grpc 1.12.0 → 1.13.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +314 -23
- data/include/grpc/impl/codegen/fork.h +4 -4
- data/include/grpc/impl/codegen/grpc_types.h +1 -1
- data/include/grpc/impl/codegen/port_platform.h +3 -0
- data/src/boringssl/err_data.c +256 -246
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel.cc +367 -272
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +42 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +36 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +36 -102
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +37 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +22 -19
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +3 -3
- data/src/core/ext/filters/http/client_authority_filter.cc +5 -4
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -4
- data/src/core/ext/filters/http/server/http_server_filter.cc +123 -131
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +9 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -19
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +10 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -12
- data/src/core/ext/transport/chttp2/transport/writing.cc +6 -6
- data/src/core/lib/channel/channel_stack.cc +0 -5
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channel_stack_builder.cc +0 -3
- data/src/core/lib/channel/channel_stack_builder.h +0 -2
- data/src/core/lib/channel/channel_trace.cc +3 -3
- data/src/core/lib/channel/channelz_registry.cc +77 -0
- data/src/core/lib/channel/channelz_registry.h +99 -0
- data/src/core/lib/channel/handshaker.cc +20 -1
- data/src/core/lib/debug/stats.h +7 -0
- data/src/core/lib/debug/stats_data.cc +5 -0
- data/src/core/lib/debug/stats_data.h +120 -0
- data/src/core/lib/debug/trace.h +11 -9
- data/src/core/lib/gprpp/fork.cc +260 -0
- data/src/core/lib/gprpp/fork.h +79 -0
- data/src/core/lib/gprpp/memory.h +12 -0
- data/src/core/lib/gprpp/orphanable.h +2 -6
- data/src/core/lib/gprpp/ref_counted.h +2 -6
- data/src/core/lib/gprpp/thd.h +0 -3
- data/src/core/lib/gprpp/thd_posix.cc +4 -53
- data/src/core/lib/gprpp/thd_windows.cc +0 -7
- data/src/core/lib/http/httpcli_security_connector.cc +1 -3
- data/src/core/lib/iomgr/combiner.cc +19 -2
- data/src/core/lib/iomgr/combiner.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -2
- data/src/core/lib/iomgr/ev_epollex_linux.cc +59 -3
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +1 -1
- data/src/core/lib/iomgr/ev_poll_posix.cc +2 -2
- data/src/core/lib/iomgr/ev_posix.cc +11 -4
- data/src/core/lib/iomgr/ev_posix.h +6 -0
- data/src/core/lib/iomgr/exec_ctx.cc +9 -9
- data/src/core/lib/iomgr/exec_ctx.h +39 -20
- data/src/core/lib/iomgr/fork_posix.cc +30 -18
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/polling_entity.cc +11 -2
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/port.h +38 -1
- data/src/core/lib/iomgr/resolve_address.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_posix.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_client_custom.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -2
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +18 -10
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +16 -4
- data/src/core/lib/iomgr/timer.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +113 -41
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +88 -115
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +16 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/security_connector/alts_security_connector.cc +2 -1
- data/src/core/lib/security/security_connector/security_connector.cc +7 -7
- data/src/core/lib/security/transport/security_handshaker.cc +1 -0
- data/src/core/lib/security/util/json_util.cc +4 -0
- data/src/core/lib/slice/slice_buffer.cc +15 -3
- data/src/core/lib/surface/call.cc +31 -17
- data/src/core/lib/surface/call.h +5 -0
- data/src/core/lib/surface/channel.cc +2 -5
- data/src/core/lib/surface/completion_queue.cc +1 -3
- data/src/core/lib/surface/completion_queue.h +0 -1
- data/src/core/lib/surface/init.cc +7 -8
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -1
- data/src/core/lib/transport/transport.h +4 -8
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -7
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +10 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +28 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +3 -0
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/ssl_transport_security.cc +238 -110
- data/src/core/tsi/transport_security.cc +14 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_interface.h +11 -1
- data/src/ruby/bin/math_client.rb +17 -9
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +4 -1
- data/third_party/boringssl/crypto/asn1/a_int.c +33 -28
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +24 -22
- data/third_party/boringssl/crypto/asn1/a_utf8.c +13 -11
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/bio/fd.c +1 -0
