grpc 1.28.0.pre2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8313 -11862
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
- data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
- data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +122 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -578,6 +578,7 @@ OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
|
|
578
578
|
OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
|
579
579
|
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
|
580
580
|
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
|
581
|
+
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
|
581
582
|
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
|
582
583
|
OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
|
583
584
|
OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
|
@@ -437,10 +437,6 @@ void dtls1_next_message(SSL *ssl) {
|
|
437
437
|
}
|
438
438
|
|
439
439
|
bool dtls_has_unprocessed_handshake_data(const SSL *ssl) {
|
440
|
-
if (ssl->d1->has_change_cipher_spec) {
|
441
|
-
return true;
|
442
|
-
}
|
443
|
-
|
444
440
|
size_t current = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
|
445
441
|
for (size_t i = 0; i < SSL_MAX_HANDSHAKE_FLIGHT; i++) {
|
446
442
|
// Skip the current message.
|
@@ -86,12 +86,12 @@ DTLS1_STATE::DTLS1_STATE()
|
|
86
86
|
DTLS1_STATE::~DTLS1_STATE() {}
|
87
87
|
|
88
88
|
bool dtls1_new(SSL *ssl) {
|
89
|
-
if (!
|
89
|
+
if (!tls_new(ssl)) {
|
90
90
|
return false;
|
91
91
|
}
|
92
92
|
UniquePtr<DTLS1_STATE> d1 = MakeUnique<DTLS1_STATE>();
|
93
93
|
if (!d1) {
|
94
|
-
|
94
|
+
tls_free(ssl);
|
95
95
|
return false;
|
96
96
|
}
|
97
97
|
|
@@ -107,7 +107,7 @@ bool dtls1_new(SSL *ssl) {
|
|
107
107
|
}
|
108
108
|
|
109
109
|
void dtls1_free(SSL *ssl) {
|
110
|
-
|
110
|
+
tls_free(ssl);
|
111
111
|
|
112
112
|
if (ssl == NULL) {
|
113
113
|
return;
|
@@ -77,10 +77,13 @@ static void dtls1_on_handshake_complete(SSL *ssl) {
|
|
77
77
|
}
|
78
78
|
}
|
79
79
|
|
80
|
-
static bool dtls1_set_read_state(SSL *ssl,
|
80
|
+
static bool dtls1_set_read_state(SSL *ssl, ssl_encryption_level_t level,
|
81
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
82
|
+
Span<const uint8_t> secret_for_quic) {
|
83
|
+
assert(secret_for_quic.empty()); // QUIC does not use DTLS.
|
81
84
|
// Cipher changes are forbidden if the current epoch has leftover data.
|
82
85
|
if (dtls_has_unprocessed_handshake_data(ssl)) {
|
83
|
-
OPENSSL_PUT_ERROR(SSL,
|
86
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
84
87
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
85
88
|
return false;
|
86
89
|
}
|
@@ -90,11 +93,15 @@ static bool dtls1_set_read_state(SSL *ssl, UniquePtr
|
|
90
93
|
OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
|
91
94
|
|
92
95
|
ssl->s3->aead_read_ctx = std::move(aead_ctx);
|
96
|
+
ssl->s3->read_level = level;
|
97
|
+
ssl->d1->has_change_cipher_spec = 0;
|
93
98
|
return true;
|
94
99
|
}
|
95
100
|
|
96
|
-
static bool dtls1_set_write_state(SSL *ssl,
|
97
|
-
UniquePtr<SSLAEADContext> aead_ctx
|
101
|
+
static bool dtls1_set_write_state(SSL *ssl, ssl_encryption_level_t level,
|
102
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
103
|
+
Span<const uint8_t> secret_for_quic) {
|
104
|
+
assert(secret_for_quic.empty()); // QUIC does not use DTLS.
