grpc 1.28.0 → 1.30.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (503) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +7694 -11190
  3. data/include/grpc/grpc.h +2 -2
  4. data/include/grpc/grpc_security.h +30 -9
  5. data/include/grpc/grpc_security_constants.h +1 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +19 -21
  7. data/include/grpc/impl/codegen/port_platform.h +6 -2
  8. data/include/grpc/module.modulemap +24 -39
  9. data/src/core/ext/filters/client_channel/backend_metric.cc +7 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +212 -241
  11. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  12. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -22
  13. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  14. data/src/core/ext/filters/client_channel/http_proxy.cc +17 -10
  15. data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
  16. data/src/core/ext/filters/client_channel/lb_policy.h +42 -33
  17. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
  20. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +240 -301
  21. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  22. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  25. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  26. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +5 -11
  28. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  29. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
  30. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  34. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +6 -2
  35. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  36. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  37. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  38. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +73 -59
  40. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +35 -35
  41. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +16 -20
  43. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +72 -117
  45. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +184 -133
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  48. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +40 -43
  49. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
  50. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  51. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
  52. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +32 -5
  53. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  54. data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -3
  55. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  56. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +16 -16
  57. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
  58. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +20 -31
  59. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +4 -3
  60. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  61. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  62. data/src/core/ext/filters/client_channel/service_config.cc +104 -144
  63. data/src/core/ext/filters/client_channel/service_config.h +28 -98
  64. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  65. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  66. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  67. data/src/core/ext/filters/client_channel/subchannel.cc +54 -24
  68. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  69. data/src/core/ext/filters/client_channel/xds/xds_api.cc +348 -221
  70. data/src/core/ext/filters/client_channel/xds/xds_api.h +37 -37
  71. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +44 -49
  72. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
  73. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
  74. data/src/core/ext/filters/client_channel/xds/xds_client.cc +532 -339
  75. data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
  76. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
  77. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +31 -19
  78. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -28
  79. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  80. data/src/core/ext/filters/http/http_filters_plugin.cc +27 -12
  81. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  82. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  83. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  84. data/src/core/ext/filters/message_size/message_size_filter.cc +7 -10
  85. data/src/core/ext/filters/message_size/message_size_filter.h +4 -4
  86. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +4 -4
  87. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  88. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +23 -22
  89. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  90. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  91. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  92. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  93. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  94. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  95. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  96. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  97. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  98. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  99. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  100. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  101. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  102. data/src/core/ext/transport/chttp2/transport/internal.h +14 -21
  103. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  104. data/src/core/ext/transport/chttp2/transport/writing.cc +15 -8
  105. data/src/core/ext/transport/inproc/inproc_transport.cc +19 -0
  106. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
  107. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -875
  108. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  109. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  110. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  111. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  112. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  113. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  114. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
  115. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +21 -8
  116. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +43 -7
  117. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
  118. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
  119. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
  120. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
  121. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  122. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  123. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +47 -26
  124. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +115 -65
  125. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
  126. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  127. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  128. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
  129. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
  130. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +28 -13
  131. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
  133. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +88 -6
  134. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -0
  137. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
  138. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -0
  139. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
  140. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
  141. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +12 -4
  142. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
  144. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
  145. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +16 -0
  146. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
  147. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +2 -1
  148. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
  151. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
  152. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +63 -41
  153. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +173 -77
  154. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
  156. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -0
  157. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
  158. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +90 -30
  159. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
  160. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  161. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  162. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  163. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  164. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +4 -0
  165. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  166. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
  167. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +36 -0
