grpc 1.27.0.pre1 → 1.30.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8023 -11437
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +24 -21
- data/include/grpc/impl/codegen/port_platform.h +13 -2
- data/include/grpc/impl/codegen/sync.h +5 -3
- data/include/grpc/impl/codegen/sync_abseil.h +36 -0
- data/include/grpc/module.modulemap +25 -37
- data/include/grpc/support/sync_abseil.h +26 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +282 -249
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -11
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +271 -465
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +8 -7
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -14
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +148 -98
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +49 -77
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +120 -132
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +17 -21
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +167 -121
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +3 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +3 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +42 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +94 -103
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +61 -10
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +242 -300
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +21 -18
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +56 -206
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +11 -14
- data/src/core/ext/filters/client_channel/server_address.h +3 -2
- data/src/core/ext/filters/client_channel/service_config.cc +144 -253
- data/src/core/ext/filters/client_channel/service_config.h +32 -109
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1381 -301
- data/src/core/ext/filters/client_channel/xds/xds_api.h +211 -152
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +214 -359
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +28 -44
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +16 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1118 -472
- data/src/core/ext/filters/client_channel/xds/xds_client.h +116 -45
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +59 -135
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +122 -137
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +38 -44
- data/src/core/ext/filters/message_size/message_size_filter.h +5 -5
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -10
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +26 -27
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -9
- data/src/core/ext/transport/inproc/inproc_transport.cc +41 -42
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +5 -205
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -788
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +5 -362
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +30 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +87 -23
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +262 -62
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +20 -15
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +27 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +46 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +98 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +77 -21
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +201 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +8 -68
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +2 -71
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +12 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +44 -39
- data/src/core/ext/upb-generated/validate/validate.upb.h +155 -119
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +32 -41
- data/src/core/lib/channel/channel_trace.h +3 -3
- data/src/core/lib/channel/channelz.cc +163 -254
- data/src/core/lib/channel/channelz.h +15 -17
- data/src/core/lib/channel/channelz_registry.cc +52 -77
- data/src/core/lib/channel/channelz_registry.h +4 -4
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +116 -0
- data/src/core/lib/gpr/sync_posix.cc +8 -5
- data/src/core/lib/gpr/sync_windows.cc +4 -2
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +30 -36
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/memory.h +2 -6
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.cc +36 -35
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +4 -5
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +14 -7
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/load_file.cc +1 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/iomgr/pollset_uv.h +32 -0
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +25 -22
- data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_posix.cc +2 -1
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/iomgr/timer_generic.h +39 -0
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/iomgr/work_serializer.cc +155 -0
- data/src/core/lib/iomgr/work_serializer.h +65 -0
- data/src/core/lib/json/json.h +210 -79
- data/src/core/lib/json/json_reader.cc +469 -455
- data/src/core/lib/json/json_writer.cc +174 -169
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -12
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
- data/src/core/lib/security/credentials/jwt/json_token.h +4 -6
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +151 -168
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +91 -60
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +10 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +40 -12
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +6 -8
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -37
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +62 -13
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -11
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -52
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +32 -6
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/security/util/json_util.cc +22 -15
- data/src/core/lib/security/util/json_util.h +2 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +9 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +33 -3
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +54 -40
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/base/attributes.h +13 -1
- data/third_party/abseil-cpp/absl/base/config.h +55 -6
- data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +30 -9
- data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -6
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +5 -1
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +2 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +15 -13
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +12 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +9 -0
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +37 -0
- data/third_party/abseil-cpp/absl/base/options.h +9 -12
- data/third_party/abseil-cpp/absl/numeric/int128.cc +2 -2
- data/third_party/abseil-cpp/absl/numeric/int128.h +1 -1
- data/third_party/abseil-cpp/absl/strings/ascii.cc +3 -3
- data/third_party/abseil-cpp/absl/strings/ascii.h +4 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +0 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +4 -2
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
- data/third_party/abseil-cpp/absl/strings/numbers.cc +54 -5
- data/third_party/abseil-cpp/absl/strings/numbers.h +6 -3
- data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +31 -24
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/{src/boringssl → third_party/boringssl-with-bazel}/err_data.c +329 -297
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_time.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/connect.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/fd.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/file.c +5 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/pair.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/buf/buf.c +10 -69
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbb.c +41 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbs.c +60 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesgcmsiv.c +8 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.c +7 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-intel.c +13 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/crypto.c +11 -0
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/curve25519.c +18 -26
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/internal.h +14 -22
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/curve25519/spake25519.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/check.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh.c +16 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa.c +10 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_derive.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/err.c +39 -38
