grpc 1.27.0 → 1.28.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +713 -629
- data/include/grpc/impl/codegen/grpc_types.h +5 -0
- data/include/grpc/impl/codegen/port_platform.h +7 -0
- data/include/grpc/impl/codegen/sync.h +5 -3
- data/include/grpc/impl/codegen/sync_abseil.h +36 -0
- data/include/grpc/module.modulemap +3 -0
- data/include/grpc/support/sync_abseil.h +26 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +74 -32
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +4 -1
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +291 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +48 -196
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +9 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +83 -80
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +605 -768
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +43 -75
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +57 -70
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +31 -7
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +228 -286
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +2 -2
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +37 -176
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +7 -11
- data/src/core/ext/filters/client_channel/service_config.cc +91 -160
- data/src/core/ext/filters/client_channel/service_config.h +14 -21
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1221 -268
- data/src/core/ext/filters/client_channel/xds/xds_api.h +211 -152
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +212 -352
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +23 -40
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +12 -9
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +742 -289
- data/src/core/ext/filters/client_channel/xds/xds_client.h +74 -38
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +53 -128
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +105 -132
- data/src/core/ext/filters/message_size/message_size_filter.cc +32 -35
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +3 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -1
- data/src/core/ext/transport/inproc/inproc_transport.cc +22 -42
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +46 -21
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +116 -29
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +4 -362
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +390 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1411 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +29 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -5
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +154 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +19 -15
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +26 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +42 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +83 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +115 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +7 -68
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -71
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +30 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +104 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +383 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +42 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +62 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +793 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +2936 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +58 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +227 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +296 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1072 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +32 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +108 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +52 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +87 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +11 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +38 -34
- data/src/core/ext/upb-generated/validate/validate.upb.h +129 -99
- data/src/core/lib/channel/channel_trace.cc +32 -41
- data/src/core/lib/channel/channel_trace.h +3 -3
- data/src/core/lib/channel/channelz.cc +158 -248
- data/src/core/lib/channel/channelz.h +12 -15
- data/src/core/lib/channel/channelz_registry.cc +47 -74
- data/src/core/lib/channel/channelz_registry.h +4 -4
- data/src/core/lib/gpr/sync_abseil.cc +114 -0
- data/src/core/lib/gpr/sync_posix.cc +8 -5
- data/src/core/lib/gpr/sync_windows.cc +4 -2
- data/src/core/lib/gprpp/host_port.cc +1 -1
- data/src/core/lib/gprpp/inlined_vector.h +1 -210
- data/src/core/lib/gprpp/memory.h +2 -6
- data/src/core/lib/gprpp/optional.h +0 -41
- data/src/core/lib/gprpp/string_view.h +5 -114
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/iomgr/buffer_list.cc +36 -35
- data/src/core/lib/iomgr/error.h +4 -4
- data/src/core/lib/iomgr/ev_epollex_linux.cc +12 -4
- data/src/core/lib/iomgr/load_file.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +17 -17
- data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
- data/src/core/lib/iomgr/tcp_posix.cc +2 -1
- data/src/core/lib/iomgr/work_serializer.cc +155 -0
- data/src/core/lib/iomgr/work_serializer.h +65 -0
- data/src/core/lib/json/json.h +209 -79
- data/src/core/lib/json/json_reader.cc +469 -455
- data/src/core/lib/json/json_writer.cc +173 -169
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +10 -8
- data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +149 -159
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +37 -34
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +5 -7
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +3 -15
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -1
- data/src/core/lib/security/security_connector/ssl_utils.h +0 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +24 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +5 -1
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/security/util/json_util.cc +22 -15
- data/src/core/lib/security/util/json_util.h +2 -2
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/grpc_shadow_boringssl.h +1333 -1319
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +2 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/attributes.h +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +10 -4
- data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +30 -9
- data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +7 -5
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -1
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +2 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +37 -0
- data/third_party/abseil-cpp/absl/base/options.h +2 -10
- data/third_party/abseil-cpp/absl/strings/charconv.cc +0 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
- data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +19 -11
- data/{src/boringssl → third_party/boringssl-with-bazel}/err_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_time.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/connect.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/fd.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/file.c +5 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/pair.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/buf/buf.c +10 -69
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbb.c +41 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbs.c +60 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/derive_key.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesgcmsiv.c +8 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-intel.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/crypto.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/curve25519/spake25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/check.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_derive.c +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdh_extra/ecdh_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/err.c +6 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa.c +14 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519_asn1.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/internal.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/mode_wrappers.c +0 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bcm.c +2 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/exponentiation.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/mul.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/prime.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_aes.c +3 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digests.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_montgomery.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/felem.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/oct.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p224-64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/scalar.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/simple.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/simple_mul.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/wnaf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdh/ecdh.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdsa/ecdsa.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/gcm.c +45 -193
