grpc 1.28.0.pre2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8313 -11862
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
- data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
- data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +122 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -185,7 +185,7 @@ SSL3_STATE::SSL3_STATE()
|
|
185
185
|
|
186
186
|
SSL3_STATE::~SSL3_STATE() {}
|
187
187
|
|
188
|
-
bool
|
188
|
+
bool tls_new(SSL *ssl) {
|
189
189
|
UniquePtr<SSL3_STATE> s3 = MakeUnique<SSL3_STATE>();
|
190
190
|
if (!s3) {
|
191
191
|
return false;
|
@@ -209,7 +209,7 @@ bool ssl3_new(SSL *ssl) {
|
|
209
209
|
return true;
|
210
210
|
}
|
211
211
|
|
212
|
-
void
|
212
|
+
void tls_free(SSL *ssl) {
|
213
213
|
if (ssl == NULL || ssl->s3 == NULL) {
|
214
214
|
return;
|
215
215
|
}
|
@@ -124,10 +124,10 @@
|
|
124
124
|
|
125
125
|
BSSL_NAMESPACE_BEGIN
|
126
126
|
|
127
|
-
static int
|
127
|
+
static int do_tls_write(SSL *ssl, int type, const uint8_t *in, unsigned len);
|
128
128
|
|
129
|
-
int
|
130
|
-
|
129
|
+
int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
|
130
|
+
int len) {
|
131
131
|
assert(ssl_can_write(ssl));
|
132
132
|
assert(!ssl->s3->aead_write_ctx->is_null_cipher());
|
133
133
|
|
@@ -147,7 +147,7 @@ int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
|
|
147
147
|
// Ensure that if we end up with a smaller value of data to write out than
|
148
148
|
// the the original len from a write which didn't complete for non-blocking
|
149
149
|
// I/O and also somehow ended up avoiding the check for this in
|
150
|
-
//
|
150
|
+
// tls_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be possible to
|
151
151
|
// end up with (len-tot) as a large number that will then promptly send
|
152
152
|
// beyond the end of the users buffer ... so we trap and report the error in
|
153
153
|
// a way the user will notice.
|
@@ -182,7 +182,7 @@ int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
|
|
182
182
|
nw = n;
|
183
183
|
}
|
184
184
|
|
185
|
-
int ret =
|
185
|
+
int ret = do_tls_write(ssl, SSL3_RT_APPLICATION_DATA, &in[tot], nw);
|
186
186
|
if (ret <= 0) {
|
187
187
|
ssl->s3->wnum = tot;
|
188
188
|
return ret;
|
@@ -201,8 +201,8 @@ int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *in,
|
|
201
201
|
}
|
202
202
|
}
|
203
203
|
|
204
|
-
static int
|
205
|
-
|
204
|
+
static int tls_write_pending(SSL *ssl, int type, const uint8_t *in,
|
205
|
+
unsigned int len) {
|
206
206
|
if (ssl->s3->wpend_tot > (int)len ||
|
207
207
|
(!(ssl->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) &&
|
208
208
|
ssl->s3->wpend_buf != in) ||
|
@@ -219,11 +219,11 @@ static int ssl3_write_pending(SSL *ssl, int type, const uint8_t *in,
|
|
219
219
|
return ssl->s3->wpend_ret;
|
220
220
|
}
|
221
221
|
|
222
|
-
//
|
223
|
-
static int
|
222
|
+
// do_tls_write writes an SSL record of the given type.
|
223
|
+
static int do_tls_write(SSL *ssl, int type, const uint8_t *in, unsigned len) {
|
224
224
|
// If there is still data from the previous record, flush it.
|
225
225
|
if (ssl->s3->wpend_pending) {
|
226
|
-
return
|
226
|
+
return tls_write_pending(ssl, type, in, len);
|
227
227
|
}
|
228
228
|
|
229
229
|
SSLBuffer *buf = &ssl->s3->write_buffer;
|
@@ -287,7 +287,7 @@ static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len) {
|
|
287
287
|
// acknowledgments.
|
288
288
|
ssl->s3->key_update_pending = false;
|
289
289
|
|
290
|
-
// Memorize arguments so that
|
290
|
+
// Memorize arguments so that tls_write_pending can detect bad write retries
|
291
291
|
// later.
