grpc 1.27.0 → 1.28.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +713 -629
- data/include/grpc/impl/codegen/grpc_types.h +5 -0
- data/include/grpc/impl/codegen/port_platform.h +7 -0
- data/include/grpc/impl/codegen/sync.h +5 -3
- data/include/grpc/impl/codegen/sync_abseil.h +36 -0
- data/include/grpc/module.modulemap +3 -0
- data/include/grpc/support/sync_abseil.h +26 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +74 -32
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +4 -1
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +291 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +48 -196
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +9 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +83 -80
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +605 -768
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +43 -75
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +57 -70
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +31 -7
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +228 -286
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +2 -2
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +37 -176
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +7 -11
- data/src/core/ext/filters/client_channel/service_config.cc +91 -160
- data/src/core/ext/filters/client_channel/service_config.h +14 -21
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1221 -268
- data/src/core/ext/filters/client_channel/xds/xds_api.h +211 -152
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +212 -352
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +23 -40
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +12 -9
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +742 -289
- data/src/core/ext/filters/client_channel/xds/xds_client.h +74 -38
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +53 -128
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +105 -132
- data/src/core/ext/filters/message_size/message_size_filter.cc +32 -35
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +3 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -1
- data/src/core/ext/transport/inproc/inproc_transport.cc +22 -42
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +46 -21
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +116 -29
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +4 -362
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +390 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1411 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +29 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -5
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +154 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +19 -15
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +26 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +42 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +83 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +115 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +7 -68
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -71
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +30 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +104 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +383 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +42 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +62 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +793 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +2936 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +58 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +227 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +296 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1072 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +32 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +108 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +52 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +87 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +11 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +38 -34
- data/src/core/ext/upb-generated/validate/validate.upb.h +129 -99
- data/src/core/lib/channel/channel_trace.cc +32 -41
- data/src/core/lib/channel/channel_trace.h +3 -3
- data/src/core/lib/channel/channelz.cc +158 -248
- data/src/core/lib/channel/channelz.h +12 -15
- data/src/core/lib/channel/channelz_registry.cc +47 -74
- data/src/core/lib/channel/channelz_registry.h +4 -4
- data/src/core/lib/gpr/sync_abseil.cc +114 -0
- data/src/core/lib/gpr/sync_posix.cc +8 -5
- data/src/core/lib/gpr/sync_windows.cc +4 -2
- data/src/core/lib/gprpp/host_port.cc +1 -1
- data/src/core/lib/gprpp/inlined_vector.h +1 -210
- data/src/core/lib/gprpp/memory.h +2 -6
- data/src/core/lib/gprpp/optional.h +0 -41
- data/src/core/lib/gprpp/string_view.h +5 -114
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/iomgr/buffer_list.cc +36 -35
- data/src/core/lib/iomgr/error.h +4 -4
- data/src/core/lib/iomgr/ev_epollex_linux.cc +12 -4
- data/src/core/lib/iomgr/load_file.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +17 -17
- data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
- data/src/core/lib/iomgr/tcp_posix.cc +2 -1
- data/src/core/lib/iomgr/work_serializer.cc +155 -0
- data/src/core/lib/iomgr/work_serializer.h +65 -0
- data/src/core/lib/json/json.h +209 -79
- data/src/core/lib/json/json_reader.cc +469 -455
- data/src/core/lib/json/json_writer.cc +173 -169
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +10 -8
- data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +149 -159
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +37 -34
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +5 -7
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +3 -15
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -1
- data/src/core/lib/security/security_connector/ssl_utils.h +0 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +24 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +5 -1
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/security/util/json_util.cc +22 -15
- data/src/core/lib/security/util/json_util.h +2 -2
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/grpc_shadow_boringssl.h +1333 -1319
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +2 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/attributes.h +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +10 -4
- data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +30 -9
- data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +7 -5
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -1
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +2 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +37 -0
- data/third_party/abseil-cpp/absl/base/options.h +2 -10
- data/third_party/abseil-cpp/absl/strings/charconv.cc +0 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
- data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +19 -11
- data/{src/boringssl → third_party/boringssl-with-bazel}/err_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_time.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/connect.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/fd.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/file.c +5 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/pair.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/buf/buf.c +10 -69
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbb.c +41 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbs.c +60 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/derive_key.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesgcmsiv.c +8 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-intel.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/crypto.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/curve25519/spake25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/check.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_derive.c +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdh_extra/ecdh_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/err.c +6 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa.c +14 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519_asn1.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/internal.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/mode_wrappers.c +0 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bcm.c +2 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/exponentiation.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/mul.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/prime.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_aes.c +3 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digests.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_montgomery.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/felem.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/oct.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p224-64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/scalar.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/simple.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/simple_mul.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/wnaf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdh/ecdh.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdsa/ecdsa.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/gcm.c +45 -193
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/internal.h +8 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/rand.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/urandom.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/blinding.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa.c +7 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa_impl.c +60 -51
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha512.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/hrss.c +210 -311
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/internal.h +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/internal.h +21 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/mem.c +70 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj.c +16 -21
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_dat.h +27 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_info.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_lib.c +7 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_oth.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pk8.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pkey.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_arm.c +21 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_vec.c +34 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/pool.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/deterministic.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/windows.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/siphash/siphash.c +3 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_pthread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_win.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_verify.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_dir.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_file.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_cmp.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_obj.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_r2x.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_req.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_set.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_trs.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vfy.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vpm.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_all.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_alt.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_enum.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_info.c +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_purp.c +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_utl.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bn.h +32 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buf.h +9 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bytestring.h +34 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/crypto.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dh.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/digest.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dsa.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec.h +11 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec_key.h +4 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdsa.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/err.h +11 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/evp.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/mem.h +17 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/nid.h +9 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/poly1305.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rand.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rsa.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/sha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl.h +10 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/tls1.h +0 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509_vfy.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_both.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_lib.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_pkt.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_method.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handoff.cc +126 -29
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake.cc +5 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_client.cc +24 -13
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_server.cc +1 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/internal.h +32 -26
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_both.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_lib.cc +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_pkt.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_asn1.cc +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_buffer.cc +34 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cert.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cipher.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_lib.cc +13 -14
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_privkey.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_session.cc +2 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_stat.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_versions.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_enc.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_lib.cc +11 -171
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_both.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_client.cc +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_enc.cc +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_server.cc +78 -101
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_method.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_record.cc +7 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_32.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_tables.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256_32.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256_64.h +0 -0
- metadata +567 -494
- data/src/core/lib/iomgr/logical_thread.cc +0 -103
- data/src/core/lib/iomgr/logical_thread.h +0 -52
- data/src/core/lib/json/json.cc +0 -94
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
File without changes
|
@@ -208,7 +208,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
208
208
|
|
209
209
|
// Copy authentication state.