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/internal.h +8 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/rand.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/urandom.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/blinding.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa.c +7 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa_impl.c +60 -51
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha512.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/hrss.c +210 -311
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/internal.h +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/internal.h +21 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/mem.c +70 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj.c +16 -21
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_dat.h +27 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_info.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_lib.c +7 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_oth.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pk8.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pkey.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_arm.c +21 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_vec.c +34 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/pool.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/deterministic.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/windows.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/siphash/siphash.c +3 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_pthread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_win.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_verify.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_dir.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_file.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_cmp.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_obj.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_r2x.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_req.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_set.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_trs.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vfy.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vpm.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_all.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_alt.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_enum.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_info.c +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_purp.c +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_utl.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bn.h +32 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buf.h +9 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bytestring.h +34 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/crypto.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dh.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/digest.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dsa.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec.h +11 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec_key.h +4 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdsa.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/err.h +11 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/evp.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/mem.h +17 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/nid.h +9 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/poly1305.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rand.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rsa.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/sha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl.h +10 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/tls1.h +0 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509_vfy.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_both.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_lib.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_pkt.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_method.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handoff.cc +126 -29
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake.cc +5 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_client.cc +24 -13
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_server.cc +1 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/internal.h +32 -26
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_both.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_lib.cc +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_pkt.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_asn1.cc +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_buffer.cc +34 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cert.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cipher.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_lib.cc +13 -14
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_privkey.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_session.cc +2 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_stat.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_versions.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_enc.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_lib.cc +11 -171
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_both.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_client.cc +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_enc.cc +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_server.cc +78 -101
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_method.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_record.cc +7 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_32.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_tables.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256_32.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256_64.h +0 -0
- metadata +567 -494
- data/src/core/lib/iomgr/logical_thread.cc +0 -103
- data/src/core/lib/iomgr/logical_thread.h +0 -52
- data/src/core/lib/json/json.cc +0 -94
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
@@ -128,8 +128,6 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
|
|
128
128
|
: ssl(ssl_arg),
|
129
129
|
scts_requested(false),
|
130
130
|
needs_psk_binder(false),
|
131
|
-
received_hello_retry_request(false),
|
132
|
-
sent_hello_retry_request(false),
|
133
131
|
handshake_finalized(false),
|
134
132
|
accept_psk_mode(false),
|
135
133
|
cert_request(false),
|
@@ -388,7 +386,8 @@ enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs) {
|
|
388
386
|
// SSL_VERIFY_NONE
|
389
387
|
// 3. We don't call the OCSP callback.
|
390
388
|
// 4. We only support custom verify callbacks.
|
391
|
-
enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs
|
389
|
+
enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs,
|
390
|
+
bool send_alert) {
|
392
391
|
SSL *const ssl = hs->ssl;
|
393
392
|
assert(ssl->s3->established_session == nullptr);
|
394
393
|
assert(hs->config->verify_mode != SSL_VERIFY_NONE);
|
@@ -401,7 +400,9 @@ enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs) {
|
|
401
400
|
|
402
401
|
if (ret == ssl_verify_invalid) {
|
403
402
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_VERIFY_FAILED);
|
404
|
-
|
403
|
+
if (send_alert) {
|
404
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
405
|
+
}
|
405
406
|
}
|
406
407
|
|
407
408
|
return ret;
|
@@ -157,7 +157,6 @@
|
|
157
157
|
|
158
158
|
#include <openssl/aead.h>
|
159
159
|
#include <openssl/bn.h>
|
160
|
-
#include <openssl/buf.h>
|
161
160
|
#include <openssl/bytestring.h>
|
162
161
|
#include <openssl/ec_key.h>
|
163
162
|
#include <openssl/ecdsa.h>
|
@@ -459,8 +458,7 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
|
|
459
458
|
if (!tls13_init_early_key_schedule(
|
460
459
|
hs, MakeConstSpan(ssl->session->master_key,
|
461
460
|
ssl->session->master_key_length)) ||
|
462
|
-
!tls13_derive_early_secret(hs)
|
463
|
-
!tls13_set_early_secret_for_quic(hs)) {
|
461
|
+
!tls13_derive_early_secret(hs)) {
|
464
462
|
return ssl_hs_error;
|
465
463
|
}
|
466
464
|
if (ssl->quic_method == nullptr &&
|
@@ -478,17 +476,30 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
|
|
478
476
|
|
479
477
|
static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs) {
|
480
478
|
if (hs->ssl->ctx->reverify_on_resume) {
|
481
|
-
|
482
|
-
|
483
|
-
|
484
|
-
|
485
|
-
|
486
|
-
|
487
|
-
|
488
|
-
|
479
|
+
// Don't send an alert on error. The alert be in early data, which the
|
480
|
+
// server may not accept anyway. It would also be a mismatch between QUIC
|
481
|
+
// and TCP because the QUIC early keys are deferred below.
