grpc 1.27.0 → 1.30.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8023 -11435
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +24 -21
- data/include/grpc/impl/codegen/port_platform.h +13 -2
- data/include/grpc/impl/codegen/sync.h +5 -3
- data/include/grpc/impl/codegen/sync_abseil.h +36 -0
- data/include/grpc/module.modulemap +25 -37
- data/include/grpc/support/sync_abseil.h +26 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +282 -269
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +31 -47
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -3
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -11
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +286 -495
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +18 -21
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -14
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +148 -98
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +49 -77
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +129 -128
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +17 -21
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +186 -135
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +42 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +94 -103
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +61 -10
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +242 -300
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +21 -18
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +56 -206
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +11 -14
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +144 -253
- data/src/core/ext/filters/client_channel/service_config.h +32 -109
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1381 -301
- data/src/core/ext/filters/client_channel/xds/xds_api.h +211 -152
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +214 -359
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +28 -44
- data/src/core/ext/filters/client_channel/xds/xds_channel.h +3 -1
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +16 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1118 -472
- data/src/core/ext/filters/client_channel/xds/xds_client.h +116 -45
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +59 -135
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +122 -137
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +38 -44
- data/src/core/ext/filters/message_size/message_size_filter.h +5 -5
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +7 -10
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +26 -27
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -9
- data/src/core/ext/transport/inproc/inproc_transport.cc +41 -42
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +5 -205
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -788
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +5 -362
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +14 -1337
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +30 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +60 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +7 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +6 -2
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +87 -23
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +262 -62
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +20 -15
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +46 -32
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +27 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +70 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +46 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +98 -25
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +77 -21
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +201 -4
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +8 -68
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +14 -201
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +2 -71
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +3 -228
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +2 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +12 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +27 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +30 -27
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +64 -52
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +44 -39
- data/src/core/ext/upb-generated/validate/validate.upb.h +155 -119
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +32 -41
- data/src/core/lib/channel/channel_trace.h +3 -3
- data/src/core/lib/channel/channelz.cc +163 -254
- data/src/core/lib/channel/channelz.h +15 -17
- data/src/core/lib/channel/channelz_registry.cc +52 -77
- data/src/core/lib/channel/channelz_registry.h +4 -4
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +116 -0
- data/src/core/lib/gpr/sync_posix.cc +8 -5
- data/src/core/lib/gpr/sync_windows.cc +4 -2
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +30 -36
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/memory.h +2 -6
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.cc +36 -35
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +4 -5
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +14 -7
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/load_file.cc +1 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/iomgr/pollset_uv.h +32 -0
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +25 -22
- data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_posix.cc +2 -1
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/iomgr/timer_generic.h +39 -0
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/iomgr/work_serializer.cc +155 -0
- data/src/core/lib/iomgr/work_serializer.h +65 -0
- data/src/core/lib/json/json.h +210 -79
- data/src/core/lib/json/json_reader.cc +469 -455
- data/src/core/lib/json/json_writer.cc +174 -169
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -12
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +26 -56
- data/src/core/lib/security/credentials/jwt/json_token.h +4 -6
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +8 -18
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +151 -168
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +91 -60
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +10 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +40 -12
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +6 -8
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -37
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +62 -13
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -11
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -52
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +32 -6
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/security/util/json_util.cc +22 -15
- data/src/core/lib/security/util/json_util.h +2 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +9 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +33 -3
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +54 -40
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/base/attributes.h +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +10 -4
- data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +30 -9
- data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +7 -5
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -1
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +2 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +37 -0
- data/third_party/abseil-cpp/absl/base/options.h +2 -10
- data/third_party/abseil-cpp/absl/strings/charconv.cc +0 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
- data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +19 -11
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/{src/boringssl → third_party/boringssl-with-bazel}/err_data.c +329 -297
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bitstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_bool.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_d2i_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_dup.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_i2d_fp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_mbstr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_object.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_strnid.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_time.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_type.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn_pack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_enum.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/f_string.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_enc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/base64/base64.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/connect.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/fd.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/file.c +5 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/pair.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/socket_helper.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/convert.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/buf/buf.c +10 -69
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/ber.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbb.c +41 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/cbs.c +60 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/unicode.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/chacha.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/chacha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/cipher_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesccm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesctrhmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_aesgcmsiv.c +8 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_chacha20poly1305.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_tls.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/tls_cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cmac/cmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.c +7 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm-linux.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-intel.c +13 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/crypto.c +11 -0
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/curve25519.c +18 -26
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/{boringssl/third_party/fiat → boringssl-with-bazel/src/crypto/curve25519}/internal.h +14 -22
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/curve25519/spake25519.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/check.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh.c +16 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa.c +10 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ec_extra/ec_derive.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ecdsa_extra/ecdsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/engine/engine.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/err.c +39 -38
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/err/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/evp_ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_dsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ec_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_ed25519_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa.c +14 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/p_x25519_asn1.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/scrypt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/internal.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/key_wrap.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/aes/mode_wrappers.c +0 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bcm.c +4 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/cmp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/ctx.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/div_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/gcd_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/montgomery_inv.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/prime.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/random.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/rsaz_exp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/shift.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/cipher.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_aes.c +3 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/e_des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/delocate.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/md32_common.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_key.c +14 -28
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/p256-x86_64.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/util.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/fips_shared_support.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/is_fips.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md4/md4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/md5/md5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cbc.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/cfb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ctr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/gcm.c +45 -193