|
210
210
|
if (session->psk_identity != nullptr) {
|
211
|
-
new_session->psk_identity.reset(
|
211
|
+
new_session->psk_identity.reset(
|
212
|
+
OPENSSL_strdup(session->psk_identity.get()));
|
212
213
|
if (new_session->psk_identity == nullptr) {
|
213
214
|
return nullptr;
|
214
215
|
}
|
File without changes
|
File without changes
|
@@ -150,7 +150,7 @@ static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
|
|
150
150
|
uint16_t version) {
|
151
151
|
// Zero is interpreted as the default maximum version.
|
152
152
|
if (version == 0) {
|
153
|
-
*out = method->is_dtls ? DTLS1_2_VERSION :
|
153
|
+
*out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION;
|
154
154
|
return true;
|
155
155
|
}
|
156
156
|
|
File without changes
|
File without changes
|
@@ -411,10 +411,6 @@ bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
|
|
411
411
|
|
412
412
|
// kVerifySignatureAlgorithms is the default list of accepted signature
|
413
413
|
// algorithms for verifying.
|
414
|
-
//
|
415
|
-
// For now, RSA-PSS signature algorithms are not enabled on Android's system
|
416
|
-
// BoringSSL. Once the change in Chrome has stuck and the values are finalized,
|
417
|
-
// restore them.
|
418
414
|
static const uint16_t kVerifySignatureAlgorithms[] = {
|
419
415
|
// List our preferred algorithms first.
|
420
416
|
SSL_SIGN_ED25519,
|
@@ -432,15 +428,10 @@ static const uint16_t kVerifySignatureAlgorithms[] = {
|
|
432
428
|
|
433
429
|
// For now, SHA-1 is still accepted but least preferable.
|
434
430
|
SSL_SIGN_RSA_PKCS1_SHA1,
|
435
|
-
|
436
431
|
};
|
437
432
|
|
438
433
|
// kSignSignatureAlgorithms is the default list of supported signature
|
439
434
|
// algorithms for signing.
|
440
|
-
//
|
441
|
-
// For now, RSA-PSS signature algorithms are not enabled on Android's system
|
442
|
-
// BoringSSL. Once the change in Chrome has stuck and the values are finalized,
|
443
|
-
// restore them.
|
444
435
|
static const uint16_t kSignSignatureAlgorithms[] = {
|
445
436
|
// List our preferred algorithms first.
|
446
437
|
SSL_SIGN_ED25519,
|
@@ -472,39 +463,17 @@ struct SSLSignatureAlgorithmList {
|
|
472
463
|
if (skip_ed25519 && sigalg == SSL_SIGN_ED25519) {
|
473
464
|
continue;
|
474
465
|
}
|
475
|
-
if (skip_rsa_pss_rsae && SSL_is_signature_algorithm_rsa_pss(sigalg)) {
|
476
|
-
continue;
|
477
|
-
}
|
478
466
|
*out = sigalg;
|
479
467
|
return true;
|
480
468
|
}
|
481
469
|
return false;
|
482
470
|
}
|
483
471
|
|
484
|
-
bool operator==(const SSLSignatureAlgorithmList &other) const {
|
485
|
-
SSLSignatureAlgorithmList a = *this;
|
486
|
-
SSLSignatureAlgorithmList b = other;
|
487
|
-
uint16_t a_val, b_val;
|
488
|
-
while (a.Next(&a_val)) {
|
489
|
-
if (!b.Next(&b_val) ||
|
490
|
-
a_val != b_val) {
|
491
|
-
return false;
|
492
|
-
}
|
493
|
-
}
|
494
|
-
return !b.Next(&b_val);
|
495
|
-
}
|
496
|
-
|
497
|
-
bool operator!=(const SSLSignatureAlgorithmList &other) const {
|
498
|
-
return !(*this == other);
|
499
|
-
}
|
500
|
-
|
501
472
|
Span<const uint16_t> list;
|
502
473
|
bool skip_ed25519 = false;
|
503
|
-
bool skip_rsa_pss_rsae = false;
|
504
474
|
};
|
505
475
|
|
506
|
-
static SSLSignatureAlgorithmList tls12_get_verify_sigalgs(const SSL *ssl
|
507
|
-
bool for_certs) {
|
476
|
+
static SSLSignatureAlgorithmList tls12_get_verify_sigalgs(const SSL *ssl) {
|
508
477
|
SSLSignatureAlgorithmList ret;
|
509
478
|
if (!ssl->config->verify_sigalgs.empty()) {
|
510
479
|
ret.list = ssl->config->verify_sigalgs;
|
@@ -512,14 +481,11 @@ static SSLSignatureAlgorithmList tls12_get_verify_sigalgs(const SSL *ssl,
|
|
512
481
|
ret.list = kVerifySignatureAlgorithms;
|
513
482
|
ret.skip_ed25519 = !ssl->ctx->ed25519_enabled;
|
514
483
|
}
|
515
|
-
if (for_certs) {
|
516
|
-
ret.skip_rsa_pss_rsae = !ssl->ctx->rsa_pss_rsae_certs_enabled;
|
517
|
-
}
|
518
484
|
return ret;
|
519
485
|
}
|
520
486
|
|
521
|
-
bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out
|
522
|
-
SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl
|
487
|
+
bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
|
488
|
+
SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl);
|
523
489
|
uint16_t sigalg;
|
524
490
|
while (list.Next(&sigalg)) {
|
525
491
|
if (!CBB_add_u16(out, sigalg)) {
|
@@ -531,7 +497,7 @@ bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out, bool for_certs) {
|
|
531
497
|
|
532
498
|
bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
|
533
499
|
uint16_t sigalg) {
|
534
|
-
SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl
|
500
|
+
SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl);
|
535
501
|
uint16_t verify_sigalg;
|
536
502
|
while (list.Next(&verify_sigalg)) {
|
537
503
|
if (verify_sigalg == sigalg) {
|
@@ -544,11 +510,6 @@ bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
|
|
544
510
|
return false;
|
545
511
|
}
|
546
512
|
|
547
|
-
bool tls12_has_different_verify_sigalgs_for_certs(const SSL *ssl) {
|
548
|
-
return tls12_get_verify_sigalgs(ssl, true) !=
|
549
|
-
tls12_get_verify_sigalgs(ssl, false);
|
550
|
-
}
|
551
|
-
|
552
513
|
// tls_extension represents a TLS extension that is handled internally. The
|
553
514
|
// |init| function is called for each handshake, before any other functions of
|
554
515
|
// the extension. Then the add and parse callbacks are called as needed.