|
482
|
+
//
|
483
|
+
// TODO(davidben): The client behavior should be to verify the certificate
|
484
|
+
// before deciding whether to offer the session and, if invalid, decline to
|
485
|
+
// send the session.
|
486
|
+
switch (ssl_reverify_peer_cert(hs, /*send_alert=*/false)) {
|
487
|
+
case ssl_verify_ok:
|
488
|
+
break;
|
489
|
+
case ssl_verify_invalid:
|
490
|
+
return ssl_hs_error;
|
491
|
+
case ssl_verify_retry:
|
492
|
+
hs->state = state_early_reverify_server_certificate;
|
493
|
+
return ssl_hs_certificate_verify;
|
489
494
|
}
|
490
495
|
}
|
491
496
|
|
497
|
+
// Defer releasing the 0-RTT key to after certificate reverification, so the
|
498
|
+
// QUIC implementation does not accidentally write data too early.
|
499
|
+
if (!tls13_set_early_secret_for_quic(hs)) {
|
500
|
+
return ssl_hs_error;
|
501
|
+
}
|
502
|
+
|
492
503
|
hs->in_early_data = true;
|
493
504
|
hs->can_early_write = true;
|
494
505
|
hs->state = state_read_server_hello;
|
@@ -908,7 +919,7 @@ static enum ssl_hs_wait_t do_verify_server_certificate(SSL_HANDSHAKE *hs) {
|
|
908
919
|
static enum ssl_hs_wait_t do_reverify_server_certificate(SSL_HANDSHAKE *hs) {
|
909
920
|
assert(hs->ssl->ctx->reverify_on_resume);
|
910
921
|
|
911
|
-
switch (ssl_reverify_peer_cert(hs)) {
|
922
|
+
switch (ssl_reverify_peer_cert(hs, /*send_alert=*/true)) {
|
912
923
|
case ssl_verify_ok:
|
913
924
|
break;
|
914
925
|
case ssl_verify_invalid:
|
@@ -1291,7 +1302,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1291
1302
|
}
|
1292
1303
|
assert(psk_len <= PSK_MAX_PSK_LEN);
|
1293
1304
|
|
1294
|
-
hs->new_session->psk_identity.reset(
|
1305
|
+
hs->new_session->psk_identity.reset(OPENSSL_strdup(identity));
|
1295
1306
|
if (hs->new_session->psk_identity == nullptr) {
|
1296
1307
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
1297
1308
|
return ssl_hs_error;
|
@@ -152,7 +152,6 @@
|
|
152
152
|
#include <string.h>
|
153
153
|
|
154
154
|
#include <openssl/bn.h>
|
155
|
-
#include <openssl/buf.h>
|
156
155
|
#include <openssl/bytestring.h>
|
157
156
|
#include <openssl/cipher.h>
|
158
157
|
#include <openssl/ec.h>
|
@@ -1093,12 +1092,9 @@ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) {
|
|
1093
1092
|
!CBB_add_u8_length_prefixed(&body, &cert_types) ||
|
1094
1093
|
!CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
|
1095
1094
|
!CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
|
1096
|
-
// TLS 1.2 has no way to specify different signature algorithms for
|
1097
|
-
// certificates and the online signature, so emit the more restrictive
|
1098
|
-
// certificate list.