|
292
292
|
ssl->s3->wpend_tot = len;
|
293
293
|
ssl->s3->wpend_buf = in;
|
@@ -296,12 +296,12 @@ static int do_ssl3_write(SSL *ssl, int type, const uint8_t *in, unsigned len) {
|
|
296
296
|
ssl->s3->wpend_pending = true;
|
297
297
|
|
298
298
|
// We now just need to write the buffer.
|
299
|
-
return
|
299
|
+
return tls_write_pending(ssl, type, in, len);
|
300
300
|
}
|
301
301
|
|
302
|
-
ssl_open_record_t
|
303
|
-
|
304
|
-
|
302
|
+
ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out,
|
303
|
+
size_t *out_consumed, uint8_t *out_alert,
|
304
|
+
Span<uint8_t> in) {
|
305
305
|
assert(ssl_can_read(ssl));
|
306
306
|
assert(!ssl->s3->aead_read_ctx->is_null_cipher());
|
307
307
|
|
@@ -316,7 +316,7 @@ ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span
|
|
316
316
|
|
317
317
|
if (type == SSL3_RT_HANDSHAKE) {
|
318
318
|
// Post-handshake data prior to TLS 1.3 is always renegotiation, which we
|
319
|
-
// never accept as a server. Otherwise |
|
319
|
+
// never accept as a server. Otherwise |tls_get_message| will send
|
320
320
|
// |SSL_R_EXCESSIVE_MESSAGE_SIZE|.
|
321
321
|
if (ssl->server && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
322
322
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_RENEGOTIATION);
|
@@ -355,9 +355,9 @@ ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span
|
|
355
355
|
return ssl_open_record_success;
|
356
356
|
}
|
357
357
|
|
358
|
-
ssl_open_record_t
|
359
|
-
|
360
|
-
|
358
|
+
ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
|
359
|
+
uint8_t *out_alert,
|
360
|
+
Span<uint8_t> in) {
|
361
361
|
uint8_t type;
|
362
362
|
Span<uint8_t> body;
|
363
363
|
auto ret = tls_open_record(ssl, &type, &body, out_consumed, out_alert, in);
|
@@ -426,7 +426,7 @@ int ssl_send_alert_impl(SSL *ssl, int level, int desc) {
|
|
426
426
|
return -1;
|
427
427
|
}
|
428
428
|
|
429
|
-
int
|
429
|
+
int tls_dispatch_alert(SSL *ssl) {
|
430
430
|
if (ssl->quic_method) {
|
431
431
|
if (!ssl->quic_method->send_alert(ssl, ssl->s3->write_level,
|
432
432
|
ssl->s3->send_alert[1])) {
|
@@ -434,7 +434,7 @@ int ssl3_dispatch_alert(SSL *ssl) {
|
|
434
434
|
return 0;
|
435
435
|
}
|
436
436
|
} else {
|
437
|
-
int ret =
|
437
|
+
int ret = do_tls_write(ssl, SSL3_RT_ALERT, &ssl->s3->send_alert[0], 2);
|
438
438
|
if (ret <= 0) {
|
439
439
|
return ret;
|
440
440
|
}
|
@@ -129,6 +129,8 @@ BSSL_NAMESPACE_BEGIN
|
|
129
129
|
// ticketMaxEarlyData [24] INTEGER OPTIONAL,
|
130
130
|
// authTimeout [25] INTEGER OPTIONAL, -- defaults to timeout
|
131
131
|
// earlyALPN [26] OCTET STRING OPTIONAL,
|
132
|
+
// isQuic [27] BOOLEAN OPTIONAL,
|
133
|
+
// quicEarlyDataHash [28] OCTET STRING OPTIONAL,
|
132
134
|
// }
|
133
135
|
//
|
134
136
|
// Note: historically this serialization has included other optional
|
@@ -188,6 +190,10 @@ static const unsigned kAuthTimeoutTag =
|
|
188
190
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 25;
|
189
191
|
static const unsigned kEarlyALPNTag =
|
190
192
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26;
|
193
|
+
static const unsigned kIsQuicTag =
|
194
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27;
|
195
|
+
static const unsigned kQuicEarlyDataContextTag =
|
196
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28;
|
191
197
|
|
192
198
|
static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
|
193
199
|
int for_ticket) {
|
@@ -388,6 +394,23 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
|
|
388
394
|
}
|
389
395
|
}
|
390
396
|
|
397
|
+
if (in->is_quic) {
|
398
