grpc 1.28.0.pre2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8313 -11862
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
- data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
- data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/gprpp/sync.h +9 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +122 -41
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -139,12 +139,18 @@ static bool derive_secret(SSL_HANDSHAKE *hs, Span
|
|
139
139
|
|
140
140
|
bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
141
141
|
enum evp_aead_direction_t direction,
|
142
|
+
const SSL_SESSION *session,
|
142
143
|
Span<const uint8_t> traffic_secret) {
|
143
|
-
const SSL_SESSION *session = SSL_get_session(ssl);
|
144
144
|
uint16_t version = ssl_session_protocol_version(session);
|
145
|
-
|
146
145
|
UniquePtr<SSLAEADContext> traffic_aead;
|
147
|
-
|
146
|
+
Span<const uint8_t> secret_for_quic;
|
147
|
+
if (ssl->quic_method != nullptr) {
|
148
|
+
// Install a placeholder SSLAEADContext so that SSL accessors work. The
|
149
|
+
// encryption itself will be handled by the SSL_QUIC_METHOD.
|
150
|
+
traffic_aead =
|
151
|
+
SSLAEADContext::CreatePlaceholderForQUIC(version, session->cipher);
|
152
|
+
secret_for_quic = traffic_secret;
|
153
|
+
} else {
|
148
154
|
// Look up cipher suite properties.
|
149
155
|
const EVP_AEAD *aead;
|
150
156
|
size_t discard;
|
@@ -173,34 +179,15 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
|
173
179
|
return false;
|
174
180
|
}
|
175
181
|
|
176
|
-
|
177
182
|
traffic_aead = SSLAEADContext::Create(direction, session->ssl_version,
|
178
183
|
SSL_is_dtls(ssl), session->cipher,
|
179
184
|
key, Span<const uint8_t>(), iv);
|
180
|
-
} else {
|
181
|
-
// Install a placeholder SSLAEADContext so that SSL accessors work. The
|
182
|
-
// encryption itself will be handled by the SSL_QUIC_METHOD.
|
183
|
-
traffic_aead =
|
184
|
-
SSLAEADContext::CreatePlaceholderForQUIC(version, session->cipher);
|
185
|
-
// QUIC never installs early data keys at the TLS layer.
|
186
|
-
assert(level != ssl_encryption_early_data);
|
187
185
|
}
|
188
186
|
|
189
187
|
if (!traffic_aead) {
|
190
188
|
return false;
|
191
189
|
}
|
192
190
|
|
193
|
-
if (direction == evp_aead_open) {
|
194
|
-
if (!ssl->method->set_read_state(ssl, std::move(traffic_aead))) {
|
195
|
-
return false;
|
196
|
-
}
|
197
|
-
} else {
|
198
|
-
if (!ssl->method->set_write_state(ssl, std::move(traffic_aead))) {
|
199
|
-
return false;
|
200
|
-
}
|
201
|
-
}
|
202
|
-
|
203
|
-
// Save the traffic secret.
|
204
191
|
if (traffic_secret.size() >
|
205
192
|
OPENSSL_ARRAY_SIZE(ssl->s3->read_traffic_secret) ||
|
206
193
|
traffic_secret.size() >
|
@@ -208,16 +195,23 @@ bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
|
208
195
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
209
196
|
return false;
|
210
197
|
}
|
198
|
+
|
211
199
|
if (direction == evp_aead_open) {
|
200
|
+
if (!ssl->method->set_read_state(ssl, level, std::move(traffic_aead),
|
201
|
+
secret_for_quic)) {
|
202
|
+
return false;
|
203
|
+
}
|
212
204
|
OPENSSL_memmove(ssl->s3->read_traffic_secret, traffic_secret.data(),
|
213
205
|
traffic_secret.size());
|
214
206
|
ssl->s3->read_traffic_secret_len = traffic_secret.size();
|
215
|
-
ssl->s3->read_level = level;
|
216
207
|
} else {
|
208
|
+
if (!ssl->method->set_write_state(ssl, level, std::move(traffic_aead),
|
209
|
+
secret_for_quic)) {
|
210
|
+
return false;
|
211
|
+
}
|
217
212
|
