grpc 1.28.0 → 1.30.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +7694 -11190
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +22 -9
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +19 -21
- data/include/grpc/impl/codegen/port_platform.h +6 -2
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +203 -236
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
- data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
- data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
- data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +2 -26
- data/src/core/lib/gpr/string.h +0 -16
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +2 -3
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
- data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +2 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +1 -0
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
- data/src/core/lib/iomgr/resource_quota.cc +4 -6
- data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
- data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
- data/src/core/lib/iomgr/tcp_custom.cc +2 -3
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +2 -3
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +9 -14
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +5 -5
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +8 -59
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +14 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +2 -3
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +33 -33
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +570 -369
- data/src/core/lib/surface/server.h +32 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +3 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +52 -39
- data/src/core/tsi/ssl_transport_security.h +8 -8
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +3 -3
- data/src/ruby/ext/grpc/rb_call.c +9 -1
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +5 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -0
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +329 -297
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- metadata +111 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
|
@@ -471,6 +471,13 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
|
471
471
|
ssl->s3->previous_server_finished_len = finished_len;
|
|
472
472
|
}
|
|
473
473
|
|
|
474
|
+
// The Finished message should be the end of a flight.
|
|
475
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
|
476
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
|
477
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
|
478
|
+
return ssl_hs_error;
|
|
479
|
+
}
|
|
480
|
+
|
|
474
481
|
ssl->method->next_message(ssl);
|
|
475
482
|
return ssl_hs_ok;
|
|
476
483
|
}
|
|
@@ -621,10 +628,15 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
|
621
628
|
hs->wait = ssl_hs_ok;
|
|
622
629
|
return -1;
|
|
623
630
|
|
|
624
|
-
case ssl_hs_handback:
|
|
631
|
+
case ssl_hs_handback: {
|
|
632
|
+
int ret = ssl->method->flush_flight(ssl);
|
|
633
|
+
if (ret <= 0) {
|
|
634
|
+
return ret;
|
|
635
|
+
}
|
|
625
636
|
ssl->s3->rwstate = SSL_ERROR_HANDBACK;
|
|
626
637
|
hs->wait = ssl_hs_handback;
|
|
627
638
|
return -1;
|
|
639
|
+
}
|
|
628
640
|
|
|
629
641
|
case ssl_hs_x509_lookup:
|
|
630
642
|
ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
|
|
@@ -658,9 +670,8 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
|
658
670
|
|
|
659
671
|
case ssl_hs_early_data_rejected:
|
|
660
672
|
assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
|
|
673
|
+
assert(!hs->can_early_write);
|
|
661
674
|
ssl->s3->rwstate = SSL_ERROR_EARLY_DATA_REJECTED;
|
|
662
|
-
// Cause |SSL_write| to start failing immediately.
|
|
663
|
-
hs->can_early_write = false;
|
|
664
675
|
return -1;
|
|
665
676
|
|
|
666
677
|
case ssl_hs_early_return:
|
|
@@ -406,7 +406,8 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
|
|
406
406
|
(ssl->session->session_id_length == 0 &&
|
|
407
407
|
ssl->session->ticket.empty()) ||
|
|
408
408
|
ssl->session->not_resumable ||
|
|
409
|
-
!ssl_session_is_time_valid(ssl, ssl->session.get())
|
|
409
|
+
!ssl_session_is_time_valid(ssl, ssl->session.get()) ||
|
|
410
|
+
(ssl->quic_method != nullptr) != ssl->session->is_quic) {
|
|
410
411
|
ssl_set_session(ssl, NULL);
|
|
411
412
|
}
|
|
412
413
|
}
|
|
@@ -415,17 +416,20 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
|
|
|
415
416
|
return ssl_hs_error;
|
|
416
417
|
}
|
|
417
418
|
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
419
|
+
// Never send a session ID in QUIC. QUIC uses TLS 1.3 at a minimum and
|
|
420
|
+
// disables TLS 1.3 middlebox compatibility mode.