|
@@ -980,23 +941,11 @@ static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
980
941
|
return true;
|
981
942
|
}
|
982
943
|
|
983
|
-
// Prior to TLS 1.3, there was no way to signal different signature algorithm
|
984
|
-
// preferences between the online signature and certificates. If we do not
|
985
|
-
// send the signature_algorithms_cert extension, use the potentially more
|
986
|
-
// restrictive certificate list.
|
987
|
-
//
|
988
|
-
// TODO(davidben): When TLS 1.3 is finalized, we can likely remove the TLS 1.3
|
989
|
-
// check both here and in signature_algorithms_cert. |hs->max_version| is not
|
990
|
-
// the negotiated version. Rather the expectation is that any server consuming
|
991
|
-
// signature algorithms added in TLS 1.3 will also know to look at
|
992
|
-
// signature_algorithms_cert. For now, TLS 1.3 is not quite yet final and it
|
993
|
-
// seems prudent to condition this new extension on it.
|
994
|
-
bool for_certs = hs->max_version < TLS1_3_VERSION;
|
995
944
|
CBB contents, sigalgs_cbb;
|
996
945
|
if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms) ||
|
997
946
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
998
947
|
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
|
999
|
-
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb
|
948
|
+
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb) ||
|
1000
949
|
!CBB_flush(out)) {
|
1001
950
|
return false;
|
1002
951
|
}
|
@@ -1022,35 +971,6 @@ static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1022
971
|
}
|
1023
972
|
|
1024
973
|
|
1025
|
-
// Signature Algorithms for Certificates.
|
1026
|
-
//
|
1027
|
-
// https://tools.ietf.org/html/rfc8446#section-4.2.3
|
1028
|
-
|
1029
|
-
static bool ext_sigalgs_cert_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1030
|
-
SSL *const ssl = hs->ssl;
|
1031
|
-
// If this extension is omitted, it defaults to the signature_algorithms
|
1032
|
-
// extension, so only emit it if the list is different.
|
1033
|
-
//
|
1034
|
-
// This extension is also new in TLS 1.3, so omit it if TLS 1.3 is disabled.
|
1035
|
-
// There is a corresponding version check in |ext_sigalgs_add_clienthello|.
|
1036
|
-
if (hs->max_version < TLS1_3_VERSION ||
|
1037
|
-
!tls12_has_different_verify_sigalgs_for_certs(ssl)) {
|
1038
|
-
return true;
|
1039
|
-
}
|
1040
|
-
|
1041
|
-
CBB contents, sigalgs_cbb;
|
1042
|
-
if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms_cert) ||
|
1043
|
-
!CBB_add_u16_length_prefixed(out, &contents) ||
|
1044
|
-
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
|
1045
|
-
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, true /* certs */) ||
|
1046
|
-
!CBB_flush(out)) {
|
1047
|
-
return false;
|
1048
|
-
}
|
1049
|
-
|
1050
|
-
return true;
|
1051
|
-
}
|
1052
|
-
|
1053
|
-
|
1054
974
|
// OCSP Stapling.
|
1055
975
|
//
|
1056
976
|
// https://tools.ietf.org/html/rfc6066#section-8
|
@@ -1845,7 +1765,7 @@ static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1845
1765
|
// Per RFC 8446 section 4.1.4, skip offering the session if the selected
|
1846
1766
|
// cipher in HelloRetryRequest does not match. This avoids performing the
|
1847
1767
|
// transcript hash transformation for multiple hashes.
|
1848
|
-
if (
|
1768
|
+
if (ssl->s3 && ssl->s3->used_hello_retry_request &&
|
1849
1769
|
ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
|
1850
1770
|
return true;
|
1851
1771
|
}
|
@@ -2035,7 +1955,7 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2035
1955
|
SSL *const ssl = hs->ssl;
|
2036
1956
|
// The second ClientHello never offers early data, and we must have already
|
2037
1957
|
// filled in |early_data_reason| by this point.
|
2038
|
-
if (
|
1958
|
+
if (ssl->s3->used_hello_retry_request) {
|
2039
1959
|
assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
|
2040
1960
|
return true;
|
2041
1961
|
}
|
@@ -2089,7 +2009,7 @@ static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2089
2009
|
CBS *contents) {
|
2090
2010
|
SSL *const ssl = hs->ssl;
|
2091
2011
|
if (contents == NULL) {
|
2092
|
-
if (hs->early_data_offered && !