|
98
105
|
ssl->d1->w_epoch++;
|
99
106
|
OPENSSL_memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,
|
100
107
|
sizeof(ssl->s3->write_sequence));
|
@@ -102,6 +109,7 @@ static bool dtls1_set_write_state(SSL *ssl,
|
|
102
109
|
|
103
110
|
ssl->d1->last_aead_write_ctx = std::move(ssl->s3->aead_write_ctx);
|
104
111
|
ssl->s3->aead_write_ctx = std::move(aead_ctx);
|
112
|
+
ssl->s3->write_level = level;
|
105
113
|
return true;
|
106
114
|
}
|
107
115
|
|
@@ -111,6 +119,7 @@ static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {
|
|
111
119
|
dtls1_free,
|
112
120
|
dtls1_get_message,
|
113
121
|
dtls1_next_message,
|
122
|
+
dtls_has_unprocessed_handshake_data,
|
114
123
|
dtls1_open_handshake,
|
115
124
|
dtls1_open_change_cipher_spec,
|
116
125
|
dtls1_open_app_data,
|
@@ -24,6 +24,17 @@ BSSL_NAMESPACE_BEGIN
|
|
24
24
|
constexpr int kHandoffVersion = 0;
|
25
25
|
constexpr int kHandbackVersion = 0;
|
26
26
|
|
27
|
+
// early_data_t represents the state of early data in a more compact way than
|
28
|
+
// the 3 bits used by the implementation.
|
29
|
+
enum early_data_t {
|
30
|
+
early_data_not_offered = 0,
|
31
|
+
early_data_accepted = 1,
|
32
|
+
early_data_rejected_hrr = 2,
|
33
|
+
early_data_skipped = 3,
|
34
|
+
|
35
|
+
early_data_max_value = early_data_skipped,
|
36
|
+
};
|
37
|
+
|
27
38
|
// serialize_features adds a description of features supported by this binary to
|
28
39
|
// |out|. Returns true on success and false on error.
|
29
40
|
static bool serialize_features(CBB *out) {
|
@@ -246,9 +257,10 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
246
257
|
case state12_finish_server_handshake:
|
247
258
|
type = handback_after_handshake;
|
248
259
|
break;
|
249
|
-
// The outer state machine is always in |state12_tls13| for a TLS 1.3
|
250
|
-
// handshake as TLS 1.3 uses |tls13_state|.
|
251
260
|
case state12_tls13:
|
261
|
+
if (hs->tls13_state != state13_send_half_rtt_ticket) {
|
262
|
+
return false;
|
263
|
+
}
|
252
264
|
type = handback_tls13;
|
253
265
|
break;
|
254
266
|
default:
|
@@ -261,8 +273,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
261
273
|
}
|
262
274
|
|
263
275
|
Span<const uint8_t> transcript;
|
264
|
-
if (type
|
265
|
-
type == handback_after_session_resumption || type == handback_tls13) {
|
276
|
+
if (type != handback_after_handshake) {
|
266
277
|
transcript = s3->hs->transcript.buffer();
|
267
278
|
}
|
268
279
|
size_t write_iv_len = 0;
|
@@ -332,6 +343,27 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
332
343
|
return false;
|
333
344
|
}
|
334
345
|
if (type == handback_tls13) {
|
346
|
+
early_data_t early_data;
|
347
|
+
// Check early data invariants.
|
348
|
+
if (ssl->enable_early_data ==
|
349
|
+
(s3->early_data_reason == ssl_early_data_disabled)) {
|
350
|
+
return false;
|
351
|
+
}
|
352
|
+
if (hs->early_data_offered) {
|
353
|
+
if (s3->early_data_accepted && !s3->skip_early_data) {
|
354
|
+
early_data = early_data_accepted;
|
355
|
+
} else if (!s3->early_data_accepted && !s3->skip_early_data) {
|
356
|
+
early_data = early_data_rejected_hrr;
|
357
|
+
} else if (!s3->early_data_accepted && s3->skip_early_data) {
|
358
|
+
early_data = early_data_skipped;