  168. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
  169. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
  170. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  171. data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
  172. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
  173. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
  174. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +9 -8
  175. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +30 -24
  176. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  177. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  178. data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
  179. data/src/core/ext/upb-generated/validate/validate.upb.h +69 -63
  180. data/src/core/lib/channel/channel_args.cc +15 -14
  181. data/src/core/lib/channel/channel_args.h +3 -1
  182. data/src/core/lib/channel/channel_stack.h +20 -13
  183. data/src/core/lib/channel/channelz.cc +5 -6
  184. data/src/core/lib/channel/channelz.h +3 -2
  185. data/src/core/lib/channel/channelz_registry.cc +5 -3
  186. data/src/core/lib/channel/connected_channel.cc +7 -5
  187. data/src/core/lib/channel/context.h +1 -1
  188. data/src/core/lib/channel/handshaker.cc +11 -13
  189. data/src/core/lib/channel/handshaker.h +4 -2
  190. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  191. data/src/core/lib/channel/status_util.cc +2 -3
  192. data/src/core/lib/compression/message_compress.cc +5 -1
  193. data/src/core/lib/debug/stats.cc +21 -27
  194. data/src/core/lib/debug/stats.h +3 -1
  195. data/src/core/lib/gpr/spinlock.h +2 -3
  196. data/src/core/lib/gpr/string.cc +2 -26
  197. data/src/core/lib/gpr/string.h +0 -16
  198. data/src/core/lib/gpr/sync_abseil.cc +2 -0
  199. data/src/core/lib/gpr/time.cc +4 -0
  200. data/src/core/lib/gpr/time_posix.cc +1 -1
  201. data/src/core/lib/gprpp/atomic.h +6 -6
  202. data/src/core/lib/gprpp/fork.cc +1 -1
  203. data/src/core/lib/gprpp/host_port.cc +29 -35
  204. data/src/core/lib/gprpp/host_port.h +14 -17
  205. data/src/core/lib/gprpp/map.h +5 -11
  206. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  207. data/src/core/lib/http/format_request.cc +46 -65
  208. data/src/core/lib/http/httpcli.cc +2 -3
  209. data/src/core/lib/http/httpcli.h +2 -3
  210. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  211. data/src/core/lib/http/parser.h +2 -3
  212. data/src/core/lib/iomgr/buffer_list.h +22 -21
  213. data/src/core/lib/iomgr/call_combiner.h +3 -2
  214. data/src/core/lib/iomgr/cfstream_handle.cc +3 -2
  215. data/src/core/lib/iomgr/closure.h +2 -3
  216. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  217. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  218. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  219. data/src/core/lib/iomgr/error.cc +6 -9
  220. data/src/core/lib/iomgr/error.h +0 -1
  221. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  222. data/src/core/lib/iomgr/ev_apple.h +43 -0
  223. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -23
  224. data/src/core/lib/iomgr/ev_epollex_linux.cc +2 -3
  225. data/src/core/lib/iomgr/ev_poll_posix.cc +3 -3
  226. data/src/core/lib/iomgr/ev_posix.cc +2 -3
  227. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  228. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  229. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  230. data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
  231. data/src/core/lib/iomgr/port.h +1 -0
  232. data/src/core/lib/iomgr/python_util.h +46 -0
  233. data/src/core/lib/iomgr/resolve_address.h +4 -6
  234. data/src/core/lib/iomgr/resolve_address_custom.cc +29 -39
  235. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  236. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  237. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -17
  238. data/src/core/lib/iomgr/resource_quota.cc +4 -6
  239. data/src/core/lib/iomgr/sockaddr_utils.cc +23 -29
  240. data/src/core/lib/iomgr/sockaddr_utils.h +9 -14
  241. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  242. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  243. data/src/core/lib/iomgr/socket_utils_common_posix.cc +7 -26
  244. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  245. data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -7
  246. data/src/core/lib/iomgr/tcp_client_posix.cc +8 -5
  247. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
  248. data/src/core/lib/iomgr/tcp_custom.cc +2 -3
  249. data/src/core/lib/iomgr/tcp_server_custom.cc +5 -9
  250. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -4
  251. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -4
  252. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +8 -11
  253. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  254. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  255. data/src/core/lib/iomgr/timer_generic.cc +2 -3
  256. data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
  257. data/src/core/lib/iomgr/timer_heap.h +2 -3
  258. data/src/core/lib/iomgr/udp_server.cc +9 -14
  259. data/src/core/lib/json/json.h +3 -2
  260. data/src/core/lib/json/json_reader.cc +5 -5
  261. data/src/core/lib/json/json_writer.cc +13 -12
  262. data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
  263. data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
  264. data/src/core/lib/security/credentials/credentials.cc +0 -84
  265. data/src/core/lib/security/credentials/credentials.h +8 -59
  266. data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
  267. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -8
  268. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  269. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  270. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  271. data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
  272. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  273. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
  274. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
  275. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +55 -27
  276. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
  277. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +13 -0
  278. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  279. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
  280. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -11
  281. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
  282. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +7 -7
  283. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
  284. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  285. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  286. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +20 -25
  287. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +4 -6
  288. data/src/core/lib/security/security_connector/ssl_utils.cc +59 -12
  289. data/src/core/lib/security/security_connector/ssl_utils.h +12 -10
  290. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +77 -51
  291. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
  292. data/src/core/lib/security/transport/auth_filters.h +0 -5
  293. data/src/core/lib/security/transport/client_auth_filter.cc +1 -2
  294. data/src/core/lib/slice/slice_intern.cc +2 -3
  295. data/src/core/lib/slice/slice_internal.h +14 -0
  296. data/src/core/lib/slice/slice_utils.h +9 -0
  297. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  298. data/src/core/lib/surface/call.cc +2 -3
  299. data/src/core/lib/surface/call_log_batch.cc +50 -58
  300. data/src/core/lib/surface/channel.cc +53 -31
  301. data/src/core/lib/surface/channel.h +35 -4
  302. data/src/core/lib/surface/channel_ping.cc +2 -3
  303. data/src/core/lib/surface/completion_queue.cc +33 -33
  304. data/src/core/lib/surface/event_string.cc +18 -25
  305. data/src/core/lib/surface/event_string.h +3 -1
  306. data/src/core/lib/surface/init_secure.cc +1 -4
  307. data/src/core/lib/surface/server.cc +570 -369
  308. data/src/core/lib/surface/server.h +32 -0
  309. data/src/core/lib/surface/version.cc +2 -2
  310. data/src/core/lib/transport/byte_stream.h +7 -2
  311. data/src/core/lib/transport/connectivity_state.cc +7 -6
  312. data/src/core/lib/transport/connectivity_state.h +5 -3
  313. data/src/core/lib/transport/metadata.cc +3 -3
  314. data/src/core/lib/transport/metadata_batch.h +2 -3
  315. data/src/core/lib/transport/static_metadata.h +1 -1
  316. data/src/core/lib/transport/status_conversion.cc +6 -14
  317. data/src/core/lib/transport/transport.cc +2 -3
  318. data/src/core/lib/transport/transport.h +3 -2
  319. data/src/core/lib/transport/transport_op_string.cc +61 -102
  320. data/src/core/lib/uri/uri_parser.h +2 -3
  321. data/src/core/plugin_registry/grpc_plugin_registry.cc +20 -4
  322. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  323. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +8 -1
  324. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  325. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +32 -2
  326. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