|
2012
|
+
if (hs->early_data_offered && !ssl->s3->used_hello_retry_request) {
|
2093
2013
|
ssl->s3->early_data_reason = ssl->s3->session_reused
|
2094
2014
|
? ssl_early_data_peer_declined
|
2095
2015
|
: ssl_early_data_session_not_resumed;
|
@@ -2104,7 +2024,7 @@ static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2104
2024
|
// If we received an HRR, the second ClientHello never offers early data, so
|
2105
2025
|
// the extensions logic will automatically reject early data extensions as
|
2106
2026
|
// unsolicited. This covered by the ServerAcceptsEarlyDataOnHRR test.
|
2107
|
-
assert(!
|
2027
|
+
assert(!ssl->s3->used_hello_retry_request);
|
2108
2028
|
|
2109
2029
|
if (CBS_len(contents) != 0) {
|
2110
2030
|
*out_alert = SSL_AD_DECODE_ERROR;
|
@@ -2173,7 +2093,7 @@ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2173
2093
|
|
2174
2094
|
uint16_t group_id = hs->retry_group;
|
2175
2095
|
uint16_t second_group_id = 0;
|
2176
|
-
if (
|
2096
|
+
if (ssl->s3 && ssl->s3->used_hello_retry_request) {
|
2177
2097
|
// We received a HelloRetryRequest without a new curve, so there is no new
|
2178
2098
|
// share to append. Leave |hs->key_share| as-is.
|
2179
2099
|
if (group_id == 0 &&
|
@@ -2235,7 +2155,7 @@ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2235
2155
|
|
2236
2156
|
// Save the contents of the extension to repeat it in the second
|
2237
2157
|
// ClientHello.
|
2238
|
-
if (!
|
2158
|
+
if (ssl->s3 && !ssl->s3->used_hello_retry_request &&
|
2239
2159
|
!hs->key_share_bytes.CopyFrom(
|
2240
2160
|
MakeConstSpan(CBB_data(&kse_bytes), CBB_len(&kse_bytes)))) {
|
2241
2161
|
return false;
|
@@ -2855,66 +2775,6 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2855
2775
|
}
|
2856
2776
|
|
2857
2777
|
|
2858
|
-
// Post-quantum experiment signal
|
2859
|
-
//
|
2860
|
-
// This extension may be used in order to identify a control group for
|
2861
|
-
// experimenting with post-quantum key exchange algorithms.
|
2862
|
-
|
2863
|
-
static bool ext_pq_experiment_signal_add_clienthello(SSL_HANDSHAKE *hs,
|
2864
|
-
CBB *out) {
|
2865
|
-
if (hs->ssl->ctx->pq_experiment_signal &&
|
2866
|
-
(!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
|
2867
|
-
!CBB_add_u16(out, 0))) {
|
2868
|
-
return false;
|
2869
|
-
}
|
2870
|
-
|
2871
|
-
return true;
|
2872
|
-
}
|
2873
|
-
|
2874
|
-
static bool ext_pq_experiment_signal_parse_serverhello(SSL_HANDSHAKE *hs,
|
2875
|
-
uint8_t *out_alert,
|
2876
|
-
CBS *contents) {
|
2877
|
-
if (contents == nullptr) {
|
2878
|
-
return true;
|
2879
|
-
}
|
2880
|
-
|
2881
|
-
if (!hs->ssl->ctx->pq_experiment_signal || CBS_len(contents) != 0) {
|
2882
|
-
return false;
|
2883
|
-
}
|
2884
|
-
|
2885
|
-
hs->ssl->s3->pq_experiment_signal_seen = true;
|
2886
|
-
return true;
|
2887
|
-
}
|
2888
|
-
|
2889
|
-
static bool ext_pq_experiment_signal_parse_clienthello(SSL_HANDSHAKE *hs,
|
2890
|
-
uint8_t *out_alert,
|
2891
|
-
CBS *contents) {
|
2892
|
-
if (contents == nullptr) {
|
2893
|
-
return true;
|
2894
|
-
}
|
2895
|
-
|
2896
|
-
if (CBS_len(contents) != 0) {
|
2897
|
-
return false;
|
2898
|
-
}
|
2899
|
-
|
2900
|
-
if (hs->ssl->ctx->pq_experiment_signal) {
|
2901
|
-
hs->ssl->s3->pq_experiment_signal_seen = true;
|
2902
|
-
}
|
2903
|
-
|
2904
|
-
return true;
|
2905
|
-
}
|
2906
|
-
|
2907
|
-
static bool ext_pq_experiment_signal_add_serverhello(SSL_HANDSHAKE *hs,
|
2908
|
-
CBB *out) {
|
2909
|
-
if (hs->ssl->s3->pq_experiment_signal_seen &&
|
2910
|
-
(!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
|
2911
|
-
!CBB_add_u16(out, 0))) {
|
2912
|
-
return false;
|
2913
|
-
}
|
2914
|
-
|
2915
|
-
return true;
|
2916
|
-
}
|
2917
|
-
|
2918
2778
|
// kExtensions contains all the supported extensions.