|
+
if (!CBB_add_asn1(&session, &child, kIsQuicTag) ||
|
399
|
+
!CBB_add_asn1_bool(&child, true)) {
|
400
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
401
|
+
return 0;
|
402
|
+
}
|
403
|
+
}
|
404
|
+
|
405
|
+
if (!in->quic_early_data_context.empty()) {
|
406
|
+
if (!CBB_add_asn1(&session, &child, kQuicEarlyDataContextTag) ||
|
407
|
+
!CBB_add_asn1_octet_string(&child, in->quic_early_data_context.data(),
|
408
|
+
in->quic_early_data_context.size())) {
|
409
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
410
|
+
return 0;
|
411
|
+
}
|
412
|
+
}
|
413
|
+
|
391
414
|
return CBB_flush(cbb);
|
392
415
|
}
|
393
416
|
|
@@ -718,6 +741,7 @@ UniquePtr
|
|
718
741
|
|
719
742
|
ret->is_server = is_server;
|
720
743
|
|
744
|
+
int is_quic;
|
721
745
|
if (!SSL_SESSION_parse_u16(&session, &ret->peer_signature_algorithm,
|
722
746
|
kPeerSignatureAlgorithmTag, 0) ||
|
723
747
|
!SSL_SESSION_parse_u32(&session, &ret->ticket_max_early_data,
|
@@ -726,10 +750,15 @@ UniquePtr
|
|
726
750
|
ret->timeout) ||
|
727
751
|
!SSL_SESSION_parse_octet_string(&session, &ret->early_alpn,
|
728
752
|
kEarlyALPNTag) ||
|
753
|
+
!CBS_get_optional_asn1_bool(&session, &is_quic, kIsQuicTag,
|
754
|
+
/*default_value=*/false) ||
|
755
|
+
!SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_context,
|
756
|
+
kQuicEarlyDataContextTag) ||
|
729
757
|
CBS_len(&session) != 0) {
|
730
758
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
731
759
|
return nullptr;
|
732
760
|
}
|
761
|
+
ret->is_quic = is_quic;
|
733
762
|
|
734
763
|
if (!x509_method->session_cache_objects(ret.get())) {
|
735
764
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
@@ -896,6 +896,10 @@ int SSL_CTX_set_chain_and_key(SSL_CTX *ctx, CRYPTO_BUFFER *const *certs,
|
|
896
896
|
privkey_method);
|
897
897
|
}
|
898
898
|
|
899
|
+
const STACK_OF(CRYPTO_BUFFER)* SSL_CTX_get0_chain(const SSL_CTX *ctx) {
|
900
|
+
return ctx->cert->chain.get();
|
901
|
+
}
|
902
|
+
|
899
903
|
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, size_t der_len,
|
900
904
|
const uint8_t *der) {
|
901
905
|
UniquePtr<CRYPTO_BUFFER> buffer(CRYPTO_BUFFER_new(der, der_len, NULL));
|
@@ -564,7 +564,6 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
|
|
564
564
|
channel_id_enabled(false),
|
565
565
|
grease_enabled(false),
|
566
566
|
allow_unknown_alpn_protos(false),
|
567
|
-
ed25519_enabled(false),
|
568
567
|
false_start_allowed_without_alpn(false),
|
569
568
|
ignore_tls13_downgrade(false),
|
570
569
|
handoff(false),
|
@@ -1249,6 +1248,12 @@ void SSL_get_peer_quic_transport_params(const SSL *ssl,
|
|
1249
1248
|
*out_params_len = ssl->s3->peer_quic_transport_params.size();
|
1250
1249
|
}
|
1251
1250
|
|
1251
|
+
int SSL_set_quic_early_data_context(SSL *ssl, const uint8_t *context,
|
1252
|
+
size_t context_len) {
|
1253
|
+
return ssl->config && ssl->config->quic_early_data_context.CopyFrom(
|
1254
|
+
MakeConstSpan(context, context_len));
|
1255
|
+
}
|
1256
|
+
|
1252
1257
|
void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
|
1253
1258
|
ctx->enable_early_data = !!enabled;
|
1254
1259
|
}
|
@@ -2963,6 +2968,34 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
|
|
2963
2968
|
ctx->ticket_aead_method = aead_method;
|
2964
2969
|
}
|
2965
2970
|
|
2971
|
+
SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
|
2972
|
+
size_t buf_len) {
|
2973
|
+
if (SSL_in_init(ssl) ||
|
2974
|
+
ssl_protocol_version(ssl) != TLS1_3_VERSION ||
|
2975
|
+
ssl->server) {
|
2976
|
+
// Only TLS 1.3 clients are supported.