- data/third_party/boringssl/crypto/bio/file.c +2 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +6 -5
- data/third_party/boringssl/crypto/bytestring/ber.c +1 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +116 -16
- data/third_party/boringssl/crypto/bytestring/cbs.c +150 -20
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +171 -0
- data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +2 -0
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +1 -2
- data/third_party/boringssl/crypto/cpu-aarch64-fuchsia.c +55 -0
- data/third_party/boringssl/crypto/cpu-aarch64-linux.c +2 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +16 -54
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +11 -542
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +33 -64
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +122 -70
- data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +32 -71
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +58 -112
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +198 -122
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +31 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +2 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +98 -15
- data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +124 -81
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +8 -30
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +303 -347
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +2 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +3 -4
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +199 -222
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +27 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +45 -28
- data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +10 -10
- data/third_party/boringssl/crypto/fipsmodule/des/internal.h +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +78 -47
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +35 -54
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +3 -10
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +36 -22
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +59 -90
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +29 -48
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -26
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +15 -11
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +45 -51
- data/third_party/boringssl/crypto/fipsmodule/ec/{util-64.c → util.c} +0 -5
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +144 -264
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +78 -56
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +256 -0
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +36 -32
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +9 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +16 -10
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +255 -102
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +581 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/internal.h +39 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/kdf.c +165 -0
- data/third_party/boringssl/crypto/internal.h +65 -2
- data/third_party/boringssl/crypto/mem.c +0 -2
- data/third_party/boringssl/crypto/obj/obj.c +6 -73
- data/third_party/boringssl/crypto/thread_pthread.c +35 -5
- data/third_party/boringssl/crypto/x509/a_strex.c +11 -11
- data/third_party/boringssl/crypto/x509/x_name.c +13 -0
- data/third_party/boringssl/include/openssl/aead.h +4 -0
- data/third_party/boringssl/include/openssl/asn1.h +1 -3
- data/third_party/boringssl/include/openssl/base.h +1 -14
- data/third_party/boringssl/include/openssl/bio.h +1 -1
- data/third_party/boringssl/include/openssl/bn.h +49 -15
- data/third_party/boringssl/include/openssl/bytestring.h +49 -24
- data/third_party/boringssl/include/openssl/crypto.h +4 -0
- data/third_party/boringssl/include/openssl/ec_key.h +7 -3
- data/third_party/boringssl/include/openssl/err.h +9 -9
- data/third_party/boringssl/include/openssl/evp.h +1 -1
- data/third_party/boringssl/include/openssl/rsa.h +34 -10
- data/third_party/boringssl/include/openssl/ssl.h +160 -17
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +10 -2
- data/third_party/boringssl/include/openssl/x509.h +3 -0
- data/third_party/boringssl/ssl/d1_both.cc +16 -2
- data/third_party/boringssl/ssl/dtls_method.cc +1 -1
- data/third_party/boringssl/ssl/handoff.cc +285 -0
- data/third_party/boringssl/ssl/handshake.cc +26 -12
- data/third_party/boringssl/ssl/handshake_client.cc +65 -31
- data/third_party/boringssl/ssl/handshake_server.cc +14 -2
- data/third_party/boringssl/ssl/internal.h +132 -79
- data/third_party/boringssl/ssl/s3_both.cc +2 -2
- data/third_party/boringssl/ssl/s3_lib.cc +3 -1
- data/third_party/boringssl/ssl/s3_pkt.cc +0 -18
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +1 -4
- data/third_party/boringssl/ssl/ssl_asn1.cc +47 -43
- data/third_party/boringssl/ssl/ssl_cipher.cc +8 -8