|
2919
2779
|
static const struct tls_extension kExtensions[] = {
|
2920
2780
|
{
|
@@ -2991,14 +2851,6 @@ static const struct tls_extension kExtensions[] = {
|
|
2991
2851
|
ext_sigalgs_parse_clienthello,
|
2992
2852
|
dont_add_serverhello,
|
2993
2853
|
},
|
2994
|
-
{
|
2995
|
-
TLSEXT_TYPE_signature_algorithms_cert,
|
2996
|
-
NULL,
|
2997
|
-
ext_sigalgs_cert_add_clienthello,
|
2998
|
-
forbid_parse_serverhello,
|
2999
|
-
ignore_parse_clienthello,
|
3000
|
-
dont_add_serverhello,
|
3001
|
-
},
|
3002
2854
|
{
|
3003
2855
|
TLSEXT_TYPE_next_proto_neg,
|
3004
2856
|
NULL,
|
@@ -3103,14 +2955,6 @@ static const struct tls_extension kExtensions[] = {
|
|
3103
2955
|
ext_delegated_credential_parse_clienthello,
|
3104
2956
|
dont_add_serverhello,
|
3105
2957
|
},
|
3106
|
-
{
|
3107
|
-
TLSEXT_TYPE_pq_experiment_signal,
|
3108
|
-
NULL,
|
3109
|
-
ext_pq_experiment_signal_add_clienthello,
|
3110
|
-
ext_pq_experiment_signal_parse_serverhello,
|
3111
|
-
ext_pq_experiment_signal_parse_clienthello,
|
3112
|
-
ext_pq_experiment_signal_add_serverhello,
|
3113
|
-
},
|
3114
2958
|
};
|
3115
2959
|
|
3116
2960
|
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
|
@@ -4030,7 +3874,3 @@ int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
|
|
4030
3874
|
void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled) {
|
4031
3875
|
ctx->ed25519_enabled = !!enabled;
|
4032
3876
|
}
|
4033
|
-
|
4034
|
-
void SSL_CTX_set_rsa_pss_rsae_certs_enabled(SSL_CTX *ctx, int enabled) {
|
4035
|
-
ctx->rsa_pss_rsae_certs_enabled = !!enabled;
|
4036
|
-
}
|
File without changes
|
@@ -184,7 +184,7 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
|
|
184
184
|
}
|
185
185
|
|
186
186
|
ssl->method->next_message(ssl);
|
187
|
-
|
187
|
+
ssl->s3->used_hello_retry_request = true;
|
188
188
|
hs->tls13_state = state_send_second_client_hello;
|
189
189
|
// 0-RTT is rejected if we receive a HelloRetryRequest.
|
190
190
|
if (hs->in_early_data) {
|
@@ -269,8 +269,7 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
269
269
|
}
|
270
270
|
|
271
271
|
// Check that the cipher matches the one in the HelloRetryRequest.
|
272
|
-
if (hs->
|
273
|
-
hs->new_cipher != cipher) {
|
272
|
+
if (ssl->s3->used_hello_retry_request && hs->new_cipher != cipher) {
|
274
273
|
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
|
275
274
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
276
275
|
return ssl_hs_error;
|
@@ -594,7 +593,7 @@ static enum ssl_hs_wait_t do_read_server_certificate_verify(
|
|
594
593
|
|
595
594
|
static enum ssl_hs_wait_t do_server_certificate_reverify(
|
596
595
|
SSL_HANDSHAKE *hs) {
|
597
|
-
switch (ssl_reverify_peer_cert(hs)) {
|
596
|
+
switch (ssl_reverify_peer_cert(hs, /*send_alert=*/true)) {
|
598
597
|
case ssl_verify_ok:
|
599
598
|
break;
|
600
599
|
case ssl_verify_invalid:
|
@@ -62,7 +62,11 @@ bool tls13_init_key_schedule(SSL_HANDSHAKE *hs, Span<const uint8_t> psk) {
|
|
62
62
|
return false;
|
63
63
|
}
|
64
64
|
|
65
|
-
|
65
|
+
// Handback includes the whole handshake transcript, so we cannot free the
|
66
|
+
// transcript buffer in the handback case.
|
67
|
+
if (!hs->handback) {
|
68
|
+
hs->transcript.FreeBuffer();
|
69
|
+
}
|
66
70
|
return hkdf_extract_to_secret(hs, psk);
|
67
71
|
}
|
68
72
|
|
@@ -33,24 +33,6 @@
|
|
33
33
|
|
34
34
|
BSSL_NAMESPACE_BEGIN
|
35
35
|
|
36
|
-
enum server_hs_state_t {
|
37
|
-
state_select_parameters = 0,
|
38
|
-
state_select_session,
|
39
|
-
state_send_hello_retry_request,
|
40
|
-
state_read_second_client_hello,
|
41
|
-
state_send_server_hello,
|
42
|
-
state_send_server_certificate_verify,
|
43
|
-
state_send_server_finished,
|
44
|
-
state_read_second_client_flight,
|
45
|
-
state_process_end_of_early_data,
|
46
|
-
state_read_client_certificate,
|
47
|
-
state_read_client_certificate_verify,
|
48
|
-
state_read_channel_id,
|
49
|
-
state_read_client_finished,
|
50
|
-
state_send_new_session_ticket,
|
51
|
-
state_done,
|
52
|
-
};
|
53
|
-
|
54
36
|
static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
|
55
37
|
|
56
38
|
// Allow a minute of ticket age skew in either direction. This covers
|
@@ -244,7 +226,7 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) {
|
|
244
226
|
return ssl_hs_error;
|
245
227
|
}
|
246
228
|
|
247
|
-
hs->tls13_state =
|
229
|
+
hs->tls13_state = state13_select_session;
|
248
230
|
return ssl_hs_ok;
|
249
231
|
}
|
250
232
|
|
@@ -405,7 +387,7 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
405
387
|
return ssl_hs_error;
|
406
388
|
|
407
389
|
case ssl_ticket_aead_retry:
|
408
|
-
hs->tls13_state =
|
390
|
+
hs->tls13_state = state13_select_session;
|
409
391
|
return ssl_hs_pending_ticket;
|
410
392
|
}
|
411
393
|
|
@@ -465,23 +447,14 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
465
447
|
if (!hs->transcript.UpdateForHelloRetryRequest()) {
|
466
448
|
return ssl_hs_error;
|
467
449
|
}
|
468
|
-
hs->tls13_state =
|
450
|
+
hs->tls13_state = state13_send_hello_retry_request;
|
469
451
|
return ssl_hs_ok;
|
470
452
|
}
|
471
453
|
return ssl_hs_error;
|
472
454
|
}
|
473
455
|
|
474
|
-
// Note we defer releasing the early traffic secret to QUIC until after ECDHE
|
475
|
-
// is resolved. The early traffic secret should be derived before the key
|
476
|
-
// schedule incorporates ECDHE, but doing so may reject 0-RTT. To avoid
|
477
|
-
// confusing the caller, we split derivation and releasing the secret to QUIC.