|
1099
1095
|
(ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
|
1100
1096
|
(!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
|
1101
|
-
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb
|
1097
|
+
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
|
1102
1098
|
!ssl_add_client_CA_list(hs, &body) ||
|
1103
1099
|
!ssl_add_message_cbb(ssl, cbb.get())) {
|
1104
1100
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
@@ -1239,6 +1239,11 @@ class SSLBuffer {
|
|
1239
1239
|
uint16_t size_ = 0;
|
1240
1240
|
// cap_ is how much memory beyond |buf_| + |offset_| is available.
|
1241
1241
|
uint16_t cap_ = 0;
|
1242
|
+
// inline_buf_ is a static buffer for short reads.
|
1243
|
+
uint8_t inline_buf_[SSL3_RT_HEADER_LENGTH];
|
1244
|
+
// buf_allocated_ is true if |buf_| points to allocated data and must be freed
|
1245
|
+
// or false if it points into |inline_buf_|.
|
1246
|
+
bool buf_allocated_ = false;
|
1242
1247
|
};
|
1243
1248
|
|
1244
1249
|
// ssl_read_buffer_extend_to extends the read buffer to the desired length. For
|
@@ -1472,12 +1477,31 @@ enum tls12_server_hs_state_t {
|
|
1472
1477
|
state12_done,
|
1473
1478
|
};
|
1474
1479
|
|
1480
|
+
enum tls13_server_hs_state_t {
|
1481
|
+
state13_select_parameters = 0,
|
1482
|
+
state13_select_session,
|
1483
|
+
state13_send_hello_retry_request,
|
1484
|
+
state13_read_second_client_hello,
|
1485
|
+
state13_send_server_hello,
|
1486
|
+
state13_send_server_certificate_verify,
|
1487
|
+
state13_send_server_finished,
|
1488
|
+
state13_read_second_client_flight,
|
1489
|
+
state13_process_end_of_early_data,
|
1490
|
+
state13_read_client_certificate,
|
1491
|
+
state13_read_client_certificate_verify,
|
1492
|
+
state13_read_channel_id,
|
1493
|
+
state13_read_client_finished,
|
1494
|
+
state13_send_new_session_ticket,
|
1495
|
+
state13_done,
|
1496
|
+
};
|
1497
|
+
|
1475
1498
|
// handback_t lists the points in the state machine where a handback can occur.
|
1476
1499
|
// These are the different points at which key material is no longer needed.
|
1477
1500
|
enum handback_t {
|
1478
1501
|
handback_after_session_resumption,
|
1479
1502
|
handback_after_ecdhe,
|
1480
1503
|
handback_after_handshake,
|
1504
|
+
handback_tls13,
|
1481
1505
|
};
|
1482
1506
|
|
1483
1507
|
|
@@ -1693,9 +1717,6 @@ struct SSL_HANDSHAKE {
|
|
1693
1717
|
// be filled in.
|
1694
1718
|
bool needs_psk_binder : 1;
|
1695
1719
|
|
1696
|
-
bool received_hello_retry_request : 1;
|
1697
|
-
bool sent_hello_retry_request : 1;
|
1698
|
-
|
1699
1720
|
// handshake_finalized is true once the handshake has completed, at which
|
1700
1721
|
// point accessors should use the established state.
|
1701
1722
|
bool handshake_finalized : 1;
|
@@ -1914,7 +1935,8 @@ int ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert,
|
|
1914
1935
|
enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs);
|
1915
1936
|
// ssl_reverify_peer_cert verifies the peer certificate for |hs| when resuming a
|
1916
1937
|
// session.
|
1917
|
-
enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs
|
1938
|
+
enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs,
|
1939
|
+
bool send_alert);
|
1918
1940
|
|
1919
1941
|
enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
|
1920
1942
|
bool ssl_send_finished(SSL_HANDSHAKE *hs);
|
@@ -1976,10 +1998,8 @@ bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out);
|
|
1976
1998
|
Span<const uint16_t> tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs);
|
1977
1999
|
|
1978
2000
|
// tls12_add_verify_sigalgs adds the signature algorithms acceptable for the
|
1979
|
-
// peer signature to |out|. It returns true on success and false on error.
|
1980
|
-
|
1981
|
-
// certificates is used. Otherwise, the online signature one is used.
|
1982
|
-
bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out, bool for_certs);
|
2001
|
+
// peer signature to |out|. It returns true on success and false on error.