- data/third_party/boringssl/ssl/ssl_key_share.cc +3 -1
- data/third_party/boringssl/ssl/ssl_lib.cc +83 -14
- data/third_party/boringssl/ssl/ssl_privkey.cc +6 -0
- data/third_party/boringssl/ssl/ssl_stat.cc +6 -6
- data/third_party/boringssl/ssl/ssl_versions.cc +12 -85
- data/third_party/boringssl/ssl/ssl_x509.cc +59 -61
- data/third_party/boringssl/ssl/t1_enc.cc +73 -124
- data/third_party/boringssl/ssl/t1_lib.cc +367 -41
- data/third_party/boringssl/ssl/tls13_both.cc +8 -0
- data/third_party/boringssl/ssl/tls13_client.cc +98 -184
- data/third_party/boringssl/ssl/tls13_enc.cc +88 -158
- data/third_party/boringssl/ssl/tls13_server.cc +91 -137
- data/third_party/boringssl/ssl/tls_method.cc +0 -17
- data/third_party/boringssl/ssl/tls_record.cc +1 -10
- data/third_party/boringssl/third_party/fiat/curve25519.c +921 -2753
- data/third_party/boringssl/third_party/fiat/curve25519_tables.h +7880 -0
- data/third_party/boringssl/third_party/fiat/internal.h +32 -20
- data/third_party/boringssl/third_party/fiat/p256.c +1824 -0
- metadata +64 -64
- data/src/core/lib/channel/channel_trace_registry.cc +0 -80
- data/src/core/lib/channel/channel_trace_registry.h +0 -43
- data/src/core/lib/gpr/fork.cc +0 -78
- data/src/core/lib/gpr/fork.h +0 -35
- data/src/core/tsi/transport_security_adapter.cc +0 -235
- data/src/core/tsi/transport_security_adapter.h +0 -41
- data/src/ruby/bin/apis/google/protobuf/empty.rb +0 -29
- data/src/ruby/bin/apis/pubsub_demo.rb +0 -241
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +0 -159
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +0 -88
- data/src/ruby/pb/test/client.rb +0 -764
- data/src/ruby/pb/test/server.rb +0 -252
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +0 -247
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +0 -1674
@@ -441,6 +441,10 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
|
|
441
441
|
return ssl_hs_error;
|
442
442
|
}
|
443
443
|
|
444
|
+
if (ssl->handoff) {
|
445
|
+
return ssl_hs_handoff;
|
446
|
+
}
|
447
|
+
|
444
448
|
SSL_CLIENT_HELLO client_hello;
|
445
449
|
if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
|
446
450
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
@@ -707,8 +711,16 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
707
711
|
return ssl_hs_error;
|
708
712
|
}
|
709
713
|
|
710
|
-
//
|
711
|
-
//
|
714
|
+
// Implement the TLS 1.3 anti-downgrade feature, but with a different value.
|
715
|
+
//
|
716
|
+
// For draft TLS 1.3 versions, it is not safe to deploy this feature. However,
|
717
|
+
// some TLS terminators are non-compliant and copy the origin server's value,
|
718
|
+
// so we wish to measure eventual compatibility impact.
|
719
|
+
if (hs->max_version >= TLS1_3_VERSION) {
|
720
|
+
OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
|
721
|
+
sizeof(kDraftDowngradeRandom),
|
722
|
+
kDraftDowngradeRandom, sizeof(kDraftDowngradeRandom));
|
723
|
+
}
|
712
724
|
|
713
725
|
const SSL_SESSION *session = hs->new_session.get();
|
714
726
|
if (ssl->session != NULL) {
|
@@ -342,7 +342,7 @@ class Array {
|
|
342
342
|
};
|
343
343
|
|
344
344
|
// CBBFinishArray behaves like |CBB_finish| but stores the result in an Array.
|
345
|
-
bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out);
|
345
|
+
OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out);
|
346
346
|
|
347
347
|
|
348
348
|
// Protocol versions.
|
@@ -392,32 +392,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
392
392
|
// call this function before the version is determined.
|
393
393
|
uint16_t ssl_protocol_version(const SSL *ssl);
|
394
394
|
|
395
|
-
// ssl_is_draft21 returns whether the version corresponds to a draft21 TLS 1.3
|
396
|
-
// variant.
|
397
|
-
bool ssl_is_draft21(uint16_t version);
|
398
|
-
|
399
|
-
// ssl_is_draft22 returns whether the version corresponds to a draft22 TLS 1.3
|
400
|
-
// variant.
|
401
|
-
bool ssl_is_draft22(uint16_t version);
|
402
|
-
|
403
|
-
// ssl_is_resumption_experiment returns whether the version corresponds to a
|
404
|
-
// TLS 1.3 resumption experiment.
|
405
|
-
bool ssl_is_resumption_experiment(uint16_t version);
|
406
|
-
|
407
|
-
// ssl_is_resumption_variant returns whether the version corresponds to a
|
408
|
-
// TLS 1.3 resumption experiment.
|
409
|
-
bool ssl_is_resumption_variant(enum tls13_variant_t variant);
|
410
|
-
|
411
|
-
// ssl_is_resumption_client_ccs_experiment returns whether the version
|
412
|
-
// corresponds to a TLS 1.3 resumption experiment that sends a client CCS.
|
413
|
-
bool ssl_is_resumption_client_ccs_experiment(uint16_t version);
|
414
|
-
|
415
|
-
// ssl_is_resumption_record_version_experiment returns whether the version
|
416
|
-
// corresponds to a TLS 1.3 resumption experiment that modifies the record
|
417
|
-
// version.
|
418
|
-
bool ssl_is_resumption_record_version_experiment(uint16_t version);
|
419
|
-
|
420
|
-
|
421
395
|
// Cipher suites.