|
478
|
-
if (ssl->s3->early_data_accepted &&
|
479
|
-
!tls13_set_early_secret_for_quic(hs)) {
|
480
|
-
return ssl_hs_error;
|
481
|
-
}
|
482
|
-
|
483
456
|
ssl->method->next_message(ssl);
|
484
|
-
hs->tls13_state =
|
457
|
+
hs->tls13_state = state13_send_server_hello;
|
485
458
|
return ssl_hs_ok;
|
486
459
|
}
|
487
460
|
|
@@ -515,8 +488,8 @@ static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) {
|
|
515
488
|
return ssl_hs_error;
|
516
489
|
}
|
517
490
|
|
518
|
-
|
519
|
-
hs->tls13_state =
|
491
|
+
ssl->s3->used_hello_retry_request = true;
|
492
|
+
hs->tls13_state = state13_read_second_client_hello;
|
520
493
|
return ssl_hs_flush;
|
521
494
|
}
|
522
495
|
|
@@ -586,7 +559,7 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
|
|
586
559
|
}
|
587
560
|
|
588
561
|
ssl->method->next_message(ssl);
|
589
|
-
hs->tls13_state =
|
562
|
+
hs->tls13_state = state13_send_server_hello;
|
590
563
|
return ssl_hs_ok;
|
591
564
|
}
|
592
565
|
|
@@ -612,7 +585,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
612
585
|
return ssl_hs_error;
|
613
586
|
}
|
614
587
|
|
615
|
-
if (!
|
588
|
+
if (!ssl->s3->used_hello_retry_request &&
|
616
589
|
!ssl->method->add_change_cipher_spec(ssl)) {
|
617
590
|
return ssl_hs_error;
|
618
591
|
}
|
@@ -654,22 +627,10 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
654
627
|
!CBB_add_u16_length_prefixed(&cert_request_extensions,
|
655
628
|
&sigalg_contents) ||
|
656
629
|
!CBB_add_u16_length_prefixed(&sigalg_contents, &sigalgs_cbb) ||
|
657
|
-
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb
|
658
|
-
false /* online signature */)) {
|
630
|
+
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb)) {
|
659
631
|
return ssl_hs_error;
|
660
632
|
}
|
661
633
|
|
662
|
-
if (tls12_has_different_verify_sigalgs_for_certs(ssl)) {
|
663
|
-
if (!CBB_add_u16(&cert_request_extensions,
|
664
|
-
TLSEXT_TYPE_signature_algorithms_cert) ||
|
665
|
-
!CBB_add_u16_length_prefixed(&cert_request_extensions,
|
666
|
-
&sigalg_contents) ||
|
667
|
-
!CBB_add_u16_length_prefixed(&sigalg_contents, &sigalgs_cbb) ||
|
668
|
-
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, true /* certs */)) {
|
669
|
-
return ssl_hs_error;
|
670
|
-
}
|
671
|
-
}
|
672
|
-
|
673
634
|
if (ssl_has_client_CAs(hs->config)) {
|
674
635
|
CBB ca_contents;
|
675
636
|
if (!CBB_add_u16(&cert_request_extensions,
|
@@ -698,22 +659,22 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
698
659
|
return ssl_hs_error;
|
699
660
|
}
|
700
661
|
|
701
|
-
hs->tls13_state =
|
662
|
+
hs->tls13_state = state13_send_server_certificate_verify;
|
702
663
|
return ssl_hs_ok;
|
703
664
|
}
|
704
665
|
|
705
|
-
hs->tls13_state =
|
666
|
+
hs->tls13_state = state13_send_server_finished;
|
706
667
|
return ssl_hs_ok;
|
707
668
|
}
|
708
669
|
|
709
670
|
static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs) {
|
710
671
|
switch (tls13_add_certificate_verify(hs)) {
|
711
672
|
case ssl_private_key_success:
|
712
|
-
hs->tls13_state =
|
673
|
+
hs->tls13_state = state13_send_server_finished;
|
713
674
|
return ssl_hs_ok;
|
714
675
|
|
715
676
|
case ssl_private_key_retry:
|
716
|
-
hs->tls13_state =
|
677
|
+
hs->tls13_state = state13_send_server_certificate_verify;
|
717
678
|
return ssl_hs_private_key_operation;
|
718
679
|
|
719
680
|
case ssl_private_key_failure:
|
@@ -737,6 +698,19 @@ static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
|
|
737
698
|
}
|
738
699
|
|
739
700
|
if (ssl->s3->early_data_accepted) {
|
701
|
+
// We defer releasing the early traffic secret to QUIC to this point. First,
|
702
|
+
// the early traffic secret is derived before ECDHE, but ECDHE may later
|
703
|
+
// reject 0-RTT. We only release the secret after 0-RTT is fully resolved.
|
704
|
+
//
|
705
|
+
// Second, 0-RTT data is acknowledged with 1-RTT keys. Both are derived as
|
706
|
+
// part of the ServerHello flight, but future TLS extensions may insert an
|
707
|
+
// asynchronous point in the middle of this flight. We defer releasing the
|
708
|
+
// 0-RTT keys to ensure the QUIC implementation never installs read keys
|
709
|
+
// without the write keys to send the corresponding ACKs.