|
359
|
+
} else {
|
360
|
+
return false;
|
361
|
+
}
|
362
|
+
} else if (!s3->early_data_accepted && !s3->skip_early_data) {
|
363
|
+
early_data = early_data_not_offered;
|
364
|
+
} else {
|
365
|
+
return false;
|
366
|
+
}
|
335
367
|
if (!CBB_add_asn1_octet_string(&seq, hs->client_traffic_secret_0().data(),
|
336
368
|
hs->client_traffic_secret_0().size()) ||
|
337
369
|
!CBB_add_asn1_octet_string(&seq, hs->server_traffic_secret_0().data(),
|
@@ -346,13 +378,28 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
346
378
|
s3->exporter_secret_len) ||
|
347
379
|
!CBB_add_asn1_bool(&seq, s3->used_hello_retry_request) ||
|
348
380
|
!CBB_add_asn1_bool(&seq, hs->accept_psk_mode) ||
|
349
|
-
!CBB_add_asn1_int64(&seq, s3->ticket_age_skew)
|
381
|
+
!CBB_add_asn1_int64(&seq, s3->ticket_age_skew) ||
|
382
|
+
!CBB_add_asn1_uint64(&seq, s3->early_data_reason) ||
|
383
|
+
!CBB_add_asn1_uint64(&seq, early_data)) {
|
384
|
+
return false;
|
385
|
+
}
|
386
|
+
if (early_data == early_data_accepted &&
|
387
|
+
!CBB_add_asn1_octet_string(&seq, hs->early_traffic_secret().data(),
|
388
|
+
hs->early_traffic_secret().size())) {
|
350
389
|
return false;
|
351
390
|
}
|
352
391
|
}
|
353
392
|
return CBB_flush(out);
|
354
393
|
}
|
355
394
|
|
395
|
+
static bool CopyExact(Span<uint8_t> out, const CBS *in) {
|
396
|
+
if (CBS_len(in) != out.size()) {
|
397
|
+
return false;
|
398
|
+
}
|
399
|
+
OPENSSL_memcpy(out.data(), CBS_data(in), out.size());
|
400
|
+
return true;
|
401
|
+
}
|
402
|
+
|
356
403
|
bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
357
404
|
if (ssl->do_handshake != nullptr ||
|
358
405
|
ssl->method->is_dtls) {
|
@@ -360,7 +407,7 @@ bool SSL_apply_handback(SSL *ssl, Span
|
|
360
407
|
}
|
361
408
|
|
362
409
|
SSL3_STATE *const s3 = ssl->s3;
|
363
|
-
uint64_t handback_version, negotiated_token_binding_param, cipher,
|
410
|
+
uint64_t handback_version, negotiated_token_binding_param, cipher, type_u64;
|
364
411
|
|
365
412
|
CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
|
366
413
|
next_proto, alpn, hostname, channel_id, transcript, key_share;
|
@@ -372,10 +419,12 @@ bool SSL_apply_handback(SSL *ssl, Span
|
|
372
419
|
if (!CBS_get_asn1(&handback_cbs, &seq, CBS_ASN1_SEQUENCE) ||
|
373
420
|
!CBS_get_asn1_uint64(&seq, &handback_version) ||
|
374
421
|
handback_version != kHandbackVersion ||
|
375
|
-
!CBS_get_asn1_uint64(&seq, &
|
422
|
+
!CBS_get_asn1_uint64(&seq, &type_u64) ||
|
423
|
+
type_u64 > handback_max_value) {
|
376
424
|
return false;
|
377
425
|
}
|
378
426
|
|
427
|
+
handback_t type = static_cast<handback_t>(type_u64);
|
379
428
|
if (!CBS_get_asn1(&seq, &read_seq, CBS_ASN1_OCTETSTRING) ||
|
380
429
|
CBS_len(&read_seq) != sizeof(s3->read_sequence) ||
|
381
430
|
!CBS_get_asn1(&seq, &write_seq, CBS_ASN1_OCTETSTRING) ||
|
@@ -432,9 +481,10 @@ bool SSL_apply_handback(SSL *ssl, Span
|
|
432
481
|
return false;
|
433
482
|
}
|
434
483
|
CBS client_handshake_secret, server_handshake_secret, client_traffic_secret_0,
|
435
|
-
server_traffic_secret_0, secret, exporter_secret;
|
484
|
+
server_traffic_secret_0, secret, exporter_secret, early_traffic_secret;
|
436
485
|
if (type == handback_tls13) {
|