|
422
396
|
|
423
397
|
} // namespace bssl
|
@@ -1009,6 +983,7 @@ struct SSLMessage {
|
|
1009
983
|
#define SSL_MAX_HANDSHAKE_FLIGHT 7
|
1010
984
|
|
1011
985
|
extern const uint8_t kHelloRetryRequest[SSL3_RANDOM_SIZE];
|
986
|
+
extern const uint8_t kDraftDowngradeRandom[8];
|
1012
987
|
|
1013
988
|
// ssl_max_handshake_message_len returns the maximum number of bytes permitted
|
1014
989
|
// in a handshake message for |ssl|.
|
@@ -1244,10 +1219,10 @@ int tls13_derive_resumption_secret(SSL_HANDSHAKE *hs);
|
|
1244
1219
|
|
1245
1220
|
// tls13_export_keying_material provides an exporter interface to use the
|
1246
1221
|
// |exporter_secret|.
|
1247
|
-
int tls13_export_keying_material(SSL *ssl, uint8_t
|
1248
|
-
const
|
1249
|
-
const
|
1250
|
-
|
1222
|
+
int tls13_export_keying_material(SSL *ssl, Span<uint8_t> out,
|
1223
|
+
Span<const uint8_t> secret,
|
1224
|
+
Span<const char> label,
|
1225
|
+
Span<const uint8_t> context);
|
1251
1226
|
|
1252
1227
|
// tls13_finished_mac calculates the MAC of the handshake transcript to verify
|
1253
1228
|
// the integrity of the Finished message, and stores the result in |out| and
|
@@ -1282,6 +1257,7 @@ enum ssl_hs_wait_t {
|
|
1282
1257
|
ssl_hs_read_message,
|
1283
1258
|
ssl_hs_flush,
|
1284
1259
|
ssl_hs_certificate_selection_pending,
|
1260
|
+
ssl_hs_handoff,
|
1285
1261
|
ssl_hs_x509_lookup,
|
1286
1262
|
ssl_hs_channel_id_lookup,
|
1287
1263
|
ssl_hs_private_key_operation,
|
@@ -1294,6 +1270,16 @@ enum ssl_hs_wait_t {
|
|
1294
1270
|
ssl_hs_certificate_verify,
|
1295
1271
|
};
|
1296
1272
|
|
1273
|
+
enum ssl_grease_index_t {
|
1274
|
+
ssl_grease_cipher = 0,
|
1275
|
+
ssl_grease_group,
|
1276
|
+
ssl_grease_extension1,
|
1277
|
+
ssl_grease_extension2,
|
1278
|
+
ssl_grease_version,
|
1279
|
+
ssl_grease_ticket_extension,
|
1280
|
+
ssl_grease_last_index = ssl_grease_ticket_extension,
|
1281
|
+
};
|
1282
|
+
|
1297
1283
|
struct SSL_HANDSHAKE {
|
1298
1284
|
explicit SSL_HANDSHAKE(SSL *ssl);
|
1299
1285
|
~SSL_HANDSHAKE();
|
@@ -1322,11 +1308,6 @@ struct SSL_HANDSHAKE {
|
|
1322
1308
|
// |SSL_OP_NO_*| and |SSL_CTX_set_max_proto_version| APIs.
|
1323
1309
|
uint16_t max_version = 0;
|
1324
1310
|
|
1325
|
-
// session_id is the session ID in the ClientHello, used for the experimental
|
1326
|
-
// TLS 1.3 variant.
|
1327
|
-
uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0};
|
1328
|
-
uint8_t session_id_len = 0;
|
1329
|
-
|
1330
1311
|
size_t hash_len = 0;
|
1331
1312
|
uint8_t secret[EVP_MAX_MD_SIZE] = {0};
|
1332
1313
|
uint8_t early_traffic_secret[EVP_MAX_MD_SIZE] = {0};
|
@@ -1394,6 +1375,12 @@ struct SSL_HANDSHAKE {
|
|
1394
1375
|
// peer_key is the peer's ECDH key for a TLS 1.2 client.
|
1395
1376
|
Array<uint8_t> peer_key;
|
1396
1377
|
|
1378
|
+
// negotiated_token_binding_version is used by a server to store the
|
1379
|
+
// on-the-wire encoding of the Token Binding protocol version to advertise in
|
1380
|
+
// the ServerHello/EncryptedExtensions if the Token Binding extension is to be
|
1381
|
+
// sent.
|
1382
|
+
uint16_t negotiated_token_binding_version;
|
1383
|
+
|
1397
1384
|
// server_params, in a TLS 1.2 server, stores the ServerKeyExchange
|
1398
1385
|
// parameters. It has client and server randoms prepended for signing
|
1399
1386
|
// convenience.
