|
+
!have_sigalgs ||
|
542
|
+
!CBS_get_u16_length_prefixed(&sigalgs,
|
543
|
+
&supported_signature_algorithms) ||
|
544
|
+
CBS_len(&supported_signature_algorithms) == 0 ||
|
545
|
+
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
|
546
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
547
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
548
|
+
return ssl_hs_error;
|
549
|
+
}
|
467
550
|
|
468
|
-
|
469
|
-
|
470
|
-
|
471
|
-
|
472
|
-
|
473
|
-
|
474
|
-
|
551
|
+
if (have_ca) {
|
552
|
+
hs->ca_names = ssl_parse_client_CA_list(ssl, &alert, &ca);
|
553
|
+
if (!hs->ca_names) {
|
554
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
555
|
+
return ssl_hs_error;
|
556
|
+
}
|
557
|
+
} else {
|
558
|
+
hs->ca_names.reset(sk_CRYPTO_BUFFER_new_null());
|
559
|
+
if (!hs->ca_names) {
|
560
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
561
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
562
|
+
return ssl_hs_error;
|
563
|
+
}
|
564
|
+
}
|
565
|
+
} else {
|
566
|
+
CBS body = msg.body, context, supported_signature_algorithms;
|
567
|
+
if (!CBS_get_u8_length_prefixed(&body, &context) ||
|
568
|
+
// The request context is always empty during the handshake.
|
569
|
+
CBS_len(&context) != 0 ||
|
570
|
+
!CBS_get_u16_length_prefixed(&body, &supported_signature_algorithms) ||
|
571
|
+
CBS_len(&supported_signature_algorithms) == 0 ||
|
572
|
+
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
|
573
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
574
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
575
|
+
return ssl_hs_error;
|
576
|
+
}
|
577
|
+
|
578
|
+
uint8_t alert = SSL_AD_DECODE_ERROR;
|
579
|
+
hs->ca_names = ssl_parse_client_CA_list(ssl, &alert, &body);
|
580
|
+
if (!hs->ca_names) {
|
581
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
582
|
+
return ssl_hs_error;
|
583
|
+
}
|
584
|
+
|
585
|
+
// Ignore extensions.
|
586
|
+
CBS extensions;
|
587
|
+
if (!CBS_get_u16_length_prefixed(&body, &extensions) ||
|
588
|
+
CBS_len(&body) != 0) {
|
589
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
590
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
591
|
+
return ssl_hs_error;
|
592
|
+
}
|
475
593
|
}
|
476
594
|
|
477
595
|
hs->cert_request = true;
|
478
|
-
hs->ca_names = std::move(ca_names);
|
479
596
|
ssl->ctx->x509_method->hs_flush_cached_ca_names(hs);
|
480
597
|
|
481
598
|
if (!ssl_hash_message(hs, msg)) {
|
@@ -557,16 +674,24 @@ static enum ssl_hs_wait_t do_send_end_of_early_data(SSL_HANDSHAKE *hs) {
|
|
557
674
|
|
558
675
|
if (ssl->early_data_accepted) {
|
559
676
|
hs->can_early_write = false;
|
560
|
-
if (
|
561
|
-
|
562
|
-
|
677
|
+
if (ssl_is_draft21(ssl->version)) {
|
678
|
+
ScopedCBB cbb;
|
679
|
+
CBB body;
|
680
|
+
if (!ssl->method->init_message(ssl, cbb.get(), &body,
|
681
|
+
SSL3_MT_END_OF_EARLY_DATA) ||
|
682
|
+
!ssl_add_message_cbb(ssl, cbb.get())) {
|
683
|
+
return ssl_hs_error;
|
684
|
+
}
|
685
|
+
} else {
|
686
|
+
if (!ssl->method->add_alert(ssl, SSL3_AL_WARNING,
|
687
|
+
TLS1_AD_END_OF_EARLY_DATA)) {
|
688
|
+
return ssl_hs_error;
|
689
|
+
}
|
563
690
|
}
|
564
691
|
}
|
565
692
|
|
566
693
|
if (hs->early_data_offered) {
|
567
|
-
if ((
|
568
|
-
!ssl3_add_change_cipher_spec(ssl)) ||
|
569
|
-
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_handshake_secret,
|
694
|
+
if (!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_handshake_secret,
|
570
695
|
hs->hash_len)) {
|
571
696
|
return ssl_hs_error;
|
572
697
|
}
|
@@ -589,7 +714,7 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
|
|
589
714
|
if (ssl->cert->cert_cb != NULL) {
|
590
715
|
int rv = ssl->cert->cert_cb(ssl, ssl->cert->cert_cb_arg);
|
591
716
|
if (rv == 0) {
|
592
|
-
|
717
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
593
718
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_CB_ERROR);
|
594
719
|
return ssl_hs_error;
|
595
720
|
}
|