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/internal.h +8 -18
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/ofb.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/ctrdrbg.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/padding.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa.c +58 -39
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/rsa/rsa_impl.c +72 -49
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/self_check/self_check.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha256.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/hrss.c +210 -311
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hrss/internal.h +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/internal.h +21 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/lhash/lhash.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/mem.c +99 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj.c +16 -21
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_dat.h +41 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_all.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_info.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_lib.c +7 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_oth.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pk8.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_pkey.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/p5_pbev2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs8/pkcs8_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_arm.c +21 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/poly1305_vec.c +34 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pool/pool.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/fuchsia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/windows.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_lock.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_print.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/siphash/siphash.c +3 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/stack/stack.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_none.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_pthread.c +4 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_strex.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_verify.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/algorithm.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/asn1_gen.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_dir.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/by_file.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_cmp.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_def.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_lu.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_obj.c +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_r2x.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_req.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_set.c +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_trs.c +1 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_txt.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vfy.c +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_vpm.c +3 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509cset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509name.c +4 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_all.c +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_crl.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pubkey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_sig.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/ext_dat.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/internal.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_cache.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_node.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_tree.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_alt.c +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_conf.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_cpols.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_enum.c +2 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_genn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_info.c +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_lib.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ocsp.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pci.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_purp.c +2 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_skey.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_utl.c +11 -12
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aead.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/aes.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/arm_arch.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base.h +5 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/base64.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bio.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/blowfish.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bn.h +32 -20
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buf.h +9 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/bytestring.h +34 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cast.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cipher.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/conf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/cpu.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/crypto.h +9 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/curve25519.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dh.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/digest.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dsa.h +16 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/e_os2.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec.h +11 -4
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ec_key.h +4 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdh.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ecdsa.h +6 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/engine.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/err.h +13 -9
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/evp.h +20 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hmac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hrss.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/lhash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/md5.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/mem.h +17 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/nid.h +14 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pem.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs7.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs8.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/poly1305.h +5 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pool.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rand.h +3 -17
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ripemd.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rsa.h +31 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/sha.h +26 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/siphash.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/span.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl.h +182 -97
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ssl3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/stack.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/thread.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/tls1.h +1 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/type_check.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509.h +5 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509_vfy.h +1 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/x509v3.h +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_both.cc +0 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_lib.cc +3 -3
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_pkt.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/d1_srtp.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_method.cc +13 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/dtls_record.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handoff.cc +237 -51
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake.cc +19 -7
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_client.cc +51 -32
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/handshake_server.cc +12 -8
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/internal.h +94 -71
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_both.cc +10 -10
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_lib.cc +4 -5
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/s3_pkt.cc +21 -22
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_aead_ctx.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_asn1.cc +30 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_buffer.cc +34 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cert.cc +4 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_cipher.cc +0 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_file.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_key_share.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_lib.cc +19 -15
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_privkey.cc +13 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_session.cc +66 -6
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_stat.cc +6 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_transcript.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_versions.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/ssl_x509.cc +0 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_enc.cc +6 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/t1_lib.cc +53 -219
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_both.cc +1 -1
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_client.cc +101 -31
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_enc.cc +28 -76
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls13_server.cc +111 -104
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_method.cc +64 -26
- data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/tls_record.cc +7 -2
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
- data/third_party/{boringssl → boringssl-with-bazel/src}/third_party/fiat/p256_64.h +512 -503
- metadata +648 -499
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1917
- data/src/core/lib/gprpp/inlined_vector.h +0 -246
- data/src/core/lib/gprpp/optional.h +0 -74
- data/src/core/lib/gprpp/string_view.h +0 -169
- data/src/core/lib/iomgr/logical_thread.cc +0 -103
- data/src/core/lib/iomgr/logical_thread.h +0 -52
- data/src/core/lib/json/json.cc +0 -94
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3297
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -860
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9501
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +0 -96
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +0 -84
- data/third_party/boringssl/third_party/fiat/p256.c +0 -1063
- data/third_party/boringssl/third_party/fiat/p256_32.h +0 -3226
@@ -791,7 +791,8 @@ int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str) {
|
|
791
791
|
|
792
792
|
if (!SSL_CTX_set_signing_algorithm_prefs(ctx, sigalgs.data(),
|
793
793
|
sigalgs.size()) ||
|
794
|
-
!ctx
|
794
|
+
!SSL_CTX_set_verify_algorithm_prefs(ctx, sigalgs.data(),
|
795
|
+
sigalgs.size())) {
|
795
796
|
return 0;
|
796
797
|
}
|
797
798
|
|
@@ -811,7 +812,7 @@ int SSL_set1_sigalgs_list(SSL *ssl, const char *str) {
|
|
811
812
|
}
|
812
813
|
|
813
814
|
if (!SSL_set_signing_algorithm_prefs(ssl, sigalgs.data(), sigalgs.size()) ||
|
814
|
-
!ssl
|
815
|
+
!SSL_set_verify_algorithm_prefs(ssl, sigalgs.data(), sigalgs.size())) {
|
815
816
|
return 0;
|
816
817
|
}
|
817
818
|
|
@@ -822,3 +823,13 @@ int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, const uint16_t *prefs,
|
|
822
823
|
size_t num_prefs) {
|
823
824
|
return ctx->verify_sigalgs.CopyFrom(MakeConstSpan(prefs, num_prefs));
|
824
825
|
}
|
826
|
+
|
827
|
+
int SSL_set_verify_algorithm_prefs(SSL *ssl, const uint16_t *prefs,
|
828
|
+
size_t num_prefs) {
|
829
|
+
if (!ssl->config) {
|
830
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
831
|
+
return 0;
|
832
|
+
}
|
833
|
+
|
834
|
+
return ssl->config->verify_sigalgs.CopyFrom(MakeConstSpan(prefs, num_prefs));
|
835
|
+
}
|
@@ -197,6 +197,7 @@ UniquePtr
|
|
197
197
|
|
198
198
|
new_session->is_server = session->is_server;
|
199
199
|
new_session->ssl_version = session->ssl_version;
|
200
|
+
new_session->is_quic = session->is_quic;
|
200
201
|
new_session->sid_ctx_length = session->sid_ctx_length;
|
201
202
|
OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
|
202
203
|
|
@@ -208,7 +209,8 @@ UniquePtr
|
|
208
209
|
|
209
210
|
// Copy authentication state.