|
2002
|
+
bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out);
|
1983
2003
|
|
1984
2004
|
// tls12_check_peer_sigalg checks if |sigalg| is acceptable for the peer
|
1985
2005
|
// signature. It returns true on success and false on error, setting
|
@@ -1987,11 +2007,6 @@ bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out, bool for_certs);
|
|
1987
2007
|
bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
|
1988
2008
|
uint16_t sigalg);
|
1989
2009
|
|
1990
|
-
// tls12_has_different_verify_sigalgs_for_certs returns whether |ssl| has a
|
1991
|
-
// different, more restrictive, list of signature algorithms acceptable for the
|
1992
|
-
// certificate than the online signature.
|
1993
|
-
bool tls12_has_different_verify_sigalgs_for_certs(const SSL *ssl);
|
1994
|
-
|
1995
2010
|
|
1996
2011
|
// Underdocumented functions.
|
1997
2012
|
//
|
@@ -2376,10 +2391,6 @@ struct SSL3_STATE {
|
|
2376
2391
|
// token_binding_negotiated is set if Token Binding was negotiated.
|
2377
2392
|
bool token_binding_negotiated : 1;
|
2378
2393
|
|
2379
|
-
// pq_experimental_signal_seen is true if the peer was observed
|
2380
|
-
// sending/echoing the post-quantum experiment signal.
|
2381
|
-
bool pq_experiment_signal_seen : 1;
|
2382
|
-
|
2383
2394
|
// alert_dispatch is true there is an alert in |send_alert| to be sent.
|
2384
2395
|
bool alert_dispatch : 1;
|
2385
2396
|
|
@@ -2387,6 +2398,10 @@ struct SSL3_STATE {
|
|
2387
2398
|
// HelloRequest.
|
2388
2399
|
bool renegotiate_pending : 1;
|
2389
2400
|
|
2401
|
+
// used_hello_retry_request is whether the handshake used a TLS 1.3
|
2402
|
+
// HelloRetryRequest message.
|
2403
|
+
bool used_hello_retry_request : 1;
|
2404
|
+
|
2390
2405
|
// hs_buf is the buffer of handshake data to process.
|
2391
2406
|
UniquePtr<BUF_MEM> hs_buf;
|
2392
2407
|
|
@@ -3295,10 +3310,6 @@ struct ssl_ctx_st {
|
|
3295
3310
|
// ed25519_enabled is whether Ed25519 is advertised in the handshake.
|
3296
3311
|
bool ed25519_enabled : 1;
|
3297
3312
|
|
3298
|
-
// rsa_pss_rsae_certs_enabled is whether rsa_pss_rsae_* are supported by the
|
3299
|
-
// certificate verifier.
|
3300
|
-
bool rsa_pss_rsae_certs_enabled : 1;
|
3301
|
-
|
3302
3313
|
// false_start_allowed_without_alpn is whether False Start (if
|
3303
3314
|
// |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN.
|
3304
3315
|
bool false_start_allowed_without_alpn : 1;
|
@@ -3315,11 +3326,6 @@ struct ssl_ctx_st {
|
|
3315
3326
|
// If enable_early_data is true, early data can be sent and accepted.
|
3316
3327
|
bool enable_early_data : 1;
|
3317
3328
|
|
3318
|
-
// pq_experiment_signal indicates that an empty extension should be sent
|
3319
|
-
// (for clients) or echoed (for servers) to indicate participation in an
|
3320
|
-
// experiment of post-quantum key exchanges.