OPENSSL_memmove(ssl->s3->write_traffic_secret, traffic_secret.data(),
|
218
213
|
traffic_secret.size());
|
219
214
|
ssl->s3->write_traffic_secret_len = traffic_secret.size();
|
220
|
-
ssl->s3->write_level = level;
|
221
215
|
}
|
222
216
|
|
223
217
|
return true;
|
@@ -243,47 +237,6 @@ bool tls13_derive_early_secret(SSL_HANDSHAKE *hs) {
|
|
243
237
|
return true;
|
244
238
|
}
|
245
239
|
|
246
|
-
bool tls13_set_early_secret_for_quic(SSL_HANDSHAKE *hs) {
|
247
|
-
SSL *const ssl = hs->ssl;
|
248
|
-
if (ssl->quic_method == nullptr) {
|
249
|
-
return true;
|
250
|
-
}
|
251
|
-
if (ssl->server) {
|
252
|
-
if (!ssl->quic_method->set_encryption_secrets(
|
253
|
-
ssl, ssl_encryption_early_data, hs->early_traffic_secret().data(),
|
254
|
-
/*write_secret=*/nullptr, hs->early_traffic_secret().size())) {
|
255
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR);
|
256
|
-
return false;
|
257
|
-
}
|
258
|
-
} else {
|
259
|
-
if (!ssl->quic_method->set_encryption_secrets(
|
260
|
-
ssl, ssl_encryption_early_data, /*read_secret=*/nullptr,
|
261
|
-
hs->early_traffic_secret().data(),
|
262
|
-
hs->early_traffic_secret().size())) {
|
263
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR);
|
264
|
-
return false;
|
265
|
-
}
|
266
|
-
}
|
267
|
-
return true;
|
268
|
-
}
|
269
|
-
|
270
|
-
static bool set_quic_secrets(SSL_HANDSHAKE *hs, ssl_encryption_level_t level,
|
271
|
-
Span<const uint8_t> client_write_secret,
|
272
|
-
Span<const uint8_t> server_write_secret) {
|
273
|
-
SSL *const ssl = hs->ssl;
|
274
|
-
assert(client_write_secret.size() == server_write_secret.size());
|
275
|
-
if (ssl->quic_method == nullptr) {
|
276
|
-
return true;
|
277
|
-
}
|
278
|
-
if (!ssl->server) {
|
279
|
-
std::swap(client_write_secret, server_write_secret);
|
280
|
-
}
|
281
|
-
return ssl->quic_method->set_encryption_secrets(
|
282
|
-
ssl, level,
|
283
|
-
/*read_secret=*/client_write_secret.data(),
|
284
|
-
/*write_secret=*/server_write_secret.data(), client_write_secret.size());
|
285
|
-
}
|
286
|
-
|
287
240
|
bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) {
|
288
241
|
SSL *const ssl = hs->ssl;
|
289
242
|
if (!derive_secret(hs, hs->client_handshake_secret(),
|
@@ -293,10 +246,7 @@ bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs) {
|
|
293
246
|
!derive_secret(hs, hs->server_handshake_secret(),
|
294
247
|
label_to_span(kTLS13LabelServerHandshakeTraffic)) ||
|
295
248
|
!ssl_log_secret(ssl, "SERVER_HANDSHAKE_TRAFFIC_SECRET",
|
296
|
-
hs->server_handshake_secret())
|
297
|
-
!set_quic_secrets(hs, ssl_encryption_handshake,
|
298
|
-
hs->client_handshake_secret(),
|
299
|
-
hs->server_handshake_secret())) {
|
249
|
+
hs->server_handshake_secret())) {
|
300
250
|
return false;
|
301
251
|
}
|
302
252
|
|
@@ -319,10 +269,7 @@ bool tls13_derive_application_secrets(SSL_HANDSHAKE *hs) {
|
|
319
269
|
label_to_span(kTLS13LabelExporter)) ||
|
320
270
|
!ssl_log_secret(ssl, "EXPORTER_SECRET",
|
321
271
|
MakeConstSpan(ssl->s3->exporter_secret,
|
322
|
-
ssl->s3->exporter_secret_len))
|
323
|
-
!set_quic_secrets(hs, ssl_encryption_application,
|
324
|
-
hs->client_traffic_secret_0(),
|
325
|
-
hs->server_traffic_secret_0())) {
|
272
|
+
ssl->s3->exporter_secret_len))) {
|
326
273
|
return false;
|
327
274
|
}
|
328
275
|
|
@@ -341,11 +288,12 @@ bool tls13_rotate_traffic_key(SSL *ssl, enum evp_aead_direction_t direction) {
|
|
341
288
|
ssl->s3->write_traffic_secret_len);
|
342
289
|
}
|
343
290
|
|
344
|
-
const
|
291
|
+