|
|
421
|
+
if (ssl->quic_method == nullptr) {
|
|
422
|
+
if (ssl->session != nullptr && !ssl->s3->initial_handshake_complete &&
|
|
423
|
+
ssl->session->session_id_length > 0) {
|
|
424
|
+
hs->session_id_len = ssl->session->session_id_length;
|
|
425
|
+
OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
|
|
426
|
+
hs->session_id_len);
|
|
427
|
+
} else if (hs->max_version >= TLS1_3_VERSION) {
|
|
428
|
+
// Initialize a random session ID.
|
|
429
|
+
hs->session_id_len = sizeof(hs->session_id);
|
|
430
|
+
if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
|
|
431
|
+
return ssl_hs_error;
|
|
432
|
+
}
|
|
429
433
|
}
|
|
430
434
|
}
|
|
431
435
|
|
|
@@ -461,11 +465,6 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
|
|
|
461
465
|
!tls13_derive_early_secret(hs)) {
|
|
462
466
|
return ssl_hs_error;
|
|
463
467
|
}
|
|
464
|
-
if (ssl->quic_method == nullptr &&
|
|
465
|
-
!tls13_set_traffic_key(ssl, ssl_encryption_early_data, evp_aead_seal,
|
|
466
|
-
hs->early_traffic_secret())) {
|
|
467
|
-
return ssl_hs_error;
|
|
468
|
-
}
|
|
469
468
|
|
|
470
469
|
// Stash the early data session, so connection properties may be queried out
|
|
471
470
|
// of it.
|
|
@@ -496,7 +495,9 @@ static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs
|
|
|
496
495
|
|
|
497
496
|
// Defer releasing the 0-RTT key to after certificate reverification, so the
|
|
498
497
|
// QUIC implementation does not accidentally write data too early.
|
|
499
|
-
if (!
|
|
498
|
+
if (!tls13_set_traffic_key(hs->ssl, ssl_encryption_early_data, evp_aead_seal,
|
|
499
|
+
hs->early_session.get(),
|
|
500
|
+
hs->early_traffic_secret())) {
|
|
500
501
|
return ssl_hs_error;
|
|
501
502
|
}
|
|
502
503
|
|
|
@@ -1050,7 +1051,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
|
|
|
1050
1051
|
return ssl_hs_error;
|
|
1051
1052
|
}
|
|
1052
1053
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
|
1053
|
-
if (!tls12_check_peer_sigalg(
|
|
1054
|
+
if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
|
|
1054
1055
|
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
1055
1056
|
return ssl_hs_error;
|
|
1056
1057
|
}
|
|
@@ -1201,6 +1202,13 @@ static enum ssl_hs_wait_t do_read_server_hello_done(SSL_HANDSHAKE *hs) {
|
|
|
1201
1202
|
return ssl_hs_error;
|
|
1202
1203
|
}
|
|
1203
1204
|
|
|
1205
|
+
// ServerHelloDone should be the end of the flight.