|
@@ -1505,6 +1492,9 @@ struct SSL_HANDSHAKE {
|
|
1505
1492
|
// in progress.
|
1506
1493
|
bool pending_private_key_op:1;
|
1507
1494
|
|
1495
|
+
// grease_seeded is true if |grease_seed| has been initialized.
|
1496
|
+
bool grease_seeded:1;
|
1497
|
+
|
1508
1498
|
// client_version is the value sent or received in the ClientHello version.
|
1509
1499
|
uint16_t client_version = 0;
|
1510
1500
|
|
@@ -1515,6 +1505,20 @@ struct SSL_HANDSHAKE {
|
|
1515
1505
|
// early_data_written is the amount of early data that has been written by the
|
1516
1506
|
// record layer.
|
1517
1507
|
uint16_t early_data_written = 0;
|
1508
|
+
|
1509
|
+
// session_id is the session ID in the ClientHello, used for the experimental
|
1510
|
+
// TLS 1.3 variant.
|
1511
|
+
uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0};
|
1512
|
+
uint8_t session_id_len = 0;
|
1513
|
+
|
1514
|
+
// grease_seed is the entropy for GREASE values. It is valid if
|
1515
|
+
// |grease_seeded| is true.
|
1516
|
+
uint8_t grease_seed[ssl_grease_last_index + 1] = {0};
|
1517
|
+
|
1518
|
+
// dummy_pq_padding_len, in a server, is the length of the extension that
|
1519
|
+
// should be echoed in a ServerHello, or zero if no extension should be
|
1520
|
+
// echoed.
|
1521
|
+
uint16_t dummy_pq_padding_len = 0;
|
1518
1522
|
};
|
1519
1523
|
|
1520
1524
|
UniquePtr<SSL_HANDSHAKE> ssl_handshake_new(SSL *ssl);
|
@@ -1657,47 +1661,39 @@ int ssl_client_cipher_list_contains_cipher(const SSL_CLIENT_HELLO *client_hello,
|
|
1657
1661
|
|
1658
1662
|
// GREASE.
|
1659
1663
|
|
1660
|
-
|
1661
|
-
ssl_grease_cipher = 0,
|
1662
|
-
ssl_grease_group,
|
1663
|
-
ssl_grease_extension1,
|
1664
|
-
ssl_grease_extension2,
|
1665
|
-
ssl_grease_version,
|
1666
|
-
ssl_grease_ticket_extension,
|
1667
|
-
};
|
1668
|
-
|
1669
|
-
// ssl_get_grease_value returns a GREASE value for |ssl|. For a given
|
1664
|
+
// ssl_get_grease_value returns a GREASE value for |hs|. For a given
|
1670
1665
|
// connection, the values for each index will be deterministic. This allows the
|
1671
1666
|
// same ClientHello be sent twice for a HelloRetryRequest or the same group be
|
1672
1667
|
// advertised in both supported_groups and key_shares.
|
1673
|
-
uint16_t ssl_get_grease_value(
|
1668
|
+
uint16_t ssl_get_grease_value(SSL_HANDSHAKE *hs, enum ssl_grease_index_t index);
|
1674
1669
|
|
1675
1670
|
|
1676
1671
|
// Signature algorithms.
|
1677
1672
|
|
1678
1673
|
// tls1_parse_peer_sigalgs parses |sigalgs| as the list of peer signature
|
1679
|
-
// algorithms and saves them on |hs|. It returns
|
1674
|
+
// algorithms and saves them on |hs|. It returns true on success and false on
|
1680
1675
|
// error.
|
1681
|
-
|
1676
|
+
bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *sigalgs);
|
1682
1677
|
|
1683
1678
|
// tls1_get_legacy_signature_algorithm sets |*out| to the signature algorithm
|
1684
|
-
// that should be used with |pkey| in TLS 1.1 and earlier. It returns
|
1685
|
-
// success and
|
1686
|
-
|
1679
|
+
// that should be used with |pkey| in TLS 1.1 and earlier. It returns true on
|
1680
|
+
// success and false if |pkey| may not be used at those versions.
|
1681
|
+
bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey);
|
1687
1682
|
|
1688
1683
|
// tls1_choose_signature_algorithm sets |*out| to a signature algorithm for use
|
1689
1684
|
// with |hs|'s private key based on the peer's preferences and the algorithms
|
1690
|
-
// supported. It returns
|
1691
|
-
|
1685
|
+
// supported. It returns true on success and false on error.