const SSL_SESSION *session = SSL_get_session(ssl);
|
292
|
+
const EVP_MD *digest = ssl_session_get_digest(session);
|
345
293
|
return hkdf_expand_label(secret, digest, secret,
|
346
294
|
label_to_span(kTLS13LabelApplicationTraffic), {}) &&
|
347
295
|
tls13_set_traffic_key(ssl, ssl_encryption_application, direction,
|
348
|
-
secret);
|
296
|
+
session, secret);
|
349
297
|
}
|
350
298
|
|
351
299
|
static const char kTLS13LabelResumption[] = "res master";
|
@@ -127,7 +127,10 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) {
|
|
127
127
|
return false;
|
128
128
|
}
|
129
129
|
session->ticket_age_add_valid = true;
|
130
|
-
|
130
|
+
bool enable_early_data =
|
131
|
+
ssl->enable_early_data &&
|
132
|
+
(!ssl->quic_method || !ssl->config->quic_early_data_context.empty());
|
133
|
+
if (enable_early_data) {
|
131
134
|
// QUIC does not use the max_early_data_size parameter and always sets it
|
132
135
|
// to a fixed value. See draft-ietf-quic-tls-22, section 4.5.
|
133
136
|
session->ticket_max_early_data =
|
@@ -152,7 +155,7 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) {
|
|
152
155
|
return false;
|
153
156
|
}
|
154
157
|
|
155
|
-
if (
|
158
|
+
if (enable_early_data) {
|
156
159
|
CBB early_data;
|
157
160
|
if (!CBB_add_u16(&extensions, TLSEXT_TYPE_early_data) ||
|
158
161
|
!CBB_add_u16_length_prefixed(&extensions, &early_data) ||
|
@@ -309,6 +312,23 @@ static enum ssl_ticket_aead_result_t select_session(
|
|
309
312
|
return ssl_ticket_aead_success;
|
310
313
|
}
|
311
314
|
|
315
|
+
static bool quic_ticket_compatible(const SSL_SESSION *session,
|
316
|
+
const SSL_CONFIG *config) {
|
317
|
+
if (!session->is_quic) {
|
318
|
+
return true;
|
319
|
+
}
|
320
|
+
|
321
|
+
if (session->quic_early_data_context.empty() ||
|
322
|
+
config->quic_early_data_context.size() !=
|
323
|
+
session->quic_early_data_context.size() ||
|
324
|
+
CRYPTO_memcmp(config->quic_early_data_context.data(),
|
325
|
+
session->quic_early_data_context.data(),
|
326
|
+
session->quic_early_data_context.size()) != 0) {
|
327
|
+
return false;
|
328
|
+
}
|
329
|
+
return true;
|
330
|
+
}
|
331
|
+
|
312
332
|
static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
313
333
|
SSL *const ssl = hs->ssl;
|
314
334
|
SSLMessage msg;
|
@@ -352,6 +372,10 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
352
372
|
return ssl_hs_error;
|
353
373
|
}
|
354
374
|
|
375
|
+
// |ssl_session_is_resumable| forbids cross-cipher resumptions even if the
|
376
|
+
// PRF hashes match.
|
377
|
+
assert(hs->new_cipher == session->cipher);
|
378
|
+
|
355
379
|
if (!ssl->enable_early_data) {
|
356
380
|
ssl->s3->early_data_reason = ssl_early_data_disabled;
|
357
381
|
} else if (session->ticket_max_early_data == 0) {
|
@@ -370,6 +394,8 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
370
394
|
} else if (ssl->s3->ticket_age_skew < -kMaxTicketAgeSkewSeconds ||
|
371
395
|
kMaxTicketAgeSkewSeconds < ssl->s3->ticket_age_skew) {
|
372
396
|
ssl->s3->early_data_reason = ssl_early_data_ticket_age_skew;
|
397
|
+
} else if (!quic_ticket_compatible(session.get(), hs->config)) {
|
398
|
+
ssl->s3->early_data_reason = ssl_early_data_quic_parameter_mismatch;
|
373
399
|
} else {
|
374
400
|
ssl->s3->early_data_reason = ssl_early_data_accepted;
|
375
401
|
ssl->s3->early_data_accepted = true;
|
@@ -558,6 +584,13 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
|
|
558
584
|
return ssl_hs_error;
|
559
585
|
}
|
560
586
|
|
587
|
+
// ClientHello should be the end of the flight.