|
|
1206
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
|
1207
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
|
1208
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
|
1209
|
+
return ssl_hs_error;
|
|
1210
|
+
}
|
|
1211
|
+
|
|
1204
1212
|
ssl->method->next_message(ssl);
|
|
1205
1213
|
hs->state = state_send_client_certificate;
|
|
1206
1214
|
return ssl_hs_ok;
|
|
@@ -1273,7 +1281,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
|
1273
1281
|
ssl_key_usage_t intended_use = (alg_k & SSL_kRSA)
|
|
1274
1282
|
? key_usage_encipherment
|
|
1275
1283
|
: key_usage_digital_signature;
|
|
1276
|
-
if (
|
|
1284
|
+
if (hs->config->enforce_rsa_key_usage ||
|
|
1277
1285
|
EVP_PKEY_id(hs->peer_pubkey.get()) != EVP_PKEY_RSA) {
|
|
1278
1286
|
if (!ssl_cert_check_key_usage(&leaf_cbs, intended_use)) {
|
|
1279
1287
|
return ssl_hs_error;
|
|
@@ -325,7 +325,7 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
|
|
|
325
325
|
*out_mask_a = mask_a;
|
|
326
326
|
}
|
|
327
327
|
|
|
328
|
-
static const SSL_CIPHER *
|
|
328
|
+
static const SSL_CIPHER *choose_cipher(
|
|
329
329
|
SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
|
|
330
330
|
const SSLCipherPreferenceList *server_pref) {
|
|
331
331
|
SSL *const ssl = hs->ssl;
|
|
@@ -569,6 +569,14 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
|
|
|
569
569
|
return ssl_hs_error;
|
|
570
570
|
}
|
|
571
571
|
|
|
572
|
+
// ClientHello should be the end of the flight. We check this early to cover
|
|
573
|
+
// all protocol versions.
|
|
574
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
|
575
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
|
576
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
|
577
|
+
return ssl_hs_error;
|
|
578
|
+
}
|
|
579
|
+
|
|
572
580
|
if (hs->config->handoff) {
|
|
573
581
|
return ssl_hs_handoff;
|
|
574
582
|
}
|
|
@@ -699,7 +707,7 @@ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
|
|
|
699
707
|
SSLCipherPreferenceList *prefs = hs->config->cipher_list
|
|
700
708
|
? hs->config->cipher_list.get()
|
|
701
709
|
: ssl->ctx->cipher_list.get();
|
|
702
|
-
hs->new_cipher =
|
|
710
|
+
hs->new_cipher = choose_cipher(hs, &client_hello, prefs);
|
|
703
711
|
if (hs->new_cipher == NULL) {
|
|
704
712
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
|
|
705
713
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
|
@@ -1094,7 +1102,7 @@ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) {
|
|
|
1094
1102
|
!CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
|
|
1095
1103
|
(ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
|
|
1096
1104
|
(!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
|
|
1097
|
-
!tls12_add_verify_sigalgs(
|
|
1105
|
+
!tls12_add_verify_sigalgs(hs, &sigalgs_cbb))) ||
|
|
1098
1106
|
!ssl_add_client_CA_list(hs, &body) ||
|
|
1099
1107
|
!ssl_add_message_cbb(ssl, cbb.get())) {
|
|
1100
1108
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
@@ -1439,7 +1447,7 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
|
1439
1447
|
return ssl_hs_error;
|
|
1440
1448
|
}
|
|
1441
1449
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
|
1442
|
-
if (!tls12_check_peer_sigalg(
|
|
1450
|
+
if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
|
|
1443
1451
|
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
1444
1452
|
return ssl_hs_error;
|
|
1445
1453
|
}
|
|
@@ -1356,23 +1356,17 @@ bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, Span
|
|
|
1356
1356
|
bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, Span<const uint8_t> in);
|
|
1357
1357
|
|
|
1358
1358
|
// tls13_set_traffic_key sets the read or write traffic keys to
|
|
1359
|
-
// |traffic_secret|.
|
|
1359
|
+
// |traffic_secret|. The version and cipher suite are determined from |session|.
|
|
1360
|
+
// It returns true on success and false on error.
|
|
1360
1361
|
bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
|
|
1361
1362
|
enum evp_aead_direction_t direction,
|
|
1363
|
+
const SSL_SESSION *session,
|
|
1362
1364
|
Span<const uint8_t> traffic_secret);
|
|
1363
1365
|
|
|
1364
1366
|
// tls13_derive_early_secret derives the early traffic secret. It returns true
|
|
1365
|
-
// on success and false on error.
|
|
1366
|
-
// function does not pass the keys to QUIC. Call
|
|
1367
|
-
// |tls13_set_early_secret_for_quic| to do so. This is done to due to an
|
|
1368
|
-
// ordering complication around resolving HelloRetryRequest on the server.