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa.c +14 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519_asn1.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/internal.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/mode_wrappers.c +0 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bcm.c +4 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/prime.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_aes.c +3 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_key.c +14 -28
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/gcm.c +45 -193
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/internal.h +8 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa.c +58 -39
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa_impl.c +72 -49
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/hrss.c +210 -311
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/internal.h +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/internal.h +21 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/mem.c +99 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj.c +16 -21
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_dat.h +41 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_info.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_lib.c +7 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_oth.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pk8.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pkey.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_arm.c +21 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_vec.c +34 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/pool.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/windows.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/siphash/siphash.c +3 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_pthread.c +4 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_verify.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_dir.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_file.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_cmp.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_obj.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_r2x.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_req.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_set.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_trs.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vfy.c +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vpm.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509name.c +4 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_all.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_alt.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_enum.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_info.c +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_purp.c +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_utl.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base.h +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bn.h +32 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buf.h +9 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bytestring.h +34 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/crypto.h +9 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dh.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/digest.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dsa.h +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec.h +11 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec_key.h +4 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdsa.h +6 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/err.h +13 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/evp.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/mem.h +17 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/nid.h +14 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/poly1305.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rand.h +3 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rsa.h +31 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/sha.h +26 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl.h +182 -97
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/tls1.h +1 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509.h +5 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509_vfy.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_both.cc +0 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_lib.cc +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_pkt.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_method.cc +13 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handoff.cc +237 -51
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake.cc +19 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_client.cc +51 -32
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_server.cc +12 -8
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/internal.h +94 -71
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_both.cc +10 -10
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_lib.cc +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_pkt.cc +21 -22
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_asn1.cc +30 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_buffer.cc +34 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cert.cc +4 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cipher.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_lib.cc +19 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_privkey.cc +13 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_session.cc +66 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_stat.cc +6 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_versions.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_enc.cc +6 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_lib.cc +53 -219
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_both.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_client.cc +101 -31
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_enc.cc +28 -76
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_server.cc +111 -104
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_method.cc +64 -26
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_record.cc +7 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256_64.h +512 -503
- metadata +648 -503
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1917
- data/src/core/lib/gprpp/inlined_vector.h +0 -246
- data/src/core/lib/gprpp/optional.h +0 -74
- data/src/core/lib/gprpp/string_view.h +0 -169
- data/src/core/lib/iomgr/logical_thread.cc +0 -103
- data/src/core/lib/iomgr/logical_thread.h +0 -52
- data/src/core/lib/json/json.cc +0 -94
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3297
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9501
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +0 -96
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +0 -84
- data/third_party/boringssl/third_party/fiat/p256.c +0 -1063
- data/third_party/boringssl/third_party/fiat/p256_32.h +0 -3226
|
@@ -157,7 +157,6 @@
|
|
|
157
157
|
|
|
158
158
|
#include <openssl/aead.h>
|
|
159
159
|
#include <openssl/bn.h>
|
|
160
|
-
#include <openssl/buf.h>
|
|
161
160
|
#include <openssl/bytestring.h>
|
|
162
161
|
#include <openssl/ec_key.h>
|
|
163
162
|
#include <openssl/ecdsa.h>
|
|
@@ -407,7 +406,8 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
|
|
407
406
|
(ssl->session->session_id_length == 0 &&
|
|
408
407
|
ssl->session->ticket.empty()) ||
|
|
409
408
|
ssl->session->not_resumable ||
|
|
410
|
-
!ssl_session_is_time_valid(ssl, ssl->session.get())
|
|
409
|
+
!ssl_session_is_time_valid(ssl, ssl->session.get()) ||
|
|
410
|
+
(ssl->quic_method != nullptr) != ssl->session->is_quic) {
|
|
411
411
|
ssl_set_session(ssl, NULL);
|
|
412
412
|
}
|
|
413
413
|
}
|
|
@@ -416,17 +416,20 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
|
|
416
416
|
return ssl_hs_error;
|
|
417
417
|
}
|
|
418
418
|
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
419
|
+
// Never send a session ID in QUIC. QUIC uses TLS 1.3 at a minimum and
|
|
420
|
+
// disables TLS 1.3 middlebox compatibility mode.
|
|
421
|
+
if (ssl->quic_method == nullptr) {
|
|
422
|
+
if (ssl->session != nullptr && !ssl->s3->initial_handshake_complete &&
|
|
423
|
+
ssl->session->session_id_length > 0) {
|
|
424
|
+
hs->session_id_len = ssl->session->session_id_length;
|
|
425
|
+
OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
|
|
426
|
+
hs->session_id_len);
|
|
427
|
+
} else if (hs->max_version >= TLS1_3_VERSION) {
|
|
428
|
+
// Initialize a random session ID.