|
588
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
589
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
590
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
591
|
+
return ssl_hs_error;
|
592
|
+
}
|
593
|
+
|
561
594
|
ssl->method->next_message(ssl);
|
562
595
|
hs->tls13_state = state13_send_server_hello;
|
563
596
|
return ssl_hs_ok;
|
@@ -593,6 +626,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
593
626
|
// Derive and enable the handshake traffic secrets.
|
594
627
|
if (!tls13_derive_handshake_secrets(hs) ||
|
595
628
|
!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal,
|
629
|
+
hs->new_session.get(),
|
596
630
|
hs->server_handshake_secret())) {
|
597
631
|
return ssl_hs_error;
|
598
632
|
}
|
@@ -627,7 +661,7 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
627
661
|
!CBB_add_u16_length_prefixed(&cert_request_extensions,
|
628
662
|
&sigalg_contents) ||
|
629
663
|
!CBB_add_u16_length_prefixed(&sigalg_contents, &sigalgs_cbb) ||
|
630
|
-
!tls12_add_verify_sigalgs(
|
664
|
+
!tls12_add_verify_sigalgs(hs, &sigalgs_cbb)) {
|
631
665
|
return ssl_hs_error;
|
632
666
|
}
|
633
667
|
|
@@ -693,24 +727,19 @@ static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
|
|
693
727
|
hs, MakeConstSpan(kZeroes, hs->transcript.DigestLen())) ||
|
694
728
|
!tls13_derive_application_secrets(hs) ||
|
695
729
|
!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
|
730
|
+
hs->new_session.get(),
|
696
731
|
hs->server_traffic_secret_0())) {
|
697
732
|
return ssl_hs_error;
|
698
733
|
}
|
699
734
|
|
700
|
-
|
701
|
-
|
702
|
-
|
703
|
-
// reject 0-RTT. We only release the secret after 0-RTT is fully resolved.
|
704
|
-
//
|
705
|
-
// Second, 0-RTT data is acknowledged with 1-RTT keys. Both are derived as
|
706
|
-
// part of the ServerHello flight, but future TLS extensions may insert an
|
707
|
-
// asynchronous point in the middle of this flight. We defer releasing the
|
708
|
-
// 0-RTT keys to ensure the QUIC implementation never installs read keys
|
709
|
-
// without the write keys to send the corresponding ACKs.
|
710
|
-
if (!tls13_set_early_secret_for_quic(hs)) {
|
711
|
-
return ssl_hs_error;
|
712
|
-
}
|
735
|
+
hs->tls13_state = state13_send_half_rtt_ticket;
|
736
|
+
return hs->handback ? ssl_hs_handback : ssl_hs_ok;
|
737
|
+
}
|
713
738
|
|
739
|
+
static enum ssl_hs_wait_t do_send_half_rtt_ticket(SSL_HANDSHAKE *hs) {
|
740
|
+
SSL *const ssl = hs->ssl;
|
741
|
+
|
742
|
+
if (ssl->s3->early_data_accepted) {
|
714
743
|
// If accepting 0-RTT, we send tickets half-RTT. This gets the tickets on
|
715
744
|
// the wire sooner and also avoids triggering a write on |SSL_read| when
|
716
745
|
// processing the client Finished. This requires computing the client
|
@@ -759,9 +788,8 @@ static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
|
|
759
788
|
static enum ssl_hs_wait_t do_read_second_client_flight(SSL_HANDSHAKE *hs) {
|
760
789
|
SSL *const ssl = hs->ssl;
|
761
790
|
if (ssl->s3->early_data_accepted) {
|
762
|
-
|
763
|
-
|
764
|
-
!tls13_set_traffic_key(ssl, ssl_encryption_early_data, evp_aead_open,
|
791
|
+
if (!tls13_set_traffic_key(ssl, ssl_encryption_early_data, evp_aead_open,
|
792
|
+
hs->new_session.get(),
|
765
793
|
hs->early_traffic_secret())) {
|
766
794
|
return ssl_hs_error;
|
767
795
|
}
|
@@ -775,6 +803,7 @@ static enum ssl_hs_wait_t do_read_second_client_flight(SSL_HANDSHAKE *hs) {
|
|
775
803
|
// return.