|
2977
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
2978
|
+
return nullptr;
|
2979
|
+
}
|
2980
|
+
|
2981
|
+
CBS cbs, body;
|
2982
|
+
CBS_init(&cbs, buf, buf_len);
|
2983
|
+
uint8_t type;
|
2984
|
+
if (!CBS_get_u8(&cbs, &type) ||
|
2985
|
+
!CBS_get_u24_length_prefixed(&cbs, &body) ||
|
2986
|
+
CBS_len(&cbs) != 0) {
|
2987
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2988
|
+
return nullptr;
|
2989
|
+
}
|
2990
|
+
|
2991
|
+
UniquePtr<SSL_SESSION> session = tls13_create_session_with_ticket(ssl, &body);
|
2992
|
+
if (!session) {
|
2993
|
+
// |tls13_create_session_with_ticket| puts the correct error.
|
2994
|
+
return nullptr;
|
2995
|
+
}
|
2996
|
+
return session.release();
|
2997
|
+
}
|
2998
|
+
|
2966
2999
|
int SSL_set_tlsext_status_type(SSL *ssl, int type) {
|
2967
3000
|
if (!ssl->config) {
|
2968
3001
|
return 0;
|
@@ -791,7 +791,8 @@ int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str) {
|
|
791
791
|
|
792
792
|
if (!SSL_CTX_set_signing_algorithm_prefs(ctx, sigalgs.data(),
|
793
793
|
sigalgs.size()) ||
|
794
|
-
!ctx
|
794
|
+
!SSL_CTX_set_verify_algorithm_prefs(ctx, sigalgs.data(),
|
795
|
+
sigalgs.size())) {
|
795
796
|
return 0;
|
796
797
|
}
|
797
798
|
|
@@ -811,7 +812,7 @@ int SSL_set1_sigalgs_list(SSL *ssl, const char *str) {
|
|
811
812
|
}
|
812
813
|
|
813
814
|
if (!SSL_set_signing_algorithm_prefs(ssl, sigalgs.data(), sigalgs.size()) ||
|
814
|
-
!ssl
|
815
|
+
!SSL_set_verify_algorithm_prefs(ssl, sigalgs.data(), sigalgs.size())) {
|
815
816
|
return 0;
|
816
817
|
}
|
817
818
|
|
@@ -822,3 +823,13 @@ int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, const uint16_t *prefs,
|
|
822
823
|
size_t num_prefs) {
|
823
824
|
return ctx->verify_sigalgs.CopyFrom(MakeConstSpan(prefs, num_prefs));
|
824
825
|
}
|
826
|
+
|
827
|
+
int SSL_set_verify_algorithm_prefs(SSL *ssl, const uint16_t *prefs,
|
828
|
+
size_t num_prefs) {
|
829
|
+
if (!ssl->config) {
|
830
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
831
|
+
return 0;
|
832
|
+
}
|
833
|
+
|
834
|
+
return ssl->config->verify_sigalgs.CopyFrom(MakeConstSpan(prefs, num_prefs));
|
835
|
+
}
|
@@ -197,6 +197,7 @@ UniquePtr
|
|
197
197
|
|
198
198
|
new_session->is_server = session->is_server;
|
199
199
|
new_session->ssl_version = session->ssl_version;
|
200
|
+
new_session->is_quic = session->is_quic;
|
200
201
|
new_session->sid_ctx_length = session->sid_ctx_length;
|
201
202
|
OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
|
202
203
|
|
@@ -267,6 +268,11 @@ UniquePtr
|
|
267
268
|
if (!new_session->early_alpn.CopyFrom(session->early_alpn)) {
|
268
269
|
return nullptr;
|
269
270
|
}
|
271
|
+
|
272
|
+
if (!new_session->quic_early_data_context.CopyFrom(
|
273
|
+
session->quic_early_data_context)) {
|
274
|
+
return nullptr;
|
275
|
+
}
|
270
276
|
}
|
271
277
|
|
272
278
|
// Copy the ticket.