|
|
429
|
+
hs->session_id_len = sizeof(hs->session_id);
|
|
430
|
+
if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
|
|
431
|
+
return ssl_hs_error;
|
|
432
|
+
}
|
|
430
433
|
}
|
|
431
434
|
}
|
|
432
435
|
|
|
@@ -459,13 +462,7 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
|
|
|
459
462
|
if (!tls13_init_early_key_schedule(
|
|
460
463
|
hs, MakeConstSpan(ssl->session->master_key,
|
|
461
464
|
ssl->session->master_key_length)) ||
|
|
462
|
-
!tls13_derive_early_secret(hs)
|
|
463
|
-
!tls13_set_early_secret_for_quic(hs)) {
|
|
464
|
-
return ssl_hs_error;
|
|
465
|
-
}
|
|
466
|
-
if (ssl->quic_method == nullptr &&
|
|
467
|
-
!tls13_set_traffic_key(ssl, ssl_encryption_early_data, evp_aead_seal,
|
|
468
|
-
hs->early_traffic_secret())) {
|
|
465
|
+
!tls13_derive_early_secret(hs)) {
|
|
469
466
|
return ssl_hs_error;
|
|
470
467
|
}
|
|
471
468
|
|
|
@@ -478,17 +475,32 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
|
|
|
478
475
|
|
|
479
476
|
static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs) {
|
|
480
477
|
if (hs->ssl->ctx->reverify_on_resume) {
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
478
|
+
// Don't send an alert on error. The alert be in early data, which the
|
|
479
|
+
// server may not accept anyway. It would also be a mismatch between QUIC
|
|
480
|
+
// and TCP because the QUIC early keys are deferred below.
|
|
481
|
+
//
|
|
482
|
+
// TODO(davidben): The client behavior should be to verify the certificate
|
|
483
|
+
// before deciding whether to offer the session and, if invalid, decline to
|
|
484
|
+
// send the session.
|
|
485
|
+
switch (ssl_reverify_peer_cert(hs, /*send_alert=*/false)) {
|
|
486
|
+
case ssl_verify_ok:
|
|
487
|
+
break;
|
|
488
|
+
case ssl_verify_invalid:
|
|
489
|
+
return ssl_hs_error;
|
|
490
|
+
case ssl_verify_retry:
|
|
491
|
+
hs->state = state_early_reverify_server_certificate;
|
|
492
|
+
return ssl_hs_certificate_verify;
|
|
489
493
|
}
|
|
490
494
|
}
|
|
491
495
|
|
|
496
|
+
// Defer releasing the 0-RTT key to after certificate reverification, so the
|
|
497
|
+
// QUIC implementation does not accidentally write data too early.
|
|
498
|
+
if (!tls13_set_traffic_key(hs->ssl, ssl_encryption_early_data, evp_aead_seal,
|
|
499
|
+
hs->early_session.get(),
|
|
500
|
+
hs->early_traffic_secret())) {
|
|
501
|
+
return ssl_hs_error;
|
|
502
|
+
}
|
|
503
|
+
|
|
492
504
|
hs->in_early_data = true;
|
|
493
505
|
hs->can_early_write = true;
|
|
494
506
|
hs->state = state_read_server_hello;
|
|
@@ -908,7 +920,7 @@ static enum ssl_hs_wait_t do_verify_server_certificate(SSL_HANDSHAKE *hs) {
|
|
|
908
920
|
static enum ssl_hs_wait_t do_reverify_server_certificate(SSL_HANDSHAKE *hs) {
|
|
909
921
|
assert(hs->ssl->ctx->reverify_on_resume);
|
|
910
922
|
|
|
911
|
-
switch (ssl_reverify_peer_cert(hs)) {
|
|
923
|
+
switch (ssl_reverify_peer_cert(hs, /*send_alert=*/true)) {
|
|
912
924
|
case ssl_verify_ok:
|
|
913
925
|
break;
|
|
914
926
|
case ssl_verify_invalid:
|
|
@@ -1039,7 +1051,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
|
1039
1051
|
return ssl_hs_error;
|
|
1040
1052
|
}
|
|
1041
1053
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
|
1042
|
-
if (!tls12_check_peer_sigalg(
|
|
1054
|
+
if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
|
|
1043
1055
|
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
1044
1056
|
return ssl_hs_error;
|
|
1045
1057
|
}
|
|
@@ -1190,6 +1202,13 @@ static enum ssl_hs_wait_t do_read_server_hello_done(SSL_HANDSHAKE *hs) {
|
|
|
1190
1202
|
return ssl_hs_error;
|
|
1191
1203
|
}
|
|
1192
1204
|
|
|
1205
|
+
// ServerHelloDone should be the end of the flight.