|
776
804
|
if (ssl->quic_method != nullptr) {
|
777
805
|
if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
|
806
|
+
hs->new_session.get(),
|
778
807
|
hs->client_handshake_secret())) {
|
779
808
|
return ssl_hs_error;
|
780
809
|
}
|
@@ -807,12 +836,10 @@ static enum ssl_hs_wait_t do_process_end_of_early_data(SSL_HANDSHAKE *hs) {
|
|
807
836
|
ssl->method->next_message(ssl);
|
808
837
|
}
|
809
838
|
if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
|
839
|
+
hs->new_session.get(),
|
810
840
|
hs->client_handshake_secret())) {
|
811
841
|
return ssl_hs_error;
|
812
842
|
}
|
813
|
-
if (hs->handback) {
|
814
|
-
return ssl_hs_handback;
|
815
|
-
}
|
816
843
|
hs->tls13_state = state13_read_client_certificate;
|
817
844
|
return ssl_hs_ok;
|
818
845
|
}
|
@@ -920,6 +947,7 @@ static enum ssl_hs_wait_t do_read_client_finished(SSL_HANDSHAKE *hs) {
|
|
920
947
|
!tls13_process_finished(hs, msg, ssl->s3->early_data_accepted) ||
|
921
948
|
// evp_aead_seal keys have already been switched.
|
922
949
|
!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_open,
|
950
|
+
hs->new_session.get(),
|
923
951
|
hs->client_traffic_secret_0())) {
|
924
952
|
return ssl_hs_error;
|
925
953
|
}
|
@@ -986,6 +1014,9 @@ enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs) {
|
|
986
1014
|
case state13_send_server_finished:
|
987
1015
|
ret = do_send_server_finished(hs);
|
988
1016
|
break;
|
1017
|
+
case state13_send_half_rtt_ticket:
|
1018
|
+
ret = do_send_half_rtt_ticket(hs);
|
1019
|
+
break;
|
989
1020
|
case state13_read_second_client_flight:
|
990
1021
|
ret = do_read_second_client_flight(hs);
|
991
1022
|
break;
|
@@ -1040,6 +1071,8 @@ const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs) {
|
|
1040
1071
|
return "TLS 1.3 server send_server_hello";
|
1041
1072
|
case state13_send_server_certificate_verify:
|
1042
1073
|
return "TLS 1.3 server send_server_certificate_verify";
|
1074
|
+
case state13_send_half_rtt_ticket:
|
1075
|
+
return "TLS 1.3 server send_half_rtt_ticket";
|
1043
1076
|
case state13_send_server_finished:
|
1044
1077
|
return "TLS 1.3 server send_server_finished";
|
1045
1078
|
case state13_read_second_client_flight:
|
@@ -67,62 +67,100 @@
|
|
67
67
|
|
68
68
|
BSSL_NAMESPACE_BEGIN
|
69
69
|
|
70
|
-
static void
|
70
|
+
static void tls_on_handshake_complete(SSL *ssl) {
|
71
71
|
// The handshake should have released its final message.
|
72
72
|
assert(!ssl->s3->has_message);
|
73
73
|
|
74
74
|
// During the handshake, |hs_buf| is retained. Release if it there is no
|
75
|
-
// excess in it. There
|
76
|
-
//
|
77
|
-
//
|
78
|
-
//
|
75
|
+
// excess in it. There should not be any excess because the handshake logic
|
76
|
+
// rejects unprocessed data after each Finished message. Note this means we do
|
77
|
+
// not allow a TLS 1.2 HelloRequest to be packed into the same record as
|
78
|
+
// Finished. (Schannel also rejects this.)