437
486
|
int used_hello_retry_request, accept_psk_mode;
|
487
|
+
uint64_t early_data, early_data_reason;
|
438
488
|
int64_t ticket_age_skew;
|
439
489
|
if (!CBS_get_asn1(&seq, &client_traffic_secret_0, CBS_ASN1_OCTETSTRING) ||
|
440
490
|
!CBS_get_asn1(&seq, &server_traffic_secret_0, CBS_ASN1_OCTETSTRING) ||
|
@@ -444,7 +494,16 @@ bool SSL_apply_handback(SSL *ssl, Span
|
|
444
494
|
!CBS_get_asn1(&seq, &exporter_secret, CBS_ASN1_OCTETSTRING) ||
|
445
495
|
!CBS_get_asn1_bool(&seq, &used_hello_retry_request) ||
|
446
496
|
!CBS_get_asn1_bool(&seq, &accept_psk_mode) ||
|
447
|
-
!CBS_get_asn1_int64(&seq, &ticket_age_skew)
|
497
|
+
!CBS_get_asn1_int64(&seq, &ticket_age_skew) ||
|
498
|
+
!CBS_get_asn1_uint64(&seq, &early_data_reason) ||
|
499
|
+
early_data_reason > ssl_early_data_reason_max_value ||
|
500
|
+
!CBS_get_asn1_uint64(&seq, &early_data) ||
|
501
|
+
early_data > early_data_max_value) {
|
502
|
+
return false;
|
503
|
+
}
|
504
|
+
early_data_t early_data_type = static_cast<early_data_t>(early_data);
|
505
|
+
if (early_data_type == early_data_accepted &&
|
506
|
+
!CBS_get_asn1(&seq, &early_traffic_secret, CBS_ASN1_OCTETSTRING)) {
|
448
507
|
return false;
|
449
508
|
}
|
450
509
|
if (ticket_age_skew > std::numeric_limits<int32_t>::max() ||
|
@@ -454,6 +513,35 @@ bool SSL_apply_handback(SSL *ssl, Span
|
|
454
513
|
s3->ticket_age_skew = static_cast<int32_t>(ticket_age_skew);
|
455
514
|
s3->used_hello_retry_request = used_hello_retry_request;
|
456
515
|
hs->accept_psk_mode = accept_psk_mode;
|
516
|
+
|
517
|
+
s3->early_data_reason =
|
518
|
+
static_cast<ssl_early_data_reason_t>(early_data_reason);
|
519
|
+
ssl->enable_early_data = s3->early_data_reason != ssl_early_data_disabled;
|
520
|
+
s3->skip_early_data = false;
|
521
|
+
s3->early_data_accepted = false;
|
522
|
+
hs->early_data_offered = false;
|
523
|
+
switch (early_data_type) {
|
524
|
+
case early_data_not_offered:
|
525
|
+
break;
|
526
|
+
case early_data_accepted:
|
527
|
+
s3->early_data_accepted = true;
|
528
|
+
hs->early_data_offered = true;
|
529
|
+
hs->can_early_write = true;
|
530
|
+
hs->can_early_read = true;
|
531
|
+
hs->in_early_data = true;
|
532
|
+
break;
|
533
|
+
case early_data_rejected_hrr:
|
534
|
+
hs->early_data_offered = true;
|
535
|
+
break;
|
536
|
+
case early_data_skipped:
|
537
|
+
s3->skip_early_data = true;
|
538
|
+
hs->early_data_offered = true;
|
539
|
+
break;
|
540
|
+
default:
|
541
|
+
return false;
|
542
|
+
}
|
543
|
+
} else {
|
544
|
+
s3->early_data_reason = ssl_early_data_protocol_version;
|
457
545
|
}
|
458
546
|
|
459
547
|
ssl->version = session->ssl_version;
|
@@ -484,7 +572,7 @@ bool SSL_apply_handback(SSL *ssl, Span
|
|
484
572
|
break;
|
485
573
|
case handback_tls13:
|
486
574
|
hs->state = state12_tls13;
|
487
|
-
hs->tls13_state =
|
575
|
+
hs->tls13_state = state13_send_half_rtt_ticket;
|
488
576
|
break;
|
489
577
|
default:
|
490
578
|
return false;
|
@@ -515,72 +603,73 @@ bool SSL_apply_handback(SSL *ssl, Span
|
|
515
603
|
s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
|
516
604
|
hs->cert_request = cert_request;
|
517
605
|
|
518
|
-
|
519
|
-
// |early_data_reason| and stabilize the constants.