|
|
1367
|
+
// on success and false on error.
|
|
1369
1368
|
bool tls13_derive_early_secret(SSL_HANDSHAKE *hs);
|
|
1370
1369
|
|
|
1371
|
-
// tls13_set_early_secret_for_quic passes the early traffic secrets, as
|
|
1372
|
-
// derived by |tls13_derive_early_secret|, to QUIC. It returns true on success
|
|
1373
|
-
// and false on error.
|
|
1374
|
-
bool tls13_set_early_secret_for_quic(SSL_HANDSHAKE *hs);
|
|
1375
|
-
|
|
1376
1370
|
// tls13_derive_handshake_secrets derives the handshake traffic secret. It
|
|
1377
1371
|
// returns true on success and false on error.
|
|
1378
1372
|
bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs);
|
|
@@ -1485,6 +1479,7 @@ enum tls13_server_hs_state_t {
|
|
|
1485
1479
|
state13_send_server_hello,
|
|
1486
1480
|
state13_send_server_certificate_verify,
|
|
1487
1481
|
state13_send_server_finished,
|
|
1482
|
+
state13_send_half_rtt_ticket,
|
|
1488
1483
|
state13_read_second_client_flight,
|
|
1489
1484
|
state13_process_end_of_early_data,
|
|
1490
1485
|
state13_read_client_certificate,
|
|
@@ -1498,10 +1493,11 @@ enum tls13_server_hs_state_t {
|
|
|
1498
1493
|
// handback_t lists the points in the state machine where a handback can occur.
|
|
1499
1494
|
// These are the different points at which key material is no longer needed.
|
|
1500
1495
|
enum handback_t {
|
|
1501
|
-
handback_after_session_resumption,
|
|
1502
|
-
handback_after_ecdhe,
|
|
1503
|
-
handback_after_handshake,
|
|
1504
|
-
handback_tls13,
|
|
1496
|
+
handback_after_session_resumption = 0,
|
|
1497
|
+
handback_after_ecdhe = 1,
|
|
1498
|
+
handback_after_handshake = 2,
|
|
1499
|
+
handback_tls13 = 3,
|
|
1500
|
+
handback_max_value = handback_tls13,
|
|
1505
1501
|
};
|
|
1506
1502
|
|
|
1507
1503
|
|
|
@@ -1999,12 +1995,12 @@ Span
|
|
|
1999
1995
|
|
|
2000
1996
|
// tls12_add_verify_sigalgs adds the signature algorithms acceptable for the
|
|
2001
1997
|
// peer signature to |out|. It returns true on success and false on error.
|
|
2002
|
-
bool tls12_add_verify_sigalgs(const
|
|
1998
|
+
bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out);
|
|
2003
1999
|
|
|
2004
2000
|
// tls12_check_peer_sigalg checks if |sigalg| is acceptable for the peer
|
|
2005
2001
|
// signature. It returns true on success and false on error, setting
|
|
2006
2002
|
// |*out_alert| to an alert to send.
|
|
2007
|
-
bool tls12_check_peer_sigalg(const
|
|
2003
|
+
bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
2008
2004
|
uint16_t sigalg);
|
|
2009
2005
|
|
|
2010
2006
|
|
|
@@ -2108,6 +2104,9 @@ struct SSL_PROTOCOL_METHOD {
|
|
|
2108
2104
|
bool (*get_message)(const SSL *ssl, SSLMessage *out);
|
|
2109
2105
|
// next_message is called to release the current handshake message.
|
|
2110
2106
|
void (*next_message)(SSL *ssl);
|
|
2107
|
+
// has_unprocessed_handshake_data returns whether there is buffered
|
|
2108
|
+
// handshake data that has not been consumed by |get_message|.
|
|
2109
|
+
bool (*has_unprocessed_handshake_data)(const SSL *ssl);
|
|
2111
2110
|
// Use the |ssl_open_handshake| wrapper.