|
|
1206
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
|
1207
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
|
1208
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
|
1209
|
+
return ssl_hs_error;
|
|
1210
|
+
}
|
|
1211
|
+
|
|
1193
1212
|
ssl->method->next_message(ssl);
|
|
1194
1213
|
hs->state = state_send_client_certificate;
|
|
1195
1214
|
return ssl_hs_ok;
|
|
@@ -1262,7 +1281,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
|
1262
1281
|
ssl_key_usage_t intended_use = (alg_k & SSL_kRSA)
|
|
1263
1282
|
? key_usage_encipherment
|
|
1264
1283
|
: key_usage_digital_signature;
|
|
1265
|
-
if (
|
|
1284
|
+
if (hs->config->enforce_rsa_key_usage ||
|
|
1266
1285
|
EVP_PKEY_id(hs->peer_pubkey.get()) != EVP_PKEY_RSA) {
|
|
1267
1286
|
if (!ssl_cert_check_key_usage(&leaf_cbs, intended_use)) {
|
|
1268
1287
|
return ssl_hs_error;
|
|
@@ -1291,7 +1310,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
|
1291
1310
|
}
|
|
1292
1311
|
assert(psk_len <= PSK_MAX_PSK_LEN);
|
|
1293
1312
|
|
|
1294
|
-
hs->new_session->psk_identity.reset(
|
|
1313
|
+
hs->new_session->psk_identity.reset(OPENSSL_strdup(identity));
|
|
1295
1314
|
if (hs->new_session->psk_identity == nullptr) {
|
|
1296
1315
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
1297
1316
|
return ssl_hs_error;
|
|
@@ -152,7 +152,6 @@
|
|
|
152
152
|
#include <string.h>
|
|
153
153
|
|
|
154
154
|
#include <openssl/bn.h>
|
|
155
|
-
#include <openssl/buf.h>
|
|
156
155
|
#include <openssl/bytestring.h>
|
|
157
156
|
#include <openssl/cipher.h>
|
|
158
157
|
#include <openssl/ec.h>
|
|
@@ -326,7 +325,7 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
|
|
|
326
325
|
*out_mask_a = mask_a;
|
|
327
326
|
}
|
|
328
327
|
|
|
329
|
-
static const SSL_CIPHER *
|
|
328
|
+
static const SSL_CIPHER *choose_cipher(
|
|
330
329
|
SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
|
|
331
330
|
const SSLCipherPreferenceList *server_pref) {
|
|
332
331
|
SSL *const ssl = hs->ssl;
|
|
@@ -570,6 +569,14 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
|
|
|
570
569
|
return ssl_hs_error;
|
|
571
570
|
}
|
|
572
571
|
|
|
572
|
+
// ClientHello should be the end of the flight. We check this early to cover
|
|
573
|
+
// all protocol versions.
|
|
574
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
|
575
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
|
576
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
|
577
|
+
return ssl_hs_error;
|
|
578
|
+
}
|
|
579
|
+
|
|
573
580
|
if (hs->config->handoff) {
|
|
574
581
|
return ssl_hs_handoff;
|
|
575
582
|
}
|
|
@@ -700,7 +707,7 @@ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
|
|
|
700
707
|
SSLCipherPreferenceList *prefs = hs->config->cipher_list
|
|
701
708
|
? hs->config->cipher_list.get()
|
|
702
709
|
: ssl->ctx->cipher_list.get();
|
|
703
|
-
hs->new_cipher =
|
|
710
|
+
hs->new_cipher = choose_cipher(hs, &client_hello, prefs);
|
|
704
711
|
if (hs->new_cipher == NULL) {
|
|
705
712
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
|
|
706
713
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
|
@@ -1093,12 +1100,9 @@ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) {
|
|
|
1093
1100
|
!CBB_add_u8_length_prefixed(&body, &cert_types) ||
|
|
1094
1101
|
!CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
|
|
1095
1102
|
!CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
|
|
1096
|
-
// TLS 1.2 has no way to specify different signature algorithms for
|
|
1097
|
-
// certificates and the online signature, so emit the more restrictive
|
|
1098
|
-
// certificate list.
|
|
1099
1103
|
(ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
|
|
1100
1104
|
(!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
|
|
1101
|
-
!tls12_add_verify_sigalgs(
|
|
1105
|
+
!tls12_add_verify_sigalgs(hs, &sigalgs_cbb))) ||
|
|
1102
1106
|
!ssl_add_client_CA_list(hs, &body) ||
|
|
1103
1107
|
!ssl_add_message_cbb(ssl, cbb.get())) {
|
|
1104
1108
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
@@ -1443,7 +1447,7 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
|
1443
1447
|
return ssl_hs_error;
|
|
1444
1448
|
}
|
|
1445
1449
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
|
1446
|
-
if (!tls12_check_peer_sigalg(
|
|
1450
|
+
if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
|
|
1447
1451
|
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
1448
1452
|
return ssl_hs_error;
|
|
1449
1453
|
}
|
|
@@ -1239,6 +1239,11 @@ class SSLBuffer {
|
|
|
1239
1239
|
uint16_t size_ = 0;
|
|
1240
1240
|
// cap_ is how much memory beyond |buf_| + |offset_| is available.