|
210
211
|
if (session->psk_identity != nullptr) {
|
211
|
-
new_session->psk_identity.reset(
|
212
|
+
new_session->psk_identity.reset(
|
213
|
+
OPENSSL_strdup(session->psk_identity.get()));
|
212
214
|
if (new_session->psk_identity == nullptr) {
|
213
215
|
return nullptr;
|
214
216
|
}
|
@@ -266,6 +268,11 @@ UniquePtr
|
|
266
268
|
if (!new_session->early_alpn.CopyFrom(session->early_alpn)) {
|
267
269
|
return nullptr;
|
268
270
|
}
|
271
|
+
|
272
|
+
if (!new_session->quic_early_data_hash.CopyFrom(
|
273
|
+
session->quic_early_data_hash)) {
|
274
|
+
return nullptr;
|
275
|
+
}
|
269
276
|
}
|
270
277
|
|
271
278
|
// Copy the ticket.
|
@@ -342,6 +349,25 @@ const EVP_MD *ssl_session_get_digest(const SSL_SESSION *session) {
|
|
342
349
|
session->cipher);
|
343
350
|
}
|
344
351
|
|
352
|
+
bool compute_quic_early_data_hash(const SSL_CONFIG *config,
|
353
|
+
uint8_t hash_out[SHA256_DIGEST_LENGTH]) {
|
354
|
+
ScopedEVP_MD_CTX hash_ctx;
|
355
|
+
uint32_t transport_param_len = config->quic_transport_params.size();
|
356
|
+
uint32_t context_len = config->quic_early_data_context.size();
|
357
|
+
if (!EVP_DigestInit(hash_ctx.get(), EVP_sha256()) ||
|
358
|
+
!EVP_DigestUpdate(hash_ctx.get(), &transport_param_len,
|
359
|
+
sizeof(transport_param_len)) ||
|
360
|
+
!EVP_DigestUpdate(hash_ctx.get(), config->quic_transport_params.data(),
|
361
|
+
config->quic_transport_params.size()) ||
|
362
|
+
!EVP_DigestUpdate(hash_ctx.get(), &context_len, sizeof(context_len)) ||
|
363
|
+
!EVP_DigestUpdate(hash_ctx.get(), config->quic_early_data_context.data(),
|
364
|
+
config->quic_early_data_context.size()) ||
|
365
|
+
!EVP_DigestFinal(hash_ctx.get(), hash_out, nullptr)) {
|
366
|
+
return false;
|
367
|
+
}
|
368
|
+
return true;
|
369
|
+
}
|
370
|
+
|
345
371
|
int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
346
372
|
SSL *const ssl = hs->ssl;
|
347
373
|
if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) {
|
@@ -356,6 +382,14 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
356
382
|
|
357
383
|
session->is_server = is_server;
|
358
384
|
session->ssl_version = ssl->version;
|
385
|
+
session->is_quic = ssl->quic_method != nullptr;
|
386
|
+
if (is_server && ssl->enable_early_data && session->is_quic) {
|
387
|
+
if (!session->quic_early_data_hash.Init(SHA256_DIGEST_LENGTH) ||
|
388
|
+
!compute_quic_early_data_hash(hs->config,
|
389
|
+
session->quic_early_data_hash.data())) {
|
390
|
+
return 0;
|
391
|
+
}
|
392
|
+
}
|
359
393
|
|
360
394
|
// Fill in the time from the |SSL_CTX|'s clock.
|
361
395
|
struct OPENSSL_timeval now;
|
@@ -623,10 +657,14 @@ int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
|
|
623
657
|
ssl->server == session->is_server &&
|
624
658
|
// The session must not be expired.
|
625
659
|
ssl_session_is_time_valid(ssl, session) &&
|
626
|
-
|
627
|
-
|
660
|
+
// Only resume if the session's version matches the negotiated
|
661
|
+
// version.
|
628
662
|
ssl->version == session->ssl_version &&
|
629
|
-
// Only resume if the session's cipher matches the negotiated one.
|
663
|
+
// Only resume if the session's cipher matches the negotiated one. This
|
664
|
+
// is stricter than necessary for TLS 1.3, which allows cross-cipher
|
665
|
+
// resumption if the PRF hashes match. We require an exact match for
|
666
|
+
// simplicity. If loosening this, the 0-RTT accept logic must be
|
667
|
+
// updated to check the cipher.
|
630
668
|
hs->new_cipher == session->cipher &&
|
631
669
|
// If the session contains a client certificate (either the full
|
632
670
|
// certificate or just the hash) then require that the form of the
|
@@ -634,7 +672,10 @@ int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
|
|
634
672
|
((sk_CRYPTO_BUFFER_num(session->certs.get()) == 0 &&
|
635
673
|
!session->peer_sha256_valid) ||
|
636
674
|
session->peer_sha256_valid ==
|
637
|
-
hs->config->retain_only_sha256_of_client_certs)
|
675
|
+
hs->config->retain_only_sha256_of_client_certs) &&
|
676
|
+
// Only resume if the underlying transport protocol hasn't changed.