@@ -689,9 +814,6 @@ enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) {
|
|
689
814
|
case state_read_server_hello:
|
690
815
|
ret = do_read_server_hello(hs);
|
691
816
|
break;
|
692
|
-
case state_process_change_cipher_spec:
|
693
|
-
ret = do_process_change_cipher_spec(hs);
|
694
|
-
break;
|
695
817
|
case state_read_encrypted_extensions:
|
696
818
|
ret = do_read_encrypted_extensions(hs);
|
697
819
|
break;
|
@@ -746,8 +868,6 @@ const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs) {
|
|
746
868
|
return "TLS 1.3 client send_second_client_hello";
|
747
869
|
case state_read_server_hello:
|
748
870
|
return "TLS 1.3 client read_server_hello";
|
749
|
-
case state_process_change_cipher_spec:
|
750
|
-
return "TLS 1.3 client process_change_cipher_spec";
|
751
871
|
case state_read_encrypted_extensions:
|
752
872
|
return "TLS 1.3 client read_encrypted_extensions";
|
753
873
|
case state_read_certificate_request:
|
@@ -774,8 +894,15 @@ const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs) {
|
|
774
894
|
}
|
775
895
|
|
776
896
|
int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
777
|
-
|
778
|
-
|
897
|
+
if (ssl->s3->write_shutdown != ssl_shutdown_none) {
|
898
|
+
// Ignore tickets on shutdown. Callers tend to indiscriminately call
|
899
|
+
// |SSL_shutdown| before destroying an |SSL|, at which point calling the new
|
900
|
+
// session callback may be confusing.
|
901
|
+
return 1;
|
902
|
+
}
|
903
|
+
|
904
|
+
UniquePtr<SSL_SESSION> session = SSL_SESSION_dup(
|
905
|
+
ssl->s3->established_session.get(), SSL_SESSION_INCLUDE_NONAUTH);
|
779
906
|
if (!session) {
|
780
907
|
return 0;
|
781
908
|
}
|
@@ -783,14 +910,16 @@ int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
783
910
|
ssl_session_rebase_time(ssl, session.get());
|
784
911
|
|
785
912
|
uint32_t server_timeout;
|
786
|
-
CBS body = msg.body, ticket, extensions;
|
913
|
+
CBS body = msg.body, ticket_nonce, ticket, extensions;
|
787
914
|
if (!CBS_get_u32(&body, &server_timeout) ||
|
788
915
|
!CBS_get_u32(&body, &session->ticket_age_add) ||
|
916
|
+
(ssl_is_draft21(ssl->version) &&
|
917
|
+
!CBS_get_u8_length_prefixed(&body, &ticket_nonce)) ||
|
789
918
|
!CBS_get_u16_length_prefixed(&body, &ticket) ||
|
790
919
|
!CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) ||
|
791
920
|
!CBS_get_u16_length_prefixed(&body, &extensions) ||
|
792
921
|
CBS_len(&body) != 0) {
|
793
|
-
|
922
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
794
923
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
795
924
|
return 0;
|
796
925
|
}
|
@@ -801,26 +930,32 @@ int tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
801
930
|
session->timeout = server_timeout;
|
802
931
|
}
|
803
932
|
|
933
|
+
if (!tls13_derive_session_psk(session.get(), ticket_nonce)) {
|
934
|
+
return 0;
|
935
|
+
}
|
936
|
+
|
804
937
|
// Parse out the extensions.
|
805
938
|
bool have_early_data_info = false;
|
806
939
|
CBS early_data_info;
|
940
|
+
uint16_t ext_id = ssl_is_draft21(ssl->version)
|
941
|
+
? TLSEXT_TYPE_early_data
|
942
|
+
: TLSEXT_TYPE_ticket_early_data_info;
|
807
943
|
const SSL_EXTENSION_TYPE ext_types[] = {
|
808
|
-
{
|
809
|
-
&early_data_info},
|
944
|
+
{ext_id, &have_early_data_info, &early_data_info},
|
810
945
|
};
|
811
946
|
|
812
947
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
813
948
|
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
814
949
|
OPENSSL_ARRAY_SIZE(ext_types),
|
815
950
|
1 /* ignore unknown */)) {
|
816
|
-
|
951
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
817
952
|
return 0;
|
818
953
|
}
|
819
954
|
|
820
955
|
if (have_early_data_info && ssl->cert->enable_early_data) {
|
821
956
|
if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) ||
|
822
957
|
CBS_len(&early_data_info) != 0) {
|
823
|
-
|
958
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
824
959
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
825
960
|
return 0;
|
826
961
|
}
|