|
|
1241
1241
|
uint16_t cap_ = 0;
|
|
1242
|
+
// inline_buf_ is a static buffer for short reads.
|
|
1243
|
+
uint8_t inline_buf_[SSL3_RT_HEADER_LENGTH];
|
|
1244
|
+
// buf_allocated_ is true if |buf_| points to allocated data and must be freed
|
|
1245
|
+
// or false if it points into |inline_buf_|.
|
|
1246
|
+
bool buf_allocated_ = false;
|
|
1242
1247
|
};
|
|
1243
1248
|
|
|
1244
1249
|
// ssl_read_buffer_extend_to extends the read buffer to the desired length. For
|
|
@@ -1351,23 +1356,17 @@ bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, Span
|
|
|
1351
1356
|
bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, Span<const uint8_t> in);
|
|
1352
1357
|
|
|
1353
1358
|
// tls13_set_traffic_key sets the read or write traffic keys to
|
|
1354
|
-
// |traffic_secret|.
|
|
1359
|
+
// |traffic_secret|. The version and cipher suite are determined from |session|.
|
|
1360
|
+
// It returns true on success and false on error.
|
|
1355
1361
|
bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
|
1356
1362
|
enum evp_aead_direction_t direction,
|
|
1363
|
+
const SSL_SESSION *session,
|
|
1357
1364
|
Span<const uint8_t> traffic_secret);
|
|
1358
1365
|
|
|
1359
1366
|
// tls13_derive_early_secret derives the early traffic secret. It returns true
|
|
1360
|
-
// on success and false on error.
|
|
1361
|
-
// function does not pass the keys to QUIC. Call
|
|
1362
|
-
// |tls13_set_early_secret_for_quic| to do so. This is done to due to an
|
|
1363
|
-
// ordering complication around resolving HelloRetryRequest on the server.
|
|
1367
|
+
// on success and false on error.
|
|
1364
1368
|
bool tls13_derive_early_secret(SSL_HANDSHAKE *hs);
|
|
1365
1369
|
|
|
1366
|
-
// tls13_set_early_secret_for_quic passes the early traffic secrets, as
|
|
1367
|
-
// derived by |tls13_derive_early_secret|, to QUIC. It returns true on success
|
|
1368
|
-
// and false on error.
|
|
1369
|
-
bool tls13_set_early_secret_for_quic(SSL_HANDSHAKE *hs);
|
|
1370
|
-
|
|
1371
1370
|
// tls13_derive_handshake_secrets derives the handshake traffic secret. It
|
|
1372
1371
|
// returns true on success and false on error.
|
|
1373
1372
|
bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs);
|
|
@@ -1472,12 +1471,33 @@ enum tls12_server_hs_state_t {
|
|
|
1472
1471
|
state12_done,
|
|
1473
1472
|
};
|
|
1474
1473
|
|
|
1474
|
+
enum tls13_server_hs_state_t {
|
|
1475
|
+
state13_select_parameters = 0,
|
|
1476
|
+
state13_select_session,
|
|
1477
|
+
state13_send_hello_retry_request,
|
|
1478
|
+
state13_read_second_client_hello,
|
|
1479
|
+
state13_send_server_hello,
|
|
1480
|
+
state13_send_server_certificate_verify,
|
|
1481
|
+
state13_send_server_finished,
|
|
1482
|
+
state13_send_half_rtt_ticket,
|
|
1483
|
+
state13_read_second_client_flight,
|
|
1484
|
+
state13_process_end_of_early_data,
|
|
1485
|
+
state13_read_client_certificate,
|
|
1486
|
+
state13_read_client_certificate_verify,
|
|
1487
|
+
state13_read_channel_id,
|
|
1488
|
+
state13_read_client_finished,
|
|
1489
|
+
state13_send_new_session_ticket,
|
|
1490
|
+
state13_done,
|
|
1491
|
+
};
|
|
1492
|
+
|
|
1475
1493
|
// handback_t lists the points in the state machine where a handback can occur.
|
|
1476
1494
|
// These are the different points at which key material is no longer needed.