|
677
|
+
// This is to prevent cross-protocol resumption between QUIC and TCP.
|
678
|
+
(hs->ssl->quic_method != nullptr) == session->is_quic;
|
638
679
|
}
|
639
680
|
|
640
681
|
// ssl_lookup_session looks up |session_id| in the session cache and sets
|
@@ -848,7 +889,8 @@ ssl_session_st::ssl_session_st(const SSL_X509_METHOD *method)
|
|
848
889
|
peer_sha256_valid(false),
|
849
890
|
not_resumable(false),
|
850
891
|
ticket_age_add_valid(false),
|
851
|
-
is_server(false)
|
892
|
+
is_server(false),
|
893
|
+
is_quic(false) {
|
852
894
|
CRYPTO_new_ex_data(&ex_data);
|
853
895
|
time = ::time(nullptr);
|
854
896
|
}
|
@@ -1049,6 +1091,24 @@ int SSL_SESSION_early_data_capable(const SSL_SESSION *session) {
|
|
1049
1091
|
session->ticket_max_early_data != 0;
|
1050
1092
|
}
|
1051
1093
|
|
1094
|
+
SSL_SESSION *SSL_SESSION_copy_without_early_data(SSL_SESSION *session) {
|
1095
|
+
if (!SSL_SESSION_early_data_capable(session)) {
|
1096
|
+
return UpRef(session).release();
|
1097
|
+
}
|
1098
|
+
|
1099
|
+
bssl::UniquePtr<SSL_SESSION> copy =
|
1100
|
+
SSL_SESSION_dup(session, SSL_SESSION_DUP_ALL);
|
1101
|
+
if (!copy) {
|
1102
|
+
return nullptr;
|
1103
|
+
}
|
1104
|
+
|
1105
|
+
copy->ticket_max_early_data = 0;
|
1106
|
+
// Copied sessions are non-resumable until they're completely filled in.
|
1107
|
+
copy->not_resumable = session->not_resumable;
|
1108
|
+
assert(!SSL_SESSION_early_data_capable(copy.get()));
|
1109
|
+
return copy.release();
|
1110
|
+
}
|
1111
|
+
|
1052
1112
|
SSL_SESSION *SSL_magic_pending_session_ptr(void) {
|
1053
1113
|
return (SSL_SESSION *)&g_pending_session_magic;
|
1054
1114
|
}
|
@@ -197,6 +197,9 @@ const char *SSL_alert_desc_string_long(int value) {
|
|
197
197
|
case TLS1_AD_NO_RENEGOTIATION:
|
198
198
|
return "no renegotiation";
|
199
199
|
|
200
|
+
case TLS1_AD_MISSING_EXTENSION:
|
201
|
+
return "missing extension";
|
202
|
+
|
200
203
|
case TLS1_AD_UNSUPPORTED_EXTENSION:
|
201
204
|
return "unsupported extension";
|
202
205
|
|
@@ -218,6 +221,9 @@ const char *SSL_alert_desc_string_long(int value) {
|
|
218
221
|
case TLS1_AD_CERTIFICATE_REQUIRED:
|
219
222
|
return "certificate required";
|
220
223
|
|
224
|
+
case TLS1_AD_NO_APPLICATION_PROTOCOL:
|
225
|
+
return "no application protocol";
|
226
|
+
|
221
227
|
default:
|
222
228
|
return "unknown";
|
223
229
|
}
|
File without changes
|
@@ -150,7 +150,7 @@ static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
|
|
150
150
|
uint16_t version) {
|
151
151
|
// Zero is interpreted as the default maximum version.
|
152
152
|
if (version == 0) {
|
153
|
-
*out = method->is_dtls ? DTLS1_2_VERSION :
|
153
|
+
*out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION;
|
154
154
|
return true;
|
155
155
|
}
|
156
156
|
|
File without changes
|
@@ -236,10 +236,14 @@ int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
|
236
236
|
}
|
237
237
|
|
238
238
|
if (direction == evp_aead_open) {
|
239
|
-
return ssl->method->set_read_state(ssl,
|
239
|
+
return ssl->method->set_read_state(ssl, ssl_encryption_application,
|
240
|
+
std::move(aead_ctx),
|
241
|
+
/*secret_for_quic=*/{});
|
240
242
|
}
|
241
243
|
|
242
|
-
return ssl->method->set_write_state(ssl,
|
244
|
+
return ssl->method->set_write_state(ssl, ssl_encryption_application,
|
245
|
+
std::move(aead_ctx),
|
246
|
+
/*secret_for_quic=*/{});
|
243
247
|
}
|
244
248
|
|
245
249
|
int tls1_change_cipher_state(SSL_HANDSHAKE *hs,
|
@@ -411,13 +411,8 @@ bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
|
|
411
411
|
|
412
412
|
// kVerifySignatureAlgorithms is the default list of accepted signature
|
413
413
|
// algorithms for verifying.
|
414
|
-
//
|
415
|
-
// For now, RSA-PSS signature algorithms are not enabled on Android's system
|
416
|
-
// BoringSSL. Once the change in Chrome has stuck and the values are finalized,
|
417
|
-
// restore them.