|
1686
|
+
bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out);
|
1692
1687
|
|
1693
1688
|
// tls12_add_verify_sigalgs adds the signature algorithms acceptable for the
|
1694
|
-
// peer signature to |out|. It returns
|
1695
|
-
|
1689
|
+
// peer signature to |out|. It returns true on success and false on error.
|
1690
|
+
bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out);
|
1696
1691
|
|
1697
1692
|
// tls12_check_peer_sigalg checks if |sigalg| is acceptable for the peer
|
1698
|
-
// signature. It returns
|
1699
|
-
// to an alert to send.
|
1700
|
-
|
1693
|
+
// signature. It returns true on success and false on error, setting
|
1694
|
+
// |*out_alert| to an alert to send.
|
1695
|
+
bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
|
1696
|
+
uint16_t sigalg);
|
1701
1697
|
|
1702
1698
|
|
1703
1699
|
// Underdocumented functions.
|
@@ -2165,21 +2161,29 @@ struct SSLContext {
|
|
2165
2161
|
// If true, a client will request certificate timestamps.
|
2166
2162
|
bool signed_cert_timestamps_enabled:1;
|
2167
2163
|
|
2168
|
-
// tlsext_channel_id_enabled is
|
2169
|
-
//
|
2170
|
-
//
|
2164
|
+
// tlsext_channel_id_enabled is whether Channel ID is enabled. For a server,
|
2165
|
+
// means that we'll accept Channel IDs from clients. For a client, means that
|
2166
|
+
// we'll advertise support.
|
2171
2167
|
bool tlsext_channel_id_enabled:1;
|
2172
2168
|
|
2173
|
-
// grease_enabled is
|
2174
|
-
// otherwise.
|
2169
|
+
// grease_enabled is whether draft-davidben-tls-grease-01 is enabled.
|
2175
2170
|
bool grease_enabled:1;
|
2176
2171
|
|
2177
|
-
// allow_unknown_alpn_protos is
|
2172
|
+
// allow_unknown_alpn_protos is whether the client allows unsolicited ALPN
|
2178
2173
|
// protocols from the peer.
|
2179
2174
|
bool allow_unknown_alpn_protos:1;
|
2180
2175
|
|
2181
|
-
// ed25519_enabled is
|
2176
|
+
// ed25519_enabled is whether Ed25519 is advertised in the handshake.
|
2182
2177
|
bool ed25519_enabled:1;
|
2178
|
+
|
2179
|
+
// false_start_allowed_without_alpn is whether False Start (if
|
2180
|
+
// |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN.
|
2181
|
+
bool false_start_allowed_without_alpn:1;
|
2182
|
+
|
2183
|
+
// handoff indicates that a server should stop after receiving the
|
2184
|
+
// ClientHello and pause the handshake in such a way that |SSL_get_error|
|
2185
|
+
// returns |SSL_HANDOFF|.
|
2186
|
+
bool handoff:1;
|
2183
2187
|
};
|
2184
2188
|
|
2185
2189
|
// An ssl_shutdown_t describes the shutdown state of one end of the connection,
|
@@ -2293,7 +2297,12 @@ struct SSL3_STATE {
|
|
2293
2297
|
// wpend_pending is true if we have a pending write outstanding.
|
2294
2298
|
bool wpend_pending:1;
|
2295
2299
|
|
2296
|
-
|
2300
|
+
// early_data_accepted is true if early data was accepted by the server.
|
2301
|
+
bool early_data_accepted:1;
|
2302
|
+
|
2303
|
+
// draft_downgrade is whether the TLS 1.3 anti-downgrade logic would have
|
2304
|
+
// fired, were it not a draft.
|
2305
|
+
bool draft_downgrade:1;
|
2297
2306
|
|
2298
2307
|
// hs_buf is the buffer of handshake data to process.
|
2299
2308
|
UniquePtr<BUF_MEM> hs_buf;
|
@@ -2307,6 +2316,11 @@ struct SSL3_STATE {
|
|
2307
2316
|
// been successfully written.
|
2308
2317
|
uint32_t pending_flight_offset = 0;
|
2309
2318
|
|
2319
|
+
// ticket_age_skew is the difference, in seconds, between the client-sent
|
2320
|
+
// ticket age and the server-computed value in TLS 1.3 server connections
|
2321
|
+
// which resumed a session.
|
2322
|
+
int32_t ticket_age_skew = 0;
|
2323
|
+
|
2310
2324
|
// aead_read_ctx is the current read cipher state.