|
3321
|
-
bool pq_experiment_signal : 1;
|
3322
|
-
|
3323
3329
|
private:
|
3324
3330
|
~ssl_ctx_st();
|
3325
3331
|
friend void SSL_CTX_free(SSL_CTX *);
|
File without changes
|
@@ -151,7 +151,6 @@
|
|
151
151
|
#include <assert.h>
|
152
152
|
#include <string.h>
|
153
153
|
|
154
|
-
#include <openssl/buf.h>
|
155
154
|
#include <openssl/digest.h>
|
156
155
|
#include <openssl/err.h>
|
157
156
|
#include <openssl/md5.h>
|
@@ -180,9 +179,9 @@ SSL3_STATE::SSL3_STATE()
|
|
180
179
|
early_data_accepted(false),
|
181
180
|
tls13_downgrade(false),
|
182
181
|
token_binding_negotiated(false),
|
183
|
-
pq_experiment_signal_seen(false),
|
184
182
|
alert_dispatch(false),
|
185
|
-
renegotiate_pending(false)
|
183
|
+
renegotiate_pending(false),
|
184
|
+
used_hello_retry_request(false) {}
|
186
185
|
|
187
186
|
SSL3_STATE::~SSL3_STATE() {}
|
188
187
|
|
File without changes
|
@@ -87,7 +87,6 @@
|
|
87
87
|
|
88
88
|
#include <utility>
|
89
89
|
|
90
|
-
#include <openssl/buf.h>
|
91
90
|
#include <openssl/bytestring.h>
|
92
91
|
#include <openssl/err.h>
|
93
92
|
#include <openssl/mem.h>
|
@@ -758,7 +757,7 @@ int SSL_SESSION_to_bytes(const SSL_SESSION *in, uint8_t **out_data,
|
|
758
757
|
static const char kNotResumableSession[] = "NOT RESUMABLE";
|
759
758
|
|
760
759
|
*out_len = strlen(kNotResumableSession);
|
761
|
-
*out_data = (uint8_t *)
|
760
|
+
*out_data = (uint8_t *)OPENSSL_memdup(kNotResumableSession, *out_len);
|
762
761
|
if (*out_data == NULL) {
|
763
762
|
return 0;
|
764
763
|
}
|
@@ -37,8 +37,11 @@ static_assert((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0,
|
|
37
37
|
"SSL3_ALIGN_PAYLOAD must be a power of 2");
|
38
38
|
|
39
39
|
void SSLBuffer::Clear() {
|
40
|
-
|
40
|
+
if (buf_allocated_) {
|
41
|
+
free(buf_); // Allocated with malloc().
|
42
|
+
}
|
41
43
|
buf_ = nullptr;
|
44
|
+
buf_allocated_ = false;
|
42
45
|
offset_ = 0;
|
43
46
|
size_ = 0;
|
44
47
|
cap_ = 0;
|
@@ -54,27 +57,43 @@ bool SSLBuffer::EnsureCap(size_t header_len, size_t new_cap) {
|
|
54
57
|
return true;
|
55
58
|
}
|
56
59
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
60
|
+
uint8_t *new_buf;
|
61
|
+
bool new_buf_allocated;
|
62
|
+
size_t new_offset;
|
63
|
+
if (new_cap <= sizeof(inline_buf_)) {
|
64
|
+
// This function is called twice per TLS record, first for the five-byte
|
65
|
+
// header. To avoid allocating twice, use an inline buffer for short inputs.
|
66
|
+
new_buf = inline_buf_;
|
67
|
+
new_buf_allocated = false;
|
68
|
+
new_offset = 0;
|
69
|
+
} else {
|
70
|
+
// Add up to |SSL3_ALIGN_PAYLOAD| - 1 bytes of slack for alignment.
|
71
|
+
//
|
72
|
+
// Since this buffer gets allocated quite frequently and doesn't contain any
|
73
|
+
// sensitive data, we allocate with malloc rather than |OPENSSL_malloc| and
|
74
|
+
// avoid zeroing on free.
|
75
|
+
new_buf = (uint8_t *)malloc(new_cap + SSL3_ALIGN_PAYLOAD - 1);
|
76
|
+
if (new_buf == NULL) {
|
77
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
78
|
+
return false;
|
79
|
+
}
|
80
|
+
new_buf_allocated = true;
|
81
|
+
|
82
|
+
// Offset the buffer such that the record body is aligned.
|
83
|
+
new_offset =
|
84
|
+
(0 - header_len - (uintptr_t)new_buf) & (SSL3_ALIGN_PAYLOAD - 1);
|
66
85
|
}
|
67
86
|
|
68
|
-
//
|
69
|
-
|
70
|
-
|
87
|
+
// Note if the both old and new buffer are inline, the source and destination
|
88
|
+
// may alias.
|
89
|
+
OPENSSL_memmove(new_buf + new_offset, buf_ + offset_, size_);
|
71
90
|
|
72
|
-
if (
|
73
|
-
OPENSSL_memcpy(new_buf + new_offset, buf_ + offset_, size_);
|
91
|
+
if (buf_allocated_) {
|
74
92
|
free(buf_); // Allocated with malloc().