|
418
414
|
static const uint16_t kVerifySignatureAlgorithms[] = {
|
419
415
|
// List our preferred algorithms first.
|
420
|
-
SSL_SIGN_ED25519,
|
421
416
|
SSL_SIGN_ECDSA_SECP256R1_SHA256,
|
422
417
|
SSL_SIGN_RSA_PSS_RSAE_SHA256,
|
423
418
|
SSL_SIGN_RSA_PKCS1_SHA256,
|
@@ -432,15 +427,10 @@ static const uint16_t kVerifySignatureAlgorithms[] = {
|
|
432
427
|
|
433
428
|
// For now, SHA-1 is still accepted but least preferable.
|
434
429
|
SSL_SIGN_RSA_PKCS1_SHA1,
|
435
|
-
|
436
430
|
};
|
437
431
|
|
438
432
|
// kSignSignatureAlgorithms is the default list of supported signature
|
439
433
|
// algorithms for signing.
|
440
|
-
//
|
441
|
-
// For now, RSA-PSS signature algorithms are not enabled on Android's system
|
442
|
-
// BoringSSL. Once the change in Chrome has stuck and the values are finalized,
|
443
|
-
// restore them.
|
444
434
|
static const uint16_t kSignSignatureAlgorithms[] = {
|
445
435
|
// List our preferred algorithms first.
|
446
436
|
SSL_SIGN_ED25519,
|
@@ -464,64 +454,15 @@ static const uint16_t kSignSignatureAlgorithms[] = {
|
|
464
454
|
SSL_SIGN_RSA_PKCS1_SHA1,
|
465
455
|
};
|
466
456
|
|
467
|
-
|
468
|
-
|
469
|
-
|
470
|
-
uint16_t sigalg = list[0];
|
471
|
-
list = list.subspan(1);
|
472
|
-
if (skip_ed25519 && sigalg == SSL_SIGN_ED25519) {
|
473
|
-
continue;
|
474
|
-
}
|
475
|
-
if (skip_rsa_pss_rsae && SSL_is_signature_algorithm_rsa_pss(sigalg)) {
|
476
|
-
continue;
|
477
|
-
}
|
478
|
-
*out = sigalg;
|
479
|
-
return true;
|
480
|
-
}
|
481
|
-
return false;
|
482
|
-
}
|
483
|
-
|
484
|
-
bool operator==(const SSLSignatureAlgorithmList &other) const {
|
485
|
-
SSLSignatureAlgorithmList a = *this;
|
486
|
-
SSLSignatureAlgorithmList b = other;
|
487
|
-
uint16_t a_val, b_val;
|
488
|
-
while (a.Next(&a_val)) {
|
489
|
-
if (!b.Next(&b_val) ||
|
490
|
-
a_val != b_val) {
|
491
|
-
return false;
|
492
|
-
}
|
493
|
-
}
|
494
|
-
return !b.Next(&b_val);
|
495
|
-
}
|
496
|
-
|
497
|
-
bool operator!=(const SSLSignatureAlgorithmList &other) const {
|
498
|
-
return !(*this == other);
|
499
|
-
}
|
500
|
-
|
501
|
-
Span<const uint16_t> list;
|
502
|
-
bool skip_ed25519 = false;
|
503
|
-
bool skip_rsa_pss_rsae = false;
|
504
|
-
};
|
505
|
-
|
506
|
-
static SSLSignatureAlgorithmList tls12_get_verify_sigalgs(const SSL *ssl,
|
507
|
-
bool for_certs) {
|
508
|
-
SSLSignatureAlgorithmList ret;
|
509
|
-
if (!ssl->config->verify_sigalgs.empty()) {
|
510
|
-
ret.list = ssl->config->verify_sigalgs;
|
511
|
-
} else {
|
512
|
-
ret.list = kVerifySignatureAlgorithms;
|
513
|
-
ret.skip_ed25519 = !ssl->ctx->ed25519_enabled;
|
457
|
+
static Span<const uint16_t> tls12_get_verify_sigalgs(const SSL_HANDSHAKE *hs) {
|
458
|
+
if (hs->config->verify_sigalgs.empty()) {
|
459
|
+
return Span<const uint16_t>(kVerifySignatureAlgorithms);
|
514
460
|
}
|
515
|
-
|
516
|
-
ret.skip_rsa_pss_rsae = !ssl->ctx->rsa_pss_rsae_certs_enabled;
|
517
|
-
}
|
518
|
-
return ret;
|
461
|
+
return hs->config->verify_sigalgs;
|
519
462
|
}
|
520
463
|
|
521
|
-
bool tls12_add_verify_sigalgs(const
|
522
|
-
|
523
|
-
uint16_t sigalg;
|
524
|
-
while (list.Next(&sigalg)) {
|
464
|
+
bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out) {
|
465
|
+
for (uint16_t sigalg : tls12_get_verify_sigalgs(hs)) {
|
525
466
|
if (!CBB_add_u16(out, sigalg)) {
|
526
467
|
return false;
|
527
468
|
}
|
@@ -529,11 +470,9 @@ bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out, bool for_certs) {
|
|
529
470
|
return true;
|
530
471
|
}
|
531
472
|
|
532
|
-
bool tls12_check_peer_sigalg(const
|
473
|
+
bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
533
474
|
uint16_t sigalg) {
|
534
|
-
|
535
|
-
uint16_t verify_sigalg;
|
536
|
-
while (list.Next(&verify_sigalg)) {
|
475
|
+
for (uint16_t verify_sigalg : tls12_get_verify_sigalgs(hs)) {
|
537
476
|
if (verify_sigalg == sigalg) {
|
538
477
|
return true;
|
539
478
|
}
|
@@ -544,11 +483,6 @@ bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
|
|
544
483
|
return false;
|
545
484
|
}
|
546
485
|
|
547
|
-
bool tls12_has_different_verify_sigalgs_for_certs(const SSL *ssl) {
|
548
|
-
return tls12_get_verify_sigalgs(ssl, true) !=
|
549
|
-
tls12_get_verify_sigalgs(ssl, false);
|
550
|
-
}
|
551
|
-
|
552
486
|
// tls_extension represents a TLS extension that is handled internally. The
|
553
487
|
// |init| function is called for each handshake, before any other functions of
|
554
488
|
// the extension. Then the add and parse callbacks are called as needed.