|
|
1477
1495
|
enum handback_t {
|
|
1478
|
-
handback_after_session_resumption,
|
|
1479
|
-
handback_after_ecdhe,
|
|
1480
|
-
handback_after_handshake,
|
|
1496
|
+
handback_after_session_resumption = 0,
|
|
1497
|
+
handback_after_ecdhe = 1,
|
|
1498
|
+
handback_after_handshake = 2,
|
|
1499
|
+
handback_tls13 = 3,
|
|
1500
|
+
handback_max_value = handback_tls13,
|
|
1481
1501
|
};
|
|
1482
1502
|
|
|
1483
1503
|
|
|
@@ -1693,9 +1713,6 @@ struct SSL_HANDSHAKE {
|
|
|
1693
1713
|
// be filled in.
|
|
1694
1714
|
bool needs_psk_binder : 1;
|
|
1695
1715
|
|
|
1696
|
-
bool received_hello_retry_request : 1;
|
|
1697
|
-
bool sent_hello_retry_request : 1;
|
|
1698
|
-
|
|
1699
1716
|
// handshake_finalized is true once the handshake has completed, at which
|
|
1700
1717
|
// point accessors should use the established state.
|
|
1701
1718
|
bool handshake_finalized : 1;
|
|
@@ -1914,7 +1931,8 @@ int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert,
|
|
|
1914
1931
|
enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs);
|
|
1915
1932
|
// ssl_reverify_peer_cert verifies the peer certificate for |hs| when resuming a
|
|
1916
1933
|
// session.
|
|
1917
|
-
enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs
|
|
1934
|
+
enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs,
|
|
1935
|
+
bool send_alert);
|
|
1918
1936
|
|
|
1919
1937
|
enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
|
|
1920
1938
|
bool ssl_send_finished(SSL_HANDSHAKE *hs);
|
|
@@ -1976,22 +1994,15 @@ bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out);
|
|
|
1976
1994
|
Span<const uint16_t> tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs);
|
|
1977
1995
|
|
|
1978
1996
|
// tls12_add_verify_sigalgs adds the signature algorithms acceptable for the
|
|
1979
|
-
// peer signature to |out|. It returns true on success and false on error.
|
|
1980
|
-
|
|
1981
|
-
// certificates is used. Otherwise, the online signature one is used.
|
|
1982
|
-
bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out, bool for_certs);
|
|
1997
|
+
// peer signature to |out|. It returns true on success and false on error.
|
|
1998
|
+
bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out);
|
|
1983
1999
|
|
|
1984
2000
|
// tls12_check_peer_sigalg checks if |sigalg| is acceptable for the peer
|
|
1985
2001
|
// signature. It returns true on success and false on error, setting
|
|
1986
2002
|
// |*out_alert| to an alert to send.
|
|
1987
|
-
bool tls12_check_peer_sigalg(const
|
|
2003
|
+
bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1988
2004
|
uint16_t sigalg);
|
|
1989
2005
|
|
|
1990
|
-
// tls12_has_different_verify_sigalgs_for_certs returns whether |ssl| has a
|
|
1991
|
-
// different, more restrictive, list of signature algorithms acceptable for the
|
|
1992
|
-
// certificate than the online signature.
|
|
1993
|
-
bool tls12_has_different_verify_sigalgs_for_certs(const SSL *ssl);
|
|
1994
|
-
|
|
1995
2006
|
|
|
1996
2007
|
// Underdocumented functions.
|
|
1997
2008
|
//
|
|
@@ -2093,6 +2104,9 @@ struct SSL_PROTOCOL_METHOD {
|
|
|
2093
2104
|
bool (*get_message)(const SSL *ssl, SSLMessage *out);
|
|
2094
2105
|
// next_message is called to release the current handshake message.
|
|
2095
2106
|
void (*next_message)(SSL *ssl);
|
|
2107
|
+
// has_unprocessed_handshake_data returns whether there is buffered
|
|
2108
|
+
// handshake data that has not been consumed by |get_message|.
|
|
2109
|
+
bool (*has_unprocessed_handshake_data)(const SSL *ssl);
|
|
2096
2110
|
// Use the |ssl_open_handshake| wrapper.
|
|
2097
2111
|
ssl_open_record_t (*open_handshake)(SSL *ssl, size_t *out_consumed,
|
|
2098
2112
|
uint8_t *out_alert, Span<uint8_t> in);
|
|
@@ -2125,14 +2139,20 @@ struct SSL_PROTOCOL_METHOD {
|
|
|
2125
2139
|
int (*flush_flight)(SSL *ssl);
|
|
2126
2140
|
// on_handshake_complete is called when the handshake is complete.