|
|
2112
2111
|
ssl_open_record_t (*open_handshake)(SSL *ssl, size_t *out_consumed,
|
|
2113
2112
|
uint8_t *out_alert, Span<uint8_t> in);
|
|
@@ -2140,14 +2139,20 @@ struct SSL_PROTOCOL_METHOD {
|
|
|
2140
2139
|
int (*flush_flight)(SSL *ssl);
|
|
2141
2140
|
// on_handshake_complete is called when the handshake is complete.
|
|
2142
2141
|
void (*on_handshake_complete)(SSL *ssl);
|
|
2143
|
-
// set_read_state sets |ssl|'s read cipher state to |aead_ctx
|
|
2144
|
-
//
|
|
2145
|
-
//
|
|
2146
|
-
|
|
2147
|
-
|
|
2148
|
-
|
|
2149
|
-
|
|
2150
|
-
|
|
2142
|
+
// set_read_state sets |ssl|'s read cipher state and level to |aead_ctx| and
|
|
2143
|
+
// |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
|
|
2144
|
+
// is the original secret. This function returns true on success and false on
|
|
2145
|
+
// error.
|
|
2146
|
+
bool (*set_read_state)(SSL *ssl, ssl_encryption_level_t level,
|
|
2147
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
|
2148
|
+
Span<const uint8_t> secret_for_quic);
|
|
2149
|
+
// set_write_state sets |ssl|'s write cipher state and level to |aead_ctx| and
|
|
2150
|
+
// |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
|
|
2151
|
+
// is the original secret. This function returns true on success and false on
|
|
2152
|
+
// error.
|
|
2153
|
+
bool (*set_write_state)(SSL *ssl, ssl_encryption_level_t level,
|
|
2154
|
+
UniquePtr<SSLAEADContext> aead_ctx,
|
|
2155
|
+
Span<const uint8_t> secret_for_quic);
|
|
2151
2156
|
};
|
|
2152
2157
|
|
|
2153
2158
|
// The following wrappers call |open_*| but handle |read_shutdown| correctly.
|
|
@@ -2680,6 +2685,9 @@ struct SSL_CONFIG {
|
|
|
2680
2685
|
// Contains the QUIC transport params that this endpoint will send.
|
|
2681
2686
|
Array<uint8_t> quic_transport_params;
|
|
2682
2687
|
|
|
2688
|
+
// Contains the context used to decide whether to accept early data in QUIC.
|
|
2689
|
+
Array<uint8_t> quic_early_data_context;
|
|
2690
|
+
|
|
2683
2691
|
// verify_sigalgs, if not empty, is the set of signature algorithms
|
|
2684
2692
|
// accepted from the peer in decreasing order of preference.
|
|
2685
2693
|
Array<uint16_t> verify_sigalgs;
|
|
@@ -2732,6 +2740,11 @@ struct SSL_CONFIG {
|
|
|
2732
2740
|
bool jdk11_workaround : 1;
|
|
2733
2741
|
};
|
|
2734
2742
|
|
|
2743
|
+
// Computes a SHA-256 hash of the transport parameters and early data context
|
|
2744
|
+
// for QUIC, putting the hash in |SHA256_DIGEST_LENGTH| bytes at |hash_out|.
|
|
2745
|
+
bool compute_quic_early_data_hash(const SSL_CONFIG *config,
|
|
2746
|
+
uint8_t hash_out[SHA256_DIGEST_LENGTH]);
|
|
2747
|
+
|
|
2735
2748
|
// From RFC 8446, used in determining PSK modes.