|
@@ -975,28 +909,15 @@ static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
975
909
|
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
976
910
|
|
977
911
|
static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
978
|
-
SSL *const ssl = hs->ssl;
|
979
912
|
if (hs->max_version < TLS1_2_VERSION) {
|
980
913
|
return true;
|
981
914
|
}
|
982
915
|
|
983
|
-
// Prior to TLS 1.3, there was no way to signal different signature algorithm
|
984
|
-
// preferences between the online signature and certificates. If we do not
|
985
|
-
// send the signature_algorithms_cert extension, use the potentially more
|
986
|
-
// restrictive certificate list.
|
987
|
-
//
|
988
|
-
// TODO(davidben): When TLS 1.3 is finalized, we can likely remove the TLS 1.3
|
989
|
-
// check both here and in signature_algorithms_cert. |hs->max_version| is not
|
990
|
-
// the negotiated version. Rather the expectation is that any server consuming
|
991
|
-
// signature algorithms added in TLS 1.3 will also know to look at
|
992
|
-
// signature_algorithms_cert. For now, TLS 1.3 is not quite yet final and it
|
993
|
-
// seems prudent to condition this new extension on it.
|
994
|
-
bool for_certs = hs->max_version < TLS1_3_VERSION;
|
995
916
|
CBB contents, sigalgs_cbb;
|
996
917
|
if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms) ||
|
997
918
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
998
919
|
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
|
999
|
-
!tls12_add_verify_sigalgs(
|
920
|
+
!tls12_add_verify_sigalgs(hs, &sigalgs_cbb) ||
|
1000
921
|
!CBB_flush(out)) {
|
1001
922
|
return false;
|
1002
923
|
}
|
@@ -1022,35 +943,6 @@ static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1022
943
|
}
|
1023
944
|
|
1024
945
|
|
1025
|
-
// Signature Algorithms for Certificates.
|
1026
|
-
//
|
1027
|
-
// https://tools.ietf.org/html/rfc8446#section-4.2.3
|
1028
|
-
|
1029
|
-
static bool ext_sigalgs_cert_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1030
|
-
SSL *const ssl = hs->ssl;
|
1031
|
-
// If this extension is omitted, it defaults to the signature_algorithms
|
1032
|
-
// extension, so only emit it if the list is different.
|
1033
|
-
//
|
1034
|
-
// This extension is also new in TLS 1.3, so omit it if TLS 1.3 is disabled.
|
1035
|
-
// There is a corresponding version check in |ext_sigalgs_add_clienthello|.
|
1036
|
-
if (hs->max_version < TLS1_3_VERSION ||
|
1037
|
-
!tls12_has_different_verify_sigalgs_for_certs(ssl)) {
|
1038
|
-
return true;
|
1039
|
-
}
|
1040
|
-
|
1041
|
-
CBB contents, sigalgs_cbb;
|
1042
|
-
if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms_cert) ||
|
1043
|
-
!CBB_add_u16_length_prefixed(out, &contents) ||
|
1044
|
-
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
|
1045
|
-
!tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, true /* certs */) ||
|
1046
|
-
!CBB_flush(out)) {
|
1047
|
-
return false;
|
1048
|
-
}
|
1049
|
-
|
1050
|
-
return true;
|
1051
|
-
}
|
1052
|
-
|
1053
|
-
|
1054
946
|
// OCSP Stapling.
|
1055
947
|
//
|
1056
948
|
// https://tools.ietf.org/html/rfc6066#section-8
|
@@ -1845,7 +1737,7 @@ static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1845
1737
|
// Per RFC 8446 section 4.1.4, skip offering the session if the selected
|
1846
1738
|
// cipher in HelloRetryRequest does not match. This avoids performing the
|
1847
1739
|
// transcript hash transformation for multiple hashes.
|
1848
|
-
if (
|
1740
|
+
if (ssl->s3 && ssl->s3->used_hello_retry_request &&
|
1849
1741
|
ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
|
1850
1742
|
return true;
|
1851
1743
|
}
|
@@ -2035,7 +1927,7 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2035
1927
|
SSL *const ssl = hs->ssl;
|
2036
1928
|
// The second ClientHello never offers early data, and we must have already
|
2037
1929
|
// filled in |early_data_reason| by this point.
|
2038
|
-
if (
|
1930
|
+
if (ssl->s3->used_hello_retry_request) {
|
2039
1931
|
assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
|
2040
1932
|
return true;
|
2041
1933
|
}
|
@@ -2089,7 +1981,7 @@ static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2089
1981
|
CBS *contents) {
|
2090
1982
|
SSL *const ssl = hs->ssl;
|
2091
1983
|
if (contents == NULL) {
|
2092
|
-
if (hs->early_data_offered && !