|
|
2127
2141
|
void (*on_handshake_complete)(SSL *ssl);
|
|
2128
|
-
// set_read_state sets |ssl|'s read cipher state to |aead_ctx
|
|
2129
|
-
//
|
|
2130
|
-
//
|
|
2131
|
-
|
|
2132
|
-
|
|
2133
|
-
|
|
2134
|
-
|
|
2135
|
-
|
|
2142
|
+
// set_read_state sets |ssl|'s read cipher state and level to |aead_ctx| and
|
|
2143
|
+
// |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
|
|
2144
|
+
// is the original secret. This function returns true on success and false on
|
|
2145
|
+
// error.
|
|
2146
|
+
bool (*set_read_state)(SSL *ssl, ssl_encryption_level_t level,
|
|
2147
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
|
2148
|
+
Span<const uint8_t> secret_for_quic);
|
|
2149
|
+
// set_write_state sets |ssl|'s write cipher state and level to |aead_ctx| and
|
|
2150
|
+
// |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
|
|
2151
|
+
// is the original secret. This function returns true on success and false on
|
|
2152
|
+
// error.
|
|
2153
|
+
bool (*set_write_state)(SSL *ssl, ssl_encryption_level_t level,
|
|
2154
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
|
2155
|
+
Span<const uint8_t> secret_for_quic);
|
|
2136
2156
|
};
|
|
2137
2157
|
|
|
2138
2158
|
// The following wrappers call |open_*| but handle |read_shutdown| correctly.
|
|
@@ -2376,10 +2396,6 @@ struct SSL3_STATE {
|
|
|
2376
2396
|
// token_binding_negotiated is set if Token Binding was negotiated.
|
|
2377
2397
|
bool token_binding_negotiated : 1;
|
|
2378
2398
|
|
|
2379
|
-
// pq_experimental_signal_seen is true if the peer was observed
|
|
2380
|
-
// sending/echoing the post-quantum experiment signal.
|
|
2381
|
-
bool pq_experiment_signal_seen : 1;
|
|
2382
|
-
|
|
2383
2399
|
// alert_dispatch is true there is an alert in |send_alert| to be sent.
|
|
2384
2400
|
bool alert_dispatch : 1;
|
|
2385
2401
|
|
|
@@ -2387,6 +2403,10 @@ struct SSL3_STATE {
|
|
|
2387
2403
|
// HelloRequest.
|
|
2388
2404
|
bool renegotiate_pending : 1;
|
|
2389
2405
|
|
|
2406
|
+
// used_hello_retry_request is whether the handshake used a TLS 1.3
|
|
2407
|
+
// HelloRetryRequest message.
|
|
2408
|
+
bool used_hello_retry_request : 1;
|
|
2409
|
+
|
|
2390
2410
|
// hs_buf is the buffer of handshake data to process.
|
|
2391
2411
|
UniquePtr<BUF_MEM> hs_buf;
|
|
2392
2412
|
|
|
@@ -2665,6 +2685,9 @@ struct SSL_CONFIG {
|
|
|
2665
2685
|
// Contains the QUIC transport params that this endpoint will send.
|
|
2666
2686
|
Array<uint8_t> quic_transport_params;
|
|
2667
2687
|
|
|
2688
|
+
// Contains the context used to decide whether to accept early data in QUIC.
|
|
2689
|
+
Array<uint8_t> quic_early_data_context;
|
|
2690
|
+
|
|
2668
2691
|
// verify_sigalgs, if not empty, is the set of signature algorithms
|
|
2669
2692
|
// accepted from the peer in decreasing order of preference.
|
|
2670
2693
|
Array<uint16_t> verify_sigalgs;
|
|
@@ -2717,6 +2740,11 @@ struct SSL_CONFIG {
|
|
|
2717
2740
|
bool jdk11_workaround : 1;
|
|
2718
2741
|
};
|
|
2719
2742
|
|
|
2743
|
+
// Computes a SHA-256 hash of the transport parameters and early data context
|
|
2744
|
+
// for QUIC, putting the hash in |SHA256_DIGEST_LENGTH| bytes at |hash_out|.
|
|
2745
|
+
bool compute_quic_early_data_hash(const SSL_CONFIG *config,
|
|
2746
|
+
uint8_t hash_out[SHA256_DIGEST_LENGTH]);
|
|
2747
|
+
|
|
2720
2748
|
// From RFC 8446, used in determining PSK modes.