|
520
|
-
s3->early_data_reason = ssl_early_data_protocol_version;
|
521
|
-
|
522
|
-
if ((type == handback_after_ecdhe ||
|
523
|
-
type == handback_after_session_resumption || type == handback_tls13) &&
|
606
|
+
if (type != handback_after_handshake &&
|
524
607
|
(!hs->transcript.Init() ||
|
525
608
|
!hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
|
526
609
|
!hs->transcript.Update(transcript))) {
|
527
610
|
return false;
|
528
611
|
}
|
529
612
|
if (type == handback_tls13) {
|
530
|
-
|
531
|
-
if (
|
532
|
-
|
533
|
-
|
534
|
-
|
535
|
-
|
613
|
+
hs->ResizeSecrets(hs->transcript.DigestLen());
|
614
|
+
if (!CopyExact(hs->client_traffic_secret_0(), &client_traffic_secret_0) ||
|
615
|
+
!CopyExact(hs->server_traffic_secret_0(), &server_traffic_secret_0) ||
|
616
|
+
!CopyExact(hs->client_handshake_secret(), &client_handshake_secret) ||
|
617
|
+
!CopyExact(hs->server_handshake_secret(), &server_handshake_secret) ||
|
618
|
+
!CopyExact(hs->secret(), &secret) ||
|
619
|
+
!CopyExact({s3->exporter_secret, hs->transcript.DigestLen()},
|
620
|
+
&exporter_secret)) {
|
536
621
|
return false;
|
537
622
|
}
|
538
|
-
|
539
|
-
|
540
|
-
|
541
|
-
|
542
|
-
CBS_data(&server_traffic_secret_0), digest_len);
|
543
|
-
memcpy(hs->client_handshake_secret().data(),
|
544
|
-
CBS_data(&client_handshake_secret), digest_len);
|
545
|
-
memcpy(hs->server_handshake_secret().data(),
|
546
|
-
CBS_data(&server_handshake_secret), digest_len);
|
547
|
-
memcpy(hs->secret().data(), CBS_data(&secret), digest_len);
|
548
|
-
|
549
|
-
if (digest_len != CBS_len(&exporter_secret)) {
|
623
|
+
s3->exporter_secret_len = CBS_len(&exporter_secret);
|
624
|
+
|
625
|
+
if (s3->early_data_accepted &&
|
626
|
+
!CopyExact(hs->early_traffic_secret(), &early_traffic_secret)) {
|
550
627
|
return false;
|
551
628
|
}
|
552
|
-
memcpy(s3->exporter_secret, CBS_data(&exporter_secret), digest_len);
|
553
|
-
s3->exporter_secret_len = digest_len;
|
554
629
|
}
|
555
630
|
Array<uint8_t> key_block;
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
563
|
-
|
564
|
-
|
565
|
-
|
566
|
-
|
567
|
-
|
568
|
-
|
569
|
-
|
631
|
+
switch (type) {
|
632
|
+
case handback_after_session_resumption:
|
633
|
+
// The write keys are installed after server Finished, but the client
|
634
|
+
// keys must wait for ChangeCipherSpec.
|
635
|
+
if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session,
|
636
|
+
write_iv)) {
|
637
|
+
return false;
|
638
|
+
}
|
639
|
+
break;
|
640
|
+
case handback_after_ecdhe:
|
641
|
+
// The premaster secret is not yet computed, so install no keys.
|
642
|
+
break;
|
643
|
+
case handback_after_handshake:
|
644
|
+
// The handshake is complete, so both keys are installed.
|
645
|
+
if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session,
|
646
|
+
write_iv) ||
|
647
|
+
!tls1_configure_aead(ssl, evp_aead_open, &key_block, session,
|
648
|
+
read_iv)) {
|
649
|
+
return false;
|
650
|
+
}
|
651
|
+
break;
|
652
|
+
case handback_tls13:
|
653
|
+
// After server Finished, the application write keys are installed, but
|
654
|
+
// none of the read keys. The read keys are installed in the state machine
|
655
|
+
// immediately after processing handback.