|
2311
2325
|
UniquePtr<SSLAEADContext> aead_read_ctx;
|
2312
2326
|
|
@@ -2332,6 +2346,8 @@ struct SSL3_STATE {
|
|
2332
2346
|
uint8_t previous_server_finished_len = 0;
|
2333
2347
|
uint8_t previous_server_finished[12] = {0};
|
2334
2348
|
|
2349
|
+
uint8_t send_alert[2] = {0};
|
2350
|
+
|
2335
2351
|
// established_session is the session established by the connection. This
|
2336
2352
|
// session is only filled upon the completion of the handshake and is
|
2337
2353
|
// immutable.
|
@@ -2362,10 +2378,8 @@ struct SSL3_STATE {
|
|
2362
2378
|
// each are big-endian values.
|
2363
2379
|
uint8_t tlsext_channel_id[64] = {0};
|
2364
2380
|
|
2365
|
-
//
|
2366
|
-
|
2367
|
-
// which resumed a session.
|
2368
|
-
int32_t ticket_age_skew = 0;
|
2381
|
+
// Contains the QUIC transport params received by the peer.
|
2382
|
+
Array<uint8_t> peer_quic_transport_params;
|
2369
2383
|
};
|
2370
2384
|
|
2371
2385
|
// lengths of messages
|
@@ -2506,10 +2520,6 @@ struct SSLConnection {
|
|
2506
2520
|
// further constrainted by |SSL_OP_NO_*|.
|
2507
2521
|
uint16_t conf_min_version;
|
2508
2522
|
|
2509
|
-
// tls13_variant is the variant of TLS 1.3 we are using for this
|
2510
|
-
// configuration.
|
2511
|
-
enum tls13_variant_t tls13_variant;
|
2512
|
-
|
2513
2523
|
uint16_t max_send_fragment;
|
2514
2524
|
|
2515
2525
|
// There are 2 BIO's even though they are normally both the same. This is so
|
@@ -2538,14 +2548,18 @@ struct SSLConnection {
|
|
2538
2548
|
|
2539
2549
|
// session info
|
2540
2550
|
|
2541
|
-
//
|
2542
|
-
//
|
2551
|
+
// This is used to hold the local certificate used (i.e. the server
|
2552
|
+
// certificate for a server or the client certificate for a client).
|
2543
2553
|
CERT *cert;
|
2544
2554
|
|
2545
2555
|
// initial_timeout_duration_ms is the default DTLS timeout duration in
|
2546
2556
|
// milliseconds. It's used to initialize the timer any time it's restarted.
|
2547
2557
|
unsigned initial_timeout_duration_ms;
|
2548
2558
|
|
2559
|
+
// tls13_variant is the variant of TLS 1.3 we are using for this
|
2560
|
+
// configuration.
|
2561
|
+
enum tls13_variant_t tls13_variant;
|
2562
|
+
|
2549
2563
|
// session is the configured session to be offered by the client. This session
|
2550
2564
|
// is immutable.
|
2551
2565
|
SSL_SESSION *session;
|
@@ -2584,6 +2598,7 @@ struct SSLConnection {
|
|
2584
2598
|
uint32_t options; // protocol behaviour
|
2585
2599
|
uint32_t mode; // API behaviour
|
2586
2600
|
uint32_t max_cert_list;
|
2601
|
+
uint16_t dummy_pq_padding_len;
|
2587
2602
|
char *tlsext_hostname;
|
2588
2603
|
size_t supported_group_list_len;
|
2589
2604
|
uint16_t *supported_group_list; // our list
|
@@ -2608,6 +2623,18 @@ struct SSLConnection {
|
|
2608
2623
|
uint8_t *alpn_client_proto_list;
|
2609
2624
|
unsigned alpn_client_proto_list_len;
|
2610
2625
|
|
2626
|
+
// Contains a list of supported Token Binding key parameters.
|
2627
|
+
uint8_t *token_binding_params;
|
2628
|
+
size_t token_binding_params_len;
|
2629
|
+
|
2630
|
+
// The negotiated Token Binding key parameter. Only valid if
|
2631
|
+
// |token_binding_negotiated| is set.
|
2632
|
+
uint8_t negotiated_token_binding_param;
|
2633
|
+
|
2634
|
+
// Contains the QUIC transport params that this endpoint will send.
|
2635
|
+
uint8_t *quic_transport_params;
|
2636
|
+
size_t quic_transport_params_len;
|
2637
|
+
|
2611
2638
|
// renegotiate_mode controls how peer renegotiation attempts are handled.
|
2612
2639
|
enum ssl_renegotiate_mode_t renegotiate_mode;
|
2613
2640
|
|
@@ -2635,13 +2662,24 @@ struct SSLConnection {
|
|
2635
2662
|
// we'll advertise support.