|
|
2736
2749
|
#define SSL_PSK_DHE_KE 0x1
|
|
2737
2750
|
|
|
@@ -2835,29 +2848,29 @@ void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
|
|
|
2835
2848
|
|
|
2836
2849
|
void ssl_send_alert(SSL *ssl, int level, int desc);
|
|
2837
2850
|
int ssl_send_alert_impl(SSL *ssl, int level, int desc);
|
|
2838
|
-
bool
|
|
2839
|
-
ssl_open_record_t
|
|
2840
|
-
|
|
2841
|
-
void
|
|
2851
|
+
bool tls_get_message(const SSL *ssl, SSLMessage *out);
|
|
2852
|
+
ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
|
|
2853
|
+
uint8_t *out_alert, Span<uint8_t> in);
|
|
2854
|
+
void tls_next_message(SSL *ssl);
|
|
2842
2855
|
|
|
2843
|
-
int
|
|
2844
|
-
ssl_open_record_t
|
|
2845
|
-
|
|
2846
|
-
|
|
2847
|
-
ssl_open_record_t
|
|
2848
|
-
|
|
2849
|
-
|
|
2850
|
-
int
|
|
2851
|
-
|
|
2856
|
+
int tls_dispatch_alert(SSL *ssl);
|
|
2857
|
+
ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out,
|
|
2858
|
+
size_t *out_consumed, uint8_t *out_alert,
|
|
2859
|
+
Span<uint8_t> in);
|
|
2860
|
+
ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
|
|
2861
|
+
uint8_t *out_alert,
|
|
2862
|
+
Span<uint8_t> in);
|
|
2863
|
+
int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
|
|
2864
|
+
int len);
|
|
2852
2865
|
|
|
2853
|
-
bool
|
|
2854
|
-
void
|
|
2866
|
+
bool tls_new(SSL *ssl);
|
|
2867
|
+
void tls_free(SSL *ssl);
|
|
2855
2868
|
|
|
2856
|
-
bool
|
|
2857
|
-
bool
|
|
2858
|
-
bool
|
|
2859
|
-
bool
|
|
2860
|
-
int
|
|
2869
|
+
bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2870
|
+
bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
2871
|
+
bool tls_add_message(SSL *ssl, Array<uint8_t> msg);
|
|
2872
|
+
bool tls_add_change_cipher_spec(SSL *ssl);
|
|
2873
|
+
int tls_flush_flight(SSL *ssl);
|
|
2861
2874
|
|
|
2862
2875
|
bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2863
2876
|
bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
@@ -3307,9 +3320,6 @@ struct ssl_ctx_st {
|
|
|
3307
3320
|
// protocols from the peer.
|
|
3308
3321
|
bool allow_unknown_alpn_protos : 1;
|
|
3309
3322
|
|
|
3310
|
-
// ed25519_enabled is whether Ed25519 is advertised in the handshake.
|
|
3311
|
-
bool ed25519_enabled : 1;
|
|
3312
|
-
|
|
3313
3323
|
// false_start_allowed_without_alpn is whether False Start (if
|
|
3314
3324
|
// |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN.
|
|
3315
3325
|
bool false_start_allowed_without_alpn : 1;
|
|
@@ -3546,6 +3556,13 @@ struct ssl_session_st {
|
|
|
3546
3556
|
// is_server is whether this session was created by a server.
|
|
3547
3557
|
bool is_server : 1;
|
|
3548
3558
|
|
|
3559
|
+
// is_quic indicates whether this session was created using QUIC.
|
|
3560
|
+
bool is_quic : 1;
|
|
3561
|
+
|
|
3562
|
+
// quic_early_data_hash is used to determine whether early data must be
|
|
3563
|
+
// rejected when performing a QUIC handshake.
|
|
3564
|
+
bssl::Array<uint8_t> quic_early_data_hash;
|
|
3565
|
+
|
|
3549
3566
|
private:
|
|
3550
3567
|
~ssl_session_st();
|
|
3551
3568
|
friend void SSL_SESSION_free(SSL_SESSION *);
|
|
@@ -168,7 +168,7 @@ static bool add_record_to_flight(SSL *ssl, uint8_t type,
|
|
|
168
168
|
return true;
|
|
169
169
|
}
|
|
170
170
|
|
|
171
|
-
bool
|
|
171
|
+
bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
|
|
172
172
|
// Pick a modest size hint to save most of the |realloc| calls.