|
@@ -357,6 +363,13 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
357
363
|
|
358
364
|
session->is_server = is_server;
|
359
365
|
session->ssl_version = ssl->version;
|
366
|
+
session->is_quic = ssl->quic_method != nullptr;
|
367
|
+
if (is_server && ssl->enable_early_data && session->is_quic) {
|
368
|
+
if (!session->quic_early_data_context.CopyFrom(
|
369
|
+
hs->config->quic_early_data_context)) {
|
370
|
+
return 0;
|
371
|
+
}
|
372
|
+
}
|
360
373
|
|
361
374
|
// Fill in the time from the |SSL_CTX|'s clock.
|
362
375
|
struct OPENSSL_timeval now;
|
@@ -624,10 +637,14 @@ int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
|
|
624
637
|
ssl->server == session->is_server &&
|
625
638
|
// The session must not be expired.
|
626
639
|
ssl_session_is_time_valid(ssl, session) &&
|
627
|
-
|
628
|
-
|
640
|
+
// Only resume if the session's version matches the negotiated
|
641
|
+
// version.
|
629
642
|
ssl->version == session->ssl_version &&
|
630
|
-
// Only resume if the session's cipher matches the negotiated one.
|
643
|
+
// Only resume if the session's cipher matches the negotiated one. This
|
644
|
+
// is stricter than necessary for TLS 1.3, which allows cross-cipher
|
645
|
+
// resumption if the PRF hashes match. We require an exact match for
|
646
|
+
// simplicity. If loosening this, the 0-RTT accept logic must be
|
647
|
+
// updated to check the cipher.
|
631
648
|
hs->new_cipher == session->cipher &&
|
632
649
|
// If the session contains a client certificate (either the full
|
633
650
|
// certificate or just the hash) then require that the form of the
|
@@ -635,7 +652,10 @@ int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
|
|
635
652
|
((sk_CRYPTO_BUFFER_num(session->certs.get()) == 0 &&
|
636
653
|
!session->peer_sha256_valid) ||
|
637
654
|
session->peer_sha256_valid ==
|
638
|
-
hs->config->retain_only_sha256_of_client_certs)
|
655
|
+
hs->config->retain_only_sha256_of_client_certs) &&
|
656
|
+
// Only resume if the underlying transport protocol hasn't changed.
|
657
|
+
// This is to prevent cross-protocol resumption between QUIC and TCP.
|
658
|
+
(hs->ssl->quic_method != nullptr) == session->is_quic;
|
639
659
|
}
|
640
660
|
|
641
661
|
// ssl_lookup_session looks up |session_id| in the session cache and sets
|
@@ -849,7 +869,8 @@ ssl_session_st::ssl_session_st(const SSL_X509_METHOD *method)
|
|
849
869
|
peer_sha256_valid(false),
|
850
870
|
not_resumable(false),
|
851
871
|
ticket_age_add_valid(false),
|
852
|
-
is_server(false)
|
872
|
+
is_server(false),
|
873
|
+
is_quic(false) {
|
853
874
|
CRYPTO_new_ex_data(&ex_data);
|
854
875
|
time = ::time(nullptr);
|
855
876
|
}
|
@@ -1050,6 +1071,24 @@ int SSL_SESSION_early_data_capable(const SSL_SESSION *session) {
|
|
1050
1071
|
session->ticket_max_early_data != 0;
|
1051
1072
|
}
|
1052
1073
|
|
1074
|
+
SSL_SESSION *SSL_SESSION_copy_without_early_data(SSL_SESSION *session) {
|
1075
|
+
if (!SSL_SESSION_early_data_capable(session)) {
|
1076
|
+
return UpRef(session).release();
|
1077
|
+
}
|
1078
|
+
|
1079
|
+
bssl::UniquePtr<SSL_SESSION> copy =
|
1080
|
+
SSL_SESSION_dup(session, SSL_SESSION_DUP_ALL);
|
1081
|
+
if (!copy) {
|
1082
|
+
return nullptr;
|
1083
|
+
}
|
1084
|
+
|
1085
|
+
copy->ticket_max_early_data = 0;
|
1086
|
+
// Copied sessions are non-resumable until they're completely filled in.