|
2636
2663
|
bool tlsext_channel_id_enabled:1;
|
2637
2664
|
|
2665
|
+
// token_binding_negotiated is set if Token Binding was negotiated.
|
2666
|
+
bool token_binding_negotiated:1;
|
2667
|
+
|
2638
2668
|
// retain_only_sha256_of_client_certs is true if we should compute the SHA256
|
2639
2669
|
// hash of the peer's certificate and then discard it to save memory and
|
2640
2670
|
// session space. Only effective on the server side.
|
2641
2671
|
bool retain_only_sha256_of_client_certs:1;
|
2642
2672
|
|
2643
|
-
//
|
2644
|
-
|
2673
|
+
// handoff indicates that a server should stop after receiving the
|
2674
|
+
// ClientHello and pause the handshake in such a way that |SSL_get_error|
|
2675
|
+
// returns |SSL_HANDOFF|. This is copied in |SSL_new| from the |SSL_CTX|
|
2676
|
+
// element of the same name and may be cleared if the handoff is declined.
|
2677
|
+
bool handoff:1;
|
2678
|
+
|
2679
|
+
// did_dummy_pq_padding is only valid for a client. In that context, it is
|
2680
|
+
// true iff the client observed the server echoing a dummy PQ padding
|
2681
|
+
// extension.
|
2682
|
+
bool did_dummy_pq_padding:1;
|
2645
2683
|
};
|
2646
2684
|
|
2647
2685
|
// From draft-ietf-tls-tls13-18, used in determining PSK modes.
|
@@ -2683,6 +2721,11 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
|
|
2683
2721
|
const SSL_X509_METHOD *x509_method,
|
2684
2722
|
CRYPTO_BUFFER_POOL *pool);
|
2685
2723
|
|
2724
|
+
// ssl_session_serialize writes |in| to |cbb| as if it were serialising a
|
2725
|
+
// session for Session-ID resumption. It returns one on success and zero on
|
2726
|
+
// error.
|
2727
|
+
int ssl_session_serialize(const SSL_SESSION *in, CBB *cbb);
|
2728
|
+
|
2686
2729
|
// ssl_session_is_context_valid returns one if |session|'s session ID context
|
2687
2730
|
// matches the one set on |ssl| and zero otherwise.
|
2688
2731
|
int ssl_session_is_context_valid(const SSL *ssl, const SSL_SESSION *session);
|
@@ -2826,6 +2869,16 @@ ssl_open_record_t dtls1_open_handshake(SSL *ssl, size_t *out_consumed,
|
|
2826
2869
|
void dtls1_next_message(SSL *ssl);
|
2827
2870
|
int dtls1_dispatch_alert(SSL *ssl);
|
2828
2871
|
|
2872
|
+
// tls1_configure_aead configures either the read or write direction AEAD (as
|
2873
|
+
// determined by |direction|) using the keys generated by the TLS KDF. The
|
2874
|
+
// |key_block_cache| argument is used to store the generated key block, if
|
2875
|
+
// empty. Otherwise it's assumed that the key block is already contained within
|
2876
|
+
// it. Returns one on success or zero on error.
|
2877
|
+
int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
2878
|
+
Array<uint8_t> *key_block_cache,
|
2879
|
+
const SSL_CIPHER *cipher,
|
2880
|
+
Span<const uint8_t> iv_override);
|
2881
|
+
|
2829
2882
|
int tls1_change_cipher_state(SSL_HANDSHAKE *hs, evp_aead_direction_t direction);
|
2830
2883
|
int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out,
|
2831
2884
|
Span<const uint8_t> premaster);
|
@@ -238,8 +238,8 @@ int ssl3_flush_flight(SSL *ssl) {
|
|
238
238
|
return -1;
|
239
239
|
}
|
240
240
|
|
241
|
-
|
242
|
-
|
241
|
+
static_assert(INT_MAX <= 0xffffffff, "int is larger than 32 bits");
|
242
|
+
if (ssl->s3->pending_flight->length > INT_MAX) {
|
243
243
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
244
244
|
return -1;
|
245
245
|
}
|
@@ -175,7 +175,9 @@ SSL3_STATE::SSL3_STATE()
|
|
175
175
|
send_connection_binding(false),
|
176
176
|
tlsext_channel_id_valid(false),
|
177
177
|
key_update_pending(false),
|
178
|
-
wpend_pending(false)
|
178
|
+
wpend_pending(false),
|
179
|
+
early_data_accepted(false),
|
180
|
+
draft_downgrade(false) {}
|
179
181
|
|
180
182
|
SSL3_STATE::~SSL3_STATE() {}
|
181
183
|
|