|
|
173
173
|
if (!CBB_init(cbb, 64) ||
|
|
174
174
|
!CBB_add_u8(cbb, type) ||
|
|
@@ -181,11 +181,11 @@ bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
|
|
|
181
181
|
return true;
|
|
182
182
|
}
|
|
183
183
|
|
|
184
|
-
bool
|
|
184
|
+
bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
|
|
185
185
|
return CBBFinishArray(cbb, out_msg);
|
|
186
186
|
}
|
|
187
187
|
|
|
188
|
-
bool
|
|
188
|
+
bool tls_add_message(SSL *ssl, Array<uint8_t> msg) {
|
|
189
189
|
// Pack handshake data into the minimal number of records. This avoids
|
|
190
190
|
// unnecessary encryption overhead, notably in TLS 1.3 where we send several
|
|
191
191
|
// encrypted messages in a row. For now, we do not do this for the null
|
|
@@ -262,7 +262,7 @@ bool tls_flush_pending_hs_data(SSL *ssl) {
|
|
|
262
262
|
return add_record_to_flight(ssl, SSL3_RT_HANDSHAKE, data);
|
|
263
263
|
}
|
|
264
264
|
|
|
265
|
-
bool
|
|
265
|
+
bool tls_add_change_cipher_spec(SSL *ssl) {
|
|
266
266
|
static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
|
|
267
267
|
|
|
268
268
|
if (!tls_flush_pending_hs_data(ssl)) {
|
|
@@ -280,7 +280,7 @@ bool ssl3_add_change_cipher_spec(SSL *ssl) {
|
|
|
280
280
|
return true;
|
|
281
281
|
}
|
|
282
282
|
|
|
283
|
-
int
|
|
283
|
+
int tls_flush_flight(SSL *ssl) {
|
|
284
284
|
if (!tls_flush_pending_hs_data(ssl)) {
|
|
285
285
|
return -1;
|
|
286
286
|
}
|
|
@@ -496,7 +496,7 @@ static bool parse_message(const SSL *ssl, SSLMessage *out,
|
|
|
496
496
|
return true;
|
|
497
497
|
}
|
|
498
498
|
|
|
499
|
-
bool
|
|
499
|
+
bool tls_get_message(const SSL *ssl, SSLMessage *out) {
|
|
500
500
|
size_t unused;
|
|
501
501
|
if (!parse_message(ssl, out, &unused)) {
|
|
502
502
|
return false;
|
|
@@ -552,8 +552,8 @@ bool tls_append_handshake_data(SSL *ssl, Span
|
|
|
552
552
|
BUF_MEM_append(ssl->s3->hs_buf.get(), data.data(), data.size());
|
|
553
553
|
}
|
|
554
554
|
|
|
555
|
-
ssl_open_record_t
|
|
556
|
-
|
|
555
|
+
ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
|
|
556
|
+
uint8_t *out_alert, Span<uint8_t> in) {
|
|
557
557
|
*out_consumed = 0;
|
|
558
558
|
// Bypass the record layer for the first message to handle V2ClientHello.
|
|
559
559
|
if (ssl->server && !ssl->s3->v2_hello_done) {
|
|
@@ -631,9 +631,9 @@ ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
|
|
|
631
631
|
return ssl_open_record_success;
|
|
632
632
|
}
|
|
633
633
|
|
|
634
|
-
void
|
|
634
|
+
void tls_next_message(SSL *ssl) {
|
|
635
635
|
SSLMessage msg;
|
|
636
|
-
if (!
|
|
636
|
+
if (!tls_get_message(ssl, &msg) ||
|
|
637
637
|
!ssl->s3->hs_buf ||
|
|
638
638
|
ssl->s3->hs_buf->length < CBS_len(&msg.raw)) {
|
|
639
639
|
assert(0);
|