|
75
93
|
}
|
76
94
|
|
77
95
|
buf_ = new_buf;
|
96
|
+
buf_allocated_ = new_buf_allocated;
|
78
97
|
offset_ = new_offset;
|
79
98
|
cap_ = new_cap;
|
80
99
|
return true;
|
File without changes
|
File without changes
|
@@ -565,12 +565,10 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
|
|
565
565
|
grease_enabled(false),
|
566
566
|
allow_unknown_alpn_protos(false),
|
567
567
|
ed25519_enabled(false),
|
568
|
-
rsa_pss_rsae_certs_enabled(true),
|
569
568
|
false_start_allowed_without_alpn(false),
|
570
569
|
ignore_tls13_downgrade(false),
|
571
570
|
handoff(false),
|
572
|
-
enable_early_data(false)
|
573
|
-
pq_experiment_signal(false) {
|
571
|
+
enable_early_data(false) {
|
574
572
|
CRYPTO_MUTEX_init(&lock);
|
575
573
|
CRYPTO_new_ex_data(&ex_data);
|
576
574
|
}
|
@@ -699,7 +697,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
|
|
699
697
|
|
700
698
|
if (ctx->psk_identity_hint) {
|
701
699
|
ssl->config->psk_identity_hint.reset(
|
702
|
-
|
700
|
+
OPENSSL_strdup(ctx->psk_identity_hint.get()));
|
703
701
|
if (ssl->config->psk_identity_hint == nullptr) {
|
704
702
|
return nullptr;
|
705
703
|
}
|
@@ -1238,14 +1236,6 @@ int SSL_send_fatal_alert(SSL *ssl, uint8_t alert) {
|
|
1238
1236
|
return ssl_send_alert_impl(ssl, SSL3_AL_FATAL, alert);
|
1239
1237
|
}
|
1240
1238
|
|
1241
|
-
void SSL_CTX_enable_pq_experiment_signal(SSL_CTX *ctx) {
|
1242
|
-
ctx->pq_experiment_signal = true;
|
1243
|
-
}
|
1244
|
-
|
1245
|
-
int SSL_pq_experiment_signal_seen(const SSL *ssl) {
|
1246
|
-
return ssl->s3->pq_experiment_signal_seen;
|
1247
|
-
}
|
1248
|
-
|
1249
1239
|
int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
|
1250
1240
|
size_t params_len) {
|
1251
1241
|
return ssl->config && ssl->config->quic_transport_params.CopyFrom(
|
@@ -2129,7 +2119,7 @@ int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
|
|
2129
2119
|
OPENSSL_PUT_ERROR(SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
|
2130
2120
|
return 0;
|
2131
2121
|
}
|
2132
|
-
ssl->hostname.reset(
|
2122
|
+
ssl->hostname.reset(OPENSSL_strdup(name));
|
2133
2123
|
if (ssl->hostname == nullptr) {
|
2134
2124
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
2135
2125
|
return 0;
|
@@ -2496,6 +2486,11 @@ char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len) {
|
|
2496
2486
|
return buf;
|
2497
2487
|
}
|
2498
2488
|
|
2489
|
+
int SSL_get_shared_sigalgs(SSL *ssl, int idx, int *psign, int *phash,
|
2490
|
+
int *psignandhash, uint8_t *rsig, uint8_t *rhash) {
|
2491
|
+
return 0;
|
2492
|
+
}
|
2493
|
+
|
2499
2494
|
int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) {
|
2500
2495
|
if (ctx->method->is_dtls) {
|
2501
2496
|
return 0;
|
@@ -2580,7 +2575,7 @@ static int use_psk_identity_hint(UniquePtr<char> *out,
|
|
2580
2575
|
// ECDHE_PSK can only spell empty hint. Having different capabilities is odd,
|
2581
2576
|
// so we interpret empty and missing as identical.
|
2582
2577
|
if (identity_hint != NULL && identity_hint[0] != '\0') {
|
2583
|
-
out->reset(
|
2578
|
+
out->reset(OPENSSL_strdup(identity_hint));
|
2584
2579
|
if (*out == nullptr) {
|
2585
2580
|
return 0;
|
2586
2581
|
}
|
@@ -2854,6 +2849,10 @@ void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
|
|
2854
2849
|
|
2855
2850
|
int SSL_is_tls13_downgrade(const SSL *ssl) { return ssl->s3->tls13_downgrade; }
|
2856
2851
|
|
2852
|
+
int SSL_used_hello_retry_request(const SSL *ssl) {
|
2853
|
+
return ssl->s3->used_hello_retry_request;
|
2854
|
+
}
|
2855
|
+
|
2857
2856
|
void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {
|
2858
2857
|
ctx->ignore_tls13_downgrade = !!ignore;
|
2859
2858
|
}
|