|
1984
|
+
if (hs->early_data_offered && !ssl->s3->used_hello_retry_request) {
|
2093
1985
|
ssl->s3->early_data_reason = ssl->s3->session_reused
|
2094
1986
|
? ssl_early_data_peer_declined
|
2095
1987
|
: ssl_early_data_session_not_resumed;
|
@@ -2104,7 +1996,7 @@ static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2104
1996
|
// If we received an HRR, the second ClientHello never offers early data, so
|
2105
1997
|
// the extensions logic will automatically reject early data extensions as
|
2106
1998
|
// unsolicited. This covered by the ServerAcceptsEarlyDataOnHRR test.
|
2107
|
-
assert(!
|
1999
|
+
assert(!ssl->s3->used_hello_retry_request);
|
2108
2000
|
|
2109
2001
|
if (CBS_len(contents) != 0) {
|
2110
2002
|
*out_alert = SSL_AD_DECODE_ERROR;
|
@@ -2173,7 +2065,7 @@ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2173
2065
|
|
2174
2066
|
uint16_t group_id = hs->retry_group;
|
2175
2067
|
uint16_t second_group_id = 0;
|
2176
|
-
if (
|
2068
|
+
if (ssl->s3 && ssl->s3->used_hello_retry_request) {
|
2177
2069
|
// We received a HelloRetryRequest without a new curve, so there is no new
|
2178
2070
|
// share to append. Leave |hs->key_share| as-is.
|
2179
2071
|
if (group_id == 0 &&
|
@@ -2235,7 +2127,7 @@ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2235
2127
|
|
2236
2128
|
// Save the contents of the extension to repeat it in the second
|
2237
2129
|
// ClientHello.
|
2238
|
-
if (!
|
2130
|
+
if (ssl->s3 && !ssl->s3->used_hello_retry_request &&
|
2239
2131
|
!hs->key_share_bytes.CopyFrom(
|
2240
2132
|
MakeConstSpan(CBB_data(&kse_bytes), CBB_len(&kse_bytes)))) {
|
2241
2133
|
return false;
|
@@ -2655,10 +2547,17 @@ static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2655
2547
|
|
2656
2548
|
static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
2657
2549
|
CBB *out) {
|
2658
|
-
if (hs->config->quic_transport_params.empty()
|
2659
|
-
hs->max_version <= TLS1_2_VERSION) {
|
2550
|
+
if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
|
2660
2551
|
return true;
|
2661
2552
|
}
|
2553
|
+
if (hs->config->quic_transport_params.empty() || !hs->ssl->quic_method) {
|
2554
|
+
// QUIC Transport Parameters must be sent over QUIC, and they must not be
|
2555
|
+
// sent over non-QUIC transports. If transport params are set, then
|
2556
|
+
// SSL(_CTX)_set_quic_method must also be called.
|
2557
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2558
|
+
return false;
|
2559
|
+
}
|
2560
|
+
assert(hs->min_version > TLS1_2_VERSION);
|
2662
2561
|
|
2663
2562
|
CBB contents;
|
2664
2563
|
if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
|
@@ -2676,13 +2575,19 @@ static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2676
2575
|
CBS *contents) {
|
2677
2576
|
SSL *const ssl = hs->ssl;
|
2678
2577
|
if (contents == nullptr) {
|
2679
|
-
|
2578
|
+
if (!ssl->quic_method) {
|
2579
|
+
return true;
|
2580
|
+
}
|
2581
|
+
assert(ssl->quic_method);
|
2582
|
+
*out_alert = SSL_AD_MISSING_EXTENSION;
|
2583
|
+
return false;
|
2680
2584
|
}
|
2681
|
-
|
2682
|
-
if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
2585
|
+
if (!ssl->quic_method) {
|
2683
2586
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
2684
2587
|
return false;
|
2685
2588
|
}
|
2589
|
+
// QUIC requires TLS 1.3.
|
2590
|
+
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
2686
2591
|
|
2687
2592
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2688
2593
|
}
|
@@ -2691,21 +2596,34 @@ static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2691
2596
|
uint8_t *out_alert,
|
2692
2597
|
CBS *contents) {
|
2693
2598
|
SSL *const ssl = hs->ssl;
|
2694
|
-
if (!contents
|
2695
|
-
|
2599
|
+
if (!contents) {
|
2600
|
+
if (!ssl->quic_method) {
|
2601
|
+
if (hs->config->quic_transport_params.empty()) {
|
2602
|
+
return true;
|
2603
|
+
}
|
2604
|
+
// QUIC transport parameters must not be set if |ssl| is not configured
|
2605
|
+
// for QUIC.
|
2606
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2607
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
2608
|
+
}
|
2609
|
+
*out_alert = SSL_AD_MISSING_EXTENSION;
|
2610
|
+
return false;
|
2696
2611
|
}
|
2697
|
-
|
2698
|
-
|
2699
|
-
return
|
2612
|
+
if (!ssl->quic_method) {
|
2613
|
+
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
2614
|
+
return false;
|
2700
2615
|
}
|
2701
|
-
|
2616
|
+
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
2702
2617
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2703
2618
|
}
|
2704
2619
|
|
2705
2620
|
static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
|
2706
2621
|
CBB *out) {
|
2622
|
+
assert(hs->ssl->quic_method != nullptr);
|
2707
2623
|
if (hs->config->quic_transport_params.empty()) {
|
2708
|
-
|
2624
|
+
// Transport parameters must be set when using QUIC.