|
656
|
+
if (!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
|
657
|
+
hs->new_session.get(),
|
658
|
+
hs->server_traffic_secret_0())) {
|
659
|
+
return false;
|
660
|
+
}
|
661
|
+
break;
|
570
662
|
}
|
571
|
-
if (
|
572
|
-
|
573
|
-
|
574
|
-
!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
|
575
|
-
hs->server_traffic_secret_0()))) {
|
663
|
+
if (!CopyExact({s3->read_sequence, sizeof(s3->read_sequence)}, &read_seq) ||
|
664
|
+
!CopyExact({s3->write_sequence, sizeof(s3->write_sequence)},
|
665
|
+
&write_seq)) {
|
576
666
|
return false;
|
577
667
|
}
|
578
668
|
if (type == handback_after_ecdhe &&
|
579
669
|
(hs->key_shares[0] = SSLKeyShare::Create(&key_share)) == nullptr) {
|
580
670
|
return false;
|
581
671
|
}
|
582
|
-
|
583
|
-
return CBS_len(&seq) == 0;
|
672
|
+
return true; // Trailing data allowed for extensibility.
|
584
673
|
}
|
585
674
|
|
586
675
|
BSSL_NAMESPACE_END
|
@@ -441,7 +441,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
441
441
|
uint8_t finished[EVP_MAX_MD_SIZE];
|
442
442
|
size_t finished_len;
|
443
443
|
if (!hs->transcript.GetFinishedMAC(finished, &finished_len,
|
444
|
-
|
444
|
+
ssl_handshake_session(hs), !ssl->server) ||
|
445
445
|
!ssl_hash_message(hs, msg)) {
|
446
446
|
return ssl_hs_error;
|
447
447
|
}
|
@@ -471,13 +471,20 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
471
471
|
ssl->s3->previous_server_finished_len = finished_len;
|
472
472
|
}
|
473
473
|
|
474
|
+
// The Finished message should be the end of a flight.
|
475
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
476
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
477
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
478
|
+
return ssl_hs_error;
|
479
|
+
}
|
480
|
+
|
474
481
|
ssl->method->next_message(ssl);
|
475
482
|
return ssl_hs_ok;
|
476
483
|
}
|
477
484
|
|
478
485
|
bool ssl_send_finished(SSL_HANDSHAKE *hs) {
|
479
486
|
SSL *const ssl = hs->ssl;
|
480
|
-
const SSL_SESSION *session =
|
487
|
+
const SSL_SESSION *session = ssl_handshake_session(hs);
|
481
488
|
|
482
489
|
uint8_t finished[EVP_MAX_MD_SIZE];
|
483
490
|
size_t finished_len;
|
@@ -534,6 +541,13 @@ bool ssl_output_cert_chain(SSL_HANDSHAKE *hs) {
|
|
534
541
|
return true;
|
535
542
|
}
|
536
543
|
|
544
|
+
const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs) {
|
545
|
+
if (hs->new_session) {
|
546
|
+
return hs->new_session.get();
|
547
|
+
}
|
548
|
+
return hs->ssl->session.get();
|
549
|
+
}
|
550
|
+
|
537
551
|
int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
538
552
|
SSL *const ssl = hs->ssl;
|
539
553
|
for (;;) {
|
@@ -621,10 +635,15 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
621
635
|
hs->wait = ssl_hs_ok;
|
622
636
|
return -1;
|
623
637
|
|
624
|
-
case ssl_hs_handback:
|
638
|
+
case ssl_hs_handback: {
|
639
|
+
int ret = ssl->method->flush_flight(ssl);
|
640
|
+
if (ret <= 0) {
|
641
|
+
return ret;
|
642
|
+
}
|
625
643
|
ssl->s3->rwstate = SSL_ERROR_HANDBACK;
|
626
644
|
hs->wait = ssl_hs_handback;
|
627
645
|
return -1;
|
646
|
+
}
|
628
647
|
|
629
648
|
case ssl_hs_x509_lookup:
|
630
649
|
ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
|
@@ -658,9 +677,8 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
658
677
|
|
659
678
|
case ssl_hs_early_data_rejected:
|
660
679
|
assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
|
680
|
+
assert(!hs->can_early_write);
|
661
681
|
ssl->s3->rwstate = SSL_ERROR_EARLY_DATA_REJECTED;
|
662
|
-
// Cause |SSL_write| to start failing immediately.
|
663
|
-
hs->can_early_write = false;
|
664
682
|
return -1;
|
665
683
|
|
666
684
|
case ssl_hs_early_return:
|