|
79
|
+
assert(!ssl->s3->hs_buf || ssl->s3->hs_buf->length == 0);
|
79
80
|
if (ssl->s3->hs_buf && ssl->s3->hs_buf->length == 0) {
|
80
81
|
ssl->s3->hs_buf.reset();
|
81
82
|
}
|
82
83
|
}
|
83
84
|
|
84
|
-
static bool
|
85
|
+
static bool tls_set_read_state(SSL *ssl, ssl_encryption_level_t level,
|
86
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
87
|
+
Span<const uint8_t> secret_for_quic) {
|
85
88
|
// Cipher changes are forbidden if the current epoch has leftover data.
|
86
89
|
if (tls_has_unprocessed_handshake_data(ssl)) {
|
87
|
-
OPENSSL_PUT_ERROR(SSL,
|
90
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
88
91
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
89
92
|
return false;
|
90
93
|
}
|
91
94
|
|
95
|
+
if (ssl->quic_method != nullptr) {
|
96
|
+
if (!ssl->quic_method->set_read_secret(ssl, level, aead_ctx->cipher(),
|
97
|
+
secret_for_quic.data(),
|
98
|
+
secret_for_quic.size())) {
|
99
|
+
return false;
|
100
|
+
}
|
101
|
+
|
102
|
+
// QUIC only uses |ssl| for handshake messages, which never use early data
|
103
|
+
// keys, so we return without installing anything. This avoids needing to
|
104
|
+
// have two secrets active at once in 0-RTT.
|
105
|
+
if (level == ssl_encryption_early_data) {
|
106
|
+
return true;
|
107
|
+
}
|
108
|
+
}
|
109
|
+
|
92
110
|
OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
|
93
111
|
ssl->s3->aead_read_ctx = std::move(aead_ctx);
|
112
|
+
ssl->s3->read_level = level;
|
94
113
|
return true;
|
95
114
|
}
|
96
115
|
|
97
|
-
static bool
|
116
|
+
static bool tls_set_write_state(SSL *ssl, ssl_encryption_level_t level,
|
117
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
118
|
+
Span<const uint8_t> secret_for_quic) {
|
98
119
|
if (!tls_flush_pending_hs_data(ssl)) {
|
99
120
|
return false;
|
100
121
|
}
|
101
122
|
|
123
|
+
if (ssl->quic_method != nullptr) {
|
124
|
+
if (!ssl->quic_method->set_write_secret(ssl, level, aead_ctx->cipher(),
|
125
|
+
secret_for_quic.data(),
|
126
|
+
secret_for_quic.size())) {
|
127
|
+
return false;
|
128
|
+
}
|
129
|
+
|
130
|
+
// QUIC only uses |ssl| for handshake messages, which never use early data
|
131
|
+
// keys, so we return without installing anything. This avoids needing to
|
132
|
+
// have two secrets active at once in 0-RTT.
|
133
|
+
if (level == ssl_encryption_early_data) {
|
134
|
+
return true;
|
135
|
+
}
|
136
|
+
}
|
137
|
+
|
102
138
|
OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
|
103
139
|
ssl->s3->aead_write_ctx = std::move(aead_ctx);
|
140
|
+
ssl->s3->write_level = level;
|
104
141
|
return true;
|
105
142
|
}
|
106
143
|
|
107
144
|
static const SSL_PROTOCOL_METHOD kTLSProtocolMethod = {
|
108
145
|
false /* is_dtls */,
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
146
|
+
tls_new,
|
147
|
+
tls_free,
|
148
|
+
tls_get_message,
|
149
|
+
tls_next_message,
|
150
|
+
tls_has_unprocessed_handshake_data,
|
151
|
+
tls_open_handshake,
|
152
|
+
tls_open_change_cipher_spec,
|
153
|
+
tls_open_app_data,
|
154
|
+
tls_write_app_data,
|
155
|
+
tls_dispatch_alert,
|
156
|
+
tls_init_message,
|
157
|
+
tls_finish_message,
|
158
|
+
tls_add_message,
|
159
|
+
tls_add_change_cipher_spec,
|
160
|
+
tls_flush_flight,
|
161
|
+
tls_on_handshake_complete,
|
162
|
+
tls_set_read_state,
|
163
|
+
tls_set_write_state,
|
126
164
|
};
|
127
165
|
|
128
166
|
static bool ssl_noop_x509_check_client_CA_names(
|