|
2625
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2626
|
+
return false;
|
2709
2627
|
}
|
2710
2628
|
|
2711
2629
|
CBB contents;
|
@@ -2855,66 +2773,6 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2855
2773
|
}
|
2856
2774
|
|
2857
2775
|
|
2858
|
-
// Post-quantum experiment signal
|
2859
|
-
//
|
2860
|
-
// This extension may be used in order to identify a control group for
|
2861
|
-
// experimenting with post-quantum key exchange algorithms.
|
2862
|
-
|
2863
|
-
static bool ext_pq_experiment_signal_add_clienthello(SSL_HANDSHAKE *hs,
|
2864
|
-
CBB *out) {
|
2865
|
-
if (hs->ssl->ctx->pq_experiment_signal &&
|
2866
|
-
(!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
|
2867
|
-
!CBB_add_u16(out, 0))) {
|
2868
|
-
return false;
|
2869
|
-
}
|
2870
|
-
|
2871
|
-
return true;
|
2872
|
-
}
|
2873
|
-
|
2874
|
-
static bool ext_pq_experiment_signal_parse_serverhello(SSL_HANDSHAKE *hs,
|
2875
|
-
uint8_t *out_alert,
|
2876
|
-
CBS *contents) {
|
2877
|
-
if (contents == nullptr) {
|
2878
|
-
return true;
|
2879
|
-
}
|
2880
|
-
|
2881
|
-
if (!hs->ssl->ctx->pq_experiment_signal || CBS_len(contents) != 0) {
|
2882
|
-
return false;
|
2883
|
-
}
|
2884
|
-
|
2885
|
-
hs->ssl->s3->pq_experiment_signal_seen = true;
|
2886
|
-
return true;
|
2887
|
-
}
|
2888
|
-
|
2889
|
-
static bool ext_pq_experiment_signal_parse_clienthello(SSL_HANDSHAKE *hs,
|
2890
|
-
uint8_t *out_alert,
|
2891
|
-
CBS *contents) {
|
2892
|
-
if (contents == nullptr) {
|
2893
|
-
return true;
|
2894
|
-
}
|
2895
|
-
|
2896
|
-
if (CBS_len(contents) != 0) {
|
2897
|
-
return false;
|
2898
|
-
}
|
2899
|
-
|
2900
|
-
if (hs->ssl->ctx->pq_experiment_signal) {
|
2901
|
-
hs->ssl->s3->pq_experiment_signal_seen = true;
|
2902
|
-
}
|
2903
|
-
|
2904
|
-
return true;
|
2905
|
-
}
|
2906
|
-
|
2907
|
-
static bool ext_pq_experiment_signal_add_serverhello(SSL_HANDSHAKE *hs,
|
2908
|
-
CBB *out) {
|
2909
|
-
if (hs->ssl->s3->pq_experiment_signal_seen &&
|
2910
|
-
(!CBB_add_u16(out, TLSEXT_TYPE_pq_experiment_signal) ||
|
2911
|
-
!CBB_add_u16(out, 0))) {
|
2912
|
-
return false;
|
2913
|
-
}
|
2914
|
-
|
2915
|
-
return true;
|
2916
|
-
}
|
2917
|
-
|
2918
2776
|
// kExtensions contains all the supported extensions.
|
2919
2777
|
static const struct tls_extension kExtensions[] = {
|
2920
2778
|
{
|
@@ -2991,14 +2849,6 @@ static const struct tls_extension kExtensions[] = {
|
|
2991
2849
|
ext_sigalgs_parse_clienthello,
|
2992
2850
|
dont_add_serverhello,
|
2993
2851
|
},
|
2994
|
-
{
|
2995
|
-
TLSEXT_TYPE_signature_algorithms_cert,
|
2996
|
-
NULL,
|
2997
|
-
ext_sigalgs_cert_add_clienthello,
|
2998
|
-
forbid_parse_serverhello,
|
2999
|
-
ignore_parse_clienthello,
|
3000
|
-
dont_add_serverhello,
|
3001
|
-
},
|
3002
2852
|
{
|
3003
2853
|
TLSEXT_TYPE_next_proto_neg,
|
3004
2854
|
NULL,
|
@@ -3103,14 +2953,6 @@ static const struct tls_extension kExtensions[] = {
|
|
3103
2953
|
ext_delegated_credential_parse_clienthello,
|
3104
2954
|
dont_add_serverhello,
|
3105
2955
|
},
|
3106
|
-
{
|
3107
|
-
TLSEXT_TYPE_pq_experiment_signal,
|
3108
|
-
NULL,
|
3109
|
-
ext_pq_experiment_signal_add_clienthello,
|
3110
|
-
ext_pq_experiment_signal_parse_serverhello,
|
3111
|
-
ext_pq_experiment_signal_parse_clienthello,
|
3112
|
-
ext_pq_experiment_signal_add_serverhello,
|
3113
|
-
},
|
3114
2956
|
};
|
3115
2957
|
|
3116
2958
|
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
|
@@ -4026,11 +3868,3 @@ int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
|
|
4026
3868
|
*out_len = CBS_len(&cbs);
|
4027
3869
|
return 1;
|
4028
3870
|
}
|
4029
|
-
|
4030
|
-
void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled) {
|
4031
|
-
ctx->ed25519_enabled = !!enabled;
|
4032
|
-
}
|
4033
|
-
|
4034
|
-
void SSL_CTX_set_rsa_pss_rsae_certs_enabled(SSL_CTX *ctx, int enabled) {
|
4035
|
-
ctx->rsa_pss_rsae_certs_enabled = !!enabled;
|
4036
|
-
}
|