|
1087
|
+
copy->not_resumable = session->not_resumable;
|
1088
|
+
assert(!SSL_SESSION_early_data_capable(copy.get()));
|
1089
|
+
return copy.release();
|
1090
|
+
}
|
1091
|
+
|
1053
1092
|
SSL_SESSION *SSL_magic_pending_session_ptr(void) {
|
1054
1093
|
return (SSL_SESSION *)&g_pending_session_magic;
|
1055
1094
|
}
|
@@ -197,6 +197,9 @@ const char *SSL_alert_desc_string_long(int value) {
|
|
197
197
|
case TLS1_AD_NO_RENEGOTIATION:
|
198
198
|
return "no renegotiation";
|
199
199
|
|
200
|
+
case TLS1_AD_MISSING_EXTENSION:
|
201
|
+
return "missing extension";
|
202
|
+
|
200
203
|
case TLS1_AD_UNSUPPORTED_EXTENSION:
|
201
204
|
return "unsupported extension";
|
202
205
|
|
@@ -218,6 +221,9 @@ const char *SSL_alert_desc_string_long(int value) {
|
|
218
221
|
case TLS1_AD_CERTIFICATE_REQUIRED:
|
219
222
|
return "certificate required";
|
220
223
|
|
224
|
+
case TLS1_AD_NO_APPLICATION_PROTOCOL:
|
225
|
+
return "no application protocol";
|
226
|
+
|
221
227
|
default:
|
222
228
|
return "unknown";
|
223
229
|
}
|
@@ -193,11 +193,11 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version,
|
|
193
193
|
min_version = TLS1_3_VERSION;
|
194
194
|
}
|
195
195
|
|
196
|
-
//
|
197
|
-
//
|
198
|
-
//
|
199
|
-
//
|
200
|
-
//
|
196
|
+
// The |SSL_OP_NO_*| flags disable individual protocols. This has two
|
197
|
+
// problems. First, prior to TLS 1.3, the protocol can only express a
|
198
|
+
// contiguous range of versions. Second, a library consumer trying to set a
|
199
|
+
// maximum version cannot disable protocol versions that get added in a future
|
200
|
+
// version of the library.
|
201
201
|
//
|
202
202
|
// To account for both of these, OpenSSL interprets the client-side bitmask
|
203
203
|
// as a min/max range by picking the lowest contiguous non-empty range of
|
@@ -189,21 +189,36 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len,
|
|
189
189
|
return true;
|
190
190
|
}
|
191
191
|
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
192
|
+
static bool generate_key_block(const SSL *ssl, Span<uint8_t> out,
|
193
|
+
const SSL_SESSION *session) {
|
194
|
+
auto master_key =
|
195
|
+
MakeConstSpan(session->master_key, session->master_key_length);
|
196
|
+
static const char kLabel[] = "key expansion";
|
197
|
+
auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1);
|
198
|
+
|
199
|
+
const EVP_MD *digest = ssl_session_get_digest(session);
|
200
|
+
// Note this function assumes that |session|'s key material corresponds to
|
201
|
+
// |ssl->s3->client_random| and |ssl->s3->server_random|.
|
202
|
+
return tls1_prf(digest, out, master_key, label, ssl->s3->server_random,
|
203
|
+
ssl->s3->client_random);
|
204
|
+
}
|
205
|
+
|
206
|
+
bool tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
207
|
+
Array<uint8_t> *key_block_cache,
|
208
|
+
const SSL_SESSION *session,
|
209
|
+
Span<const uint8_t> iv_override) {
|
196
210
|
size_t mac_secret_len, key_len, iv_len;
|
197
|
-
if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len,
|
198
|
-
|
211
|
+
if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len,
|
212
|
+
session->cipher)) {
|
213
|
+
return false;
|
199
214
|
}
|
200
215
|
|
201
216
|
// Ensure that |key_block_cache| is set up.