|
710
|
+
if (!tls13_set_early_secret_for_quic(hs)) {
|
711
|
+
return ssl_hs_error;
|
712
|
+
}
|
713
|
+
|
740
714
|
// If accepting 0-RTT, we send tickets half-RTT. This gets the tickets on
|
741
715
|
// the wire sooner and also avoids triggering a write on |SSL_read| when
|
742
716
|
// processing the client Finished. This requires computing the client
|
@@ -778,7 +752,7 @@ static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
|
|
778
752
|
}
|
779
753
|
}
|
780
754
|
|
781
|
-
hs->tls13_state =
|
755
|
+
hs->tls13_state = state13_read_second_client_flight;
|
782
756
|
return ssl_hs_flush;
|
783
757
|
}
|
784
758
|
|
@@ -804,11 +778,11 @@ static enum ssl_hs_wait_t do_read_second_client_flight(SSL_HANDSHAKE *hs) {
|
|
804
778
|
hs->client_handshake_secret())) {
|
805
779
|
return ssl_hs_error;
|
806
780
|
}
|
807
|
-
hs->tls13_state =
|
781
|
+
hs->tls13_state = state13_read_client_certificate;
|
808
782
|
return ssl->s3->early_data_accepted ? ssl_hs_early_return : ssl_hs_ok;
|
809
783
|
}
|
810
784
|
|
811
|
-
hs->tls13_state =
|
785
|
+
hs->tls13_state = state13_process_end_of_early_data;
|
812
786
|
return ssl->s3->early_data_accepted ? ssl_hs_read_end_of_early_data
|
813
787
|
: ssl_hs_ok;
|
814
788
|
}
|
@@ -836,7 +810,10 @@ static enum ssl_hs_wait_t do_process_end_of_early_data(SSL_HANDSHAKE *hs) {
|
|
836
810
|
hs->client_handshake_secret())) {
|
837
811
|
return ssl_hs_error;
|
838
812
|
}
|
839
|
-
hs->
|
813
|
+
if (hs->handback) {
|
814
|
+
return ssl_hs_handback;
|
815
|
+
}
|
816
|
+
hs->tls13_state = state13_read_client_certificate;
|
840
817
|
return ssl_hs_ok;
|
841
818
|
}
|
842
819
|
|
@@ -853,7 +830,7 @@ static enum ssl_hs_wait_t do_read_client_certificate(SSL_HANDSHAKE *hs) {
|
|
853
830
|
}
|
854
831
|
|
855
832
|
// Skip this state.
|
856
|
-
hs->tls13_state =
|
833
|
+
hs->tls13_state = state13_read_channel_id;
|
857
834
|
return ssl_hs_ok;
|
858
835
|
}
|
859
836
|
|
@@ -870,7 +847,7 @@ static enum ssl_hs_wait_t do_read_client_certificate(SSL_HANDSHAKE *hs) {
|
|
870
847
|
}
|
871
848
|
|
872
849
|
ssl->method->next_message(ssl);
|
873
|
-
hs->tls13_state =
|
850
|
+
hs->tls13_state = state13_read_client_certificate_verify;
|
874
851
|
return ssl_hs_ok;
|
875
852
|
}
|
876
853
|
|
@@ -879,7 +856,7 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(
|
|
879
856
|
SSL *const ssl = hs->ssl;
|
880
857
|
if (sk_CRYPTO_BUFFER_num(hs->new_session->certs.get()) == 0) {
|
881
858
|
// Skip this state.
|
882
|
-
hs->tls13_state =
|
859
|
+
hs->tls13_state = state13_read_channel_id;
|
883
860
|
return ssl_hs_ok;
|
884
861
|
}
|
885
862
|
|
@@ -894,7 +871,7 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(
|
|
894
871
|
case ssl_verify_invalid:
|
895
872
|
return ssl_hs_error;
|
896
873
|
case ssl_verify_retry:
|
897
|
-
hs->tls13_state =
|
874
|
+
hs->tls13_state = state13_read_client_certificate_verify;
|
898
875
|
return ssl_hs_certificate_verify;
|
899
876
|
}
|
900
877
|
|
@@ -905,14 +882,14 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(
|
|
905
882
|
}
|
906
883
|
|
907
884
|
ssl->method->next_message(ssl);
|
908
|
-
hs->tls13_state =
|
885
|
+
hs->tls13_state = state13_read_channel_id;
|
909
886
|
return ssl_hs_ok;
|
910
887
|
}
|
911
888
|
|
912
889
|
static enum ssl_hs_wait_t do_read_channel_id(SSL_HANDSHAKE *hs) {
|
913
890
|
SSL *const ssl = hs->ssl;
|
914
891
|
if (!ssl->s3->channel_id_valid) {
|
915
|
-
hs->tls13_state =
|
892
|
+
hs->tls13_state = state13_read_client_finished;
|
916
893
|
return ssl_hs_ok;
|
917
894
|
}
|
918
895
|
|
@@ -927,7 +904,7 @@ static enum ssl_hs_wait_t do_read_channel_id(SSL_HANDSHAKE *hs) {
|
|
927
904
|
}
|
928
905
|
|
929
906
|
ssl->method->next_message(ssl);
|
930
|
-
hs->tls13_state =
|
907
|
+
hs->tls13_state = state13_read_client_finished;
|
931
908
|
return ssl_hs_ok;
|
932
909
|
}
|
933
910
|
|
@@ -954,10 +931,10 @@ static enum ssl_hs_wait_t do_read_client_finished(SSL_HANDSHAKE *hs) {
|
|
954
931
|
}
|
955
932
|
|
956
933
|
// We send post-handshake tickets as part of the handshake in 1-RTT.
|
957
|
-
hs->tls13_state =
|
934
|
+
hs->tls13_state = state13_send_new_session_ticket;
|
958
935
|
} else {
|
959
936
|
// We already sent half-RTT tickets.