|
|
2721
2749
|
#define SSL_PSK_DHE_KE 0x1
|
|
2722
2750
|
|
|
@@ -2820,29 +2848,29 @@ void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
|
|
|
2820
2848
|
|
|
2821
2849
|
void ssl_send_alert(SSL *ssl, int level, int desc);
|
|
2822
2850
|
int ssl_send_alert_impl(SSL *ssl, int level, int desc);
|
|
2823
|
-
bool
|
|
2824
|
-
ssl_open_record_t
|
|
2825
|
-
|
|
2826
|
-
void
|
|
2851
|
+
bool tls_get_message(const SSL *ssl, SSLMessage *out);
|
|
2852
|
+
ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
|
|
2853
|
+
uint8_t *out_alert, Span<uint8_t> in);
|
|
2854
|
+
void tls_next_message(SSL *ssl);
|
|
2827
2855
|
|
|
2828
|
-
int
|
|
2829
|
-
ssl_open_record_t
|
|
2830
|
-
|
|
2831
|
-
|
|
2832
|
-
ssl_open_record_t
|
|
2833
|
-
|
|
2834
|
-
|
|
2835
|
-
int
|
|
2836
|
-
|
|
2856
|
+
int tls_dispatch_alert(SSL *ssl);
|
|
2857
|
+
ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out,
|
|
2858
|
+
size_t *out_consumed, uint8_t *out_alert,
|
|
2859
|
+
Span<uint8_t> in);
|
|
2860
|
+
ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
|
|
2861
|
+
uint8_t *out_alert,
|
|
2862
|
+
Span<uint8_t> in);
|
|
2863
|
+
int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
|
|
2864
|
+
int len);
|
|
2837
2865
|
|
|
2838
|
-
bool
|
|
2839
|
-
void
|
|
2866
|
+
bool tls_new(SSL *ssl);
|
|
2867
|
+
void tls_free(SSL *ssl);
|
|
2840
2868
|
|
|
2841
|
-
bool
|
|
2842
|
-
bool
|
|
2843
|
-
bool
|
|
2844
|
-
bool
|
|
2845
|
-
int
|
|
2869
|
+
bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2870
|
+
bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
2871
|
+
bool tls_add_message(SSL *ssl, Array<uint8_t> msg);
|
|
2872
|
+
bool tls_add_change_cipher_spec(SSL *ssl);
|
|
2873
|
+
int tls_flush_flight(SSL *ssl);
|
|
2846
2874
|
|
|
2847
2875
|
bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2848
2876
|
bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
@@ -3292,13 +3320,6 @@ struct ssl_ctx_st {
|
|
|
3292
3320
|
// protocols from the peer.
|
|
3293
3321
|
bool allow_unknown_alpn_protos : 1;
|
|
3294
3322
|
|
|
3295
|
-
// ed25519_enabled is whether Ed25519 is advertised in the handshake.
|
|
3296
|
-
bool ed25519_enabled : 1;
|
|
3297
|
-
|
|
3298
|
-
// rsa_pss_rsae_certs_enabled is whether rsa_pss_rsae_* are supported by the
|
|
3299
|
-
// certificate verifier.
|
|
3300
|
-
bool rsa_pss_rsae_certs_enabled : 1;
|
|
3301
|
-
|
|
3302
3323
|
// false_start_allowed_without_alpn is whether False Start (if
|
|
3303
3324
|
// |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN.
|
|
3304
3325
|
bool false_start_allowed_without_alpn : 1;
|
|
@@ -3315,11 +3336,6 @@ struct ssl_ctx_st {
|
|
|
3315
3336
|
// If enable_early_data is true, early data can be sent and accepted.
|
|
3316
3337
|
bool enable_early_data : 1;
|
|
3317
3338
|
|
|
3318
|
-
// pq_experiment_signal indicates that an empty extension should be sent
|
|
3319
|
-
// (for clients) or echoed (for servers) to indicate participation in an
|
|
3320
|
-
// experiment of post-quantum key exchanges.
|
|
3321
|
-
bool pq_experiment_signal : 1;
|
|
3322
|
-
|
|
3323
3339
|
private:
|
|
3324
3340
|
~ssl_ctx_st();
|
|
3325
3341
|
friend void SSL_CTX_free(SSL_CTX *);
|
|
@@ -3540,6 +3556,13 @@ struct ssl_session_st {
|
|
|
3540
3556
|
// is_server is whether this session was created by a server.
|
|
3541
3557
|
bool is_server : 1;
|
|
3542
3558
|
|
|
3559
|
+
// is_quic indicates whether this session was created using QUIC.
|
|
3560
|
+
bool is_quic : 1;
|
|
3561
|
+
|
|
3562
|
+
// quic_early_data_hash is used to determine whether early data must be
|
|
3563
|
+
// rejected when performing a QUIC handshake.
|
|
3564
|
+
bssl::Array<uint8_t> quic_early_data_hash;
|
|
3565
|
+
|
|
3543
3566
|
private:
|
|
3544
3567
|
~ssl_session_st();
|
|
3545
3568
|
friend void SSL_SESSION_free(SSL_SESSION *);
|