|
202
217
|
const size_t key_block_size = 2 * (mac_secret_len + key_len + iv_len);
|
203
218
|
if (key_block_cache->empty()) {
|
204
219
|
if (!key_block_cache->Init(key_block_size) ||
|
205
|
-
!
|
206
|
-
return
|
220
|
+
!generate_key_block(ssl, MakeSpan(*key_block_cache), session)) {
|
221
|
+
return false;
|
207
222
|
}
|
208
223
|
}
|
209
224
|
assert(key_block_cache->size() == key_block_size);
|
@@ -224,28 +239,33 @@ int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
|
224
239
|
|
225
240
|
if (!iv_override.empty()) {
|
226
241
|
if (iv_override.size() != iv_len) {
|
227
|
-
return
|
242
|
+
return false;
|
228
243
|
}
|
229
244
|
iv = iv_override;
|
230
245
|
}
|
231
246
|
|
232
|
-
UniquePtr<SSLAEADContext> aead_ctx =
|
233
|
-
direction, ssl->version, SSL_is_dtls(ssl),
|
247
|
+
UniquePtr<SSLAEADContext> aead_ctx =
|
248
|
+
SSLAEADContext::Create(direction, ssl->version, SSL_is_dtls(ssl),
|
249
|
+
session->cipher, key, mac_secret, iv);
|
234
250
|
if (!aead_ctx) {
|
235
|
-
return
|
251
|
+
return false;
|
236
252
|
}
|
237
253
|
|
238
254
|
if (direction == evp_aead_open) {
|
239
|
-
return ssl->method->set_read_state(ssl,
|
255
|
+
return ssl->method->set_read_state(ssl, ssl_encryption_application,
|
256
|
+
std::move(aead_ctx),
|
257
|
+
/*secret_for_quic=*/{});
|
240
258
|
}
|
241
259
|
|
242
|
-
return ssl->method->set_write_state(ssl,
|
260
|
+
return ssl->method->set_write_state(ssl, ssl_encryption_application,
|
261
|
+
std::move(aead_ctx),
|
262
|
+
/*secret_for_quic=*/{});
|
243
263
|
}
|
244
264
|
|
245
|
-
|
246
|
-
|
265
|
+
bool tls1_change_cipher_state(SSL_HANDSHAKE *hs,
|
266
|
+
evp_aead_direction_t direction) {
|
247
267
|
return tls1_configure_aead(hs->ssl, direction, &hs->key_block,
|
248
|
-
hs
|
268
|
+
ssl_handshake_session(hs), {});
|
249
269
|
}
|
250
270
|
|
251
271
|
int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out,
|
@@ -282,6 +302,11 @@ BSSL_NAMESPACE_END
|
|
282
302
|
using namespace bssl;
|
283
303
|
|
284
304
|
size_t SSL_get_key_block_len(const SSL *ssl) {
|
305
|
+
// See |SSL_generate_key_block|.
|
306
|
+
if (SSL_in_init(ssl)) {
|
307
|
+
return 0;
|
308
|
+
}
|
309
|
+
|
285
310
|
size_t mac_secret_len, key_len, fixed_iv_len;
|
286
311
|
if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &fixed_iv_len,
|
287
312
|
SSL_get_current_cipher(ssl))) {
|
@@ -293,16 +318,16 @@ size_t SSL_get_key_block_len(const SSL *ssl) {
|
|
293
318
|
}
|
294
319
|
|
295
320
|
int SSL_generate_key_block(const SSL *ssl, uint8_t *out, size_t out_len) {
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
321
|
+
// Which cipher state to use is ambiguous during a handshake. In particular,
|
322
|
+
// there are points where read and write states are from different epochs.
|
323
|
+
// During a handshake, before ChangeCipherSpec, the encryption states may not
|
324
|
+
// match |ssl->s3->client_random| and |ssl->s3->server_random|.
|
325
|
+
if (SSL_in_init(ssl)) {
|
326
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
327
|
+
return 0;
|
328
|
+
}
|
302
329
|
|
303
|
-
|
304
|
-
return tls1_prf(digest, out_span, master_key, label, ssl->s3->server_random,
|
305
|
-
ssl->s3->client_random);
|
330
|
+
return generate_key_block(ssl, MakeSpan(out, out_len), SSL_get_session(ssl));
|
306
331
|
}
|
307
332
|
|
308
333
|
int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
|