|
960
|
-
hs->tls13_state =
|
937
|
+
hs->tls13_state = state13_done;
|
961
938
|
}
|
962
939
|
|
963
940
|
ssl->method->next_message(ssl);
|
@@ -970,7 +947,7 @@ static enum ssl_hs_wait_t do_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
|
970
947
|
return ssl_hs_error;
|
971
948
|
}
|
972
949
|
|
973
|
-
hs->tls13_state =
|
950
|
+
hs->tls13_state = state13_done;
|
974
951
|
// In TLS 1.3, the NewSessionTicket isn't flushed until the server performs a
|
975
952
|
// write, to prevent a non-reading client from causing the server to hang in
|
976
953
|
// the case of a small server write buffer. Consumers which don't write data
|
@@ -983,54 +960,54 @@ static enum ssl_hs_wait_t do_send_new_session_ticket(SSL_HANDSHAKE *hs) {
|
|
983
960
|
}
|
984
961
|
|
985
962
|
enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
|
986
|
-
while (hs->tls13_state !=
|
963
|
+
while (hs->tls13_state != state13_done) {
|
987
964
|
enum ssl_hs_wait_t ret = ssl_hs_error;
|
988
|
-
enum
|
989
|
-
static_cast<enum
|
965
|
+
enum tls13_server_hs_state_t state =
|
966
|
+
static_cast<enum tls13_server_hs_state_t>(hs->tls13_state);
|
990
967
|
switch (state) {
|
991
|
-
case
|
968
|
+
case state13_select_parameters:
|
992
969
|
ret = do_select_parameters(hs);
|
993
970
|
break;
|
994
|
-
case
|
971
|
+
case state13_select_session:
|
995
972
|
ret = do_select_session(hs);
|
996
973
|
break;
|
997
|
-
case
|
974
|
+
case state13_send_hello_retry_request:
|
998
975
|
ret = do_send_hello_retry_request(hs);
|
999
976
|
break;
|
1000
|
-
case
|
977
|
+
case state13_read_second_client_hello:
|
1001
978
|
ret = do_read_second_client_hello(hs);
|
1002
979
|
break;
|
1003
|
-
case
|
980
|
+
case state13_send_server_hello:
|
1004
981
|
ret = do_send_server_hello(hs);
|
1005
982
|
break;
|
1006
|
-
case
|
983
|
+
case state13_send_server_certificate_verify:
|
1007
984
|
ret = do_send_server_certificate_verify(hs);
|
1008
985
|
break;
|
1009
|
-
case
|
986
|
+
case state13_send_server_finished:
|
1010
987
|
ret = do_send_server_finished(hs);
|
1011
988
|
break;
|
1012
|
-
case
|
989
|
+
case state13_read_second_client_flight:
|
1013
990
|
ret = do_read_second_client_flight(hs);
|
1014
991
|
break;
|
1015
|
-
case
|
992
|
+
case state13_process_end_of_early_data:
|
1016
993
|
ret = do_process_end_of_early_data(hs);
|
1017
994
|
break;
|
1018
|
-
case
|
995
|
+
case state13_read_client_certificate:
|
1019
996
|
ret = do_read_client_certificate(hs);
|
1020
997
|
break;
|
1021
|
-
case
|
998
|
+
case state13_read_client_certificate_verify:
|
1022
999
|
ret = do_read_client_certificate_verify(hs);
|
1023
1000
|
break;
|
1024
|
-
case
|
1001
|
+
case state13_read_channel_id:
|
1025
1002
|
ret = do_read_channel_id(hs);
|
1026
1003
|
break;
|
1027
|
-
case
|
1004
|
+
case state13_read_client_finished:
|
1028
1005
|
ret = do_read_client_finished(hs);
|
1029
1006
|
break;
|
1030
|
-
case
|
1007
|
+
case state13_send_new_session_ticket:
|
1031
1008
|
ret = do_send_new_session_ticket(hs);
|
1032
1009
|
break;
|
1033
|
-
case
|
1010
|
+
case state13_done:
|
1034
1011
|
ret = ssl_hs_ok;
|
1035
1012
|
break;
|
1036
1013
|
}
|
@@ -1048,38 +1025,38 @@ enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
|
|
1048
1025
|
}
|
1049
1026
|
|
1050
1027
|
const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs) {
|
1051
|
-
enum
|
1052
|
-
static_cast<enum
|
1028
|
+
enum tls13_server_hs_state_t state =
|
1029
|
+
static_cast<enum tls13_server_hs_state_t>(hs->tls13_state);
|
1053
1030
|
switch (state) {
|
1054
|
-
case
|
1031
|
+
case state13_select_parameters:
|
1055
1032
|
return "TLS 1.3 server select_parameters";
|
1056
|
-
case
|
1033
|
+
case state13_select_session:
|
1057
1034
|
return "TLS 1.3 server select_session";
|
1058
|
-
case
|
1035
|
+
case state13_send_hello_retry_request:
|
1059
1036
|
return "TLS 1.3 server send_hello_retry_request";
|
1060
|
-
case
|
1037
|
+
case state13_read_second_client_hello:
|
1061
1038
|
return "TLS 1.3 server read_second_client_hello";
|
1062
|
-
case
|
1039
|
+
case state13_send_server_hello:
|
1063
1040
|
return "TLS 1.3 server send_server_hello";
|
1064
|
-
case
|
1041
|
+
case state13_send_server_certificate_verify:
|
1065
1042
|
return "TLS 1.3 server send_server_certificate_verify";
|
1066
|
-
case
|
1043
|
+
case state13_send_server_finished:
|
1067
1044
|
return "TLS 1.3 server send_server_finished";
|
1068
|
-
case
|
1045
|
+
case state13_read_second_client_flight:
|
1069
1046
|
return "TLS 1.3 server read_second_client_flight";
|
1070
|
-
case
|
1047
|
+
case state13_process_end_of_early_data:
|
1071
1048
|
return "TLS 1.3 server process_end_of_early_data";
|
1072
|
-
case
|
1049
|
+
case state13_read_client_certificate:
|
1073
1050
|
return "TLS 1.3 server read_client_certificate";
|
1074
|
-
case
|
1051
|
+
case state13_read_client_certificate_verify:
|
1075
1052
|
return "TLS 1.3 server read_client_certificate_verify";
|
1076
|
-
case
|
1053
|
+
case state13_read_channel_id:
|
1077
1054
|
return "TLS 1.3 server read_channel_id";
|
1078
|
-
case
|
1055
|
+
case state13_read_client_finished:
|
1079
1056
|
return "TLS 1.3 server read_client_finished";
|
1080
|
-
case
|
1057
|
+
case state13_send_new_session_ticket:
|
1081
1058
|
return "TLS 1.3 server send_new_session_ticket";
|
1082
|
-
case
|
1059
|
+
case state13_done:
|
1083
1060
|
return "TLS 1.3 server done";
|
1084
1061
|
}
|
1085
1062
|
|