  327. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  328. data/src/core/tsi/fake_transport_security.cc +10 -15
  329. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  330. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  331. data/src/core/tsi/ssl_transport_security.cc +52 -39
  332. data/src/core/tsi/ssl_transport_security.h +8 -8
  333. data/src/core/tsi/ssl_types.h +0 -2
  334. data/src/core/tsi/transport_security.h +6 -9
  335. data/src/core/tsi/transport_security_grpc.h +2 -3
  336. data/src/core/tsi/transport_security_interface.h +3 -3
  337. data/src/ruby/ext/grpc/rb_call.c +9 -1
  338. data/src/ruby/ext/grpc/rb_call_credentials.c +3 -2
  339. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
  340. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
  341. data/src/ruby/lib/grpc/errors.rb +103 -42
  342. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  343. data/src/ruby/lib/grpc/generic/interceptors.rb +4 -4
  344. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  345. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  346. data/src/ruby/lib/grpc/structs.rb +1 -1
  347. data/src/ruby/lib/grpc/version.rb +1 -1
  348. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  349. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
  350. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  351. data/src/ruby/spec/debug_message_spec.rb +134 -0
  352. data/src/ruby/spec/generic/service_spec.rb +2 -0
  353. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  354. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
  355. data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
  356. data/src/ruby/spec/support/services.rb +10 -4
  357. data/src/ruby/spec/testdata/ca.pem +18 -13
  358. data/src/ruby/spec/testdata/client.key +26 -14
  359. data/src/ruby/spec/testdata/client.pem +18 -12
  360. data/src/ruby/spec/testdata/server1.key +26 -14
  361. data/src/ruby/spec/testdata/server1.pem +20 -14
  362. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  363. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  364. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  365. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  366. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  367. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  368. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  369. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  370. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  371. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  372. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  373. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  374. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  375. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  376. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  377. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  378. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  379. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  380. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  381. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  382. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  383. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  384. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  385. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  386. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  387. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  388. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  389. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  390. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  391. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  392. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  393. data/third_party/boringssl-with-bazel/err_data.c +329 -297
  394. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
  395. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
  396. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
  397. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  398. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
  399. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
  400. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
  401. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
  402. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
  403. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
  404. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  405. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  406. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
  407. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +14 -11
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +432 -160
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +5 -14
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +80 -99
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
  443. data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -12
  444. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
  445. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
  446. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
  447. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
  448. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
  449. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  450. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  451. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  452. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +16 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +5 -0
  454. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
  455. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -1
  456. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
  457. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
  458. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  459. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
  460. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
  461. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
  462. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
  463. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
  464. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
  465. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
  466. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +172 -77
  467. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
  468. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  469. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +5 -3
  470. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
  471. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
  472. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
  473. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
  474. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
  475. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +14 -3
  476. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +28 -20
  477. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +12 -4
  478. data/third_party/boringssl-with-bazel/src/ssl/internal.h +64 -47
  479. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
  480. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  481. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
  482. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
  483. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
  484. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +6 -1
  485. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
  486. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +64 -5
  487. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
  488. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +6 -2
  489. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
  490. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
  491. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -27
  492. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
  493. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +50 -20
  494. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
  495. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
  496. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
  497. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
  498. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
  499. metadata +115 -39
  500. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
  501. data/src/core/lib/gprpp/string_view.h +0 -60
  502. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
  503. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
@@ -471,6 +471,13 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
471
471
  ssl->s3->previous_server_finished_len = finished_len;
472
472
  }
473
473
 
474
+ // The Finished message should be the end of a flight.
475
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
476
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
477
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
478
+ return ssl_hs_error;
479
+ }
480
+
474
481
  ssl->method->next_message(ssl);
475
482
  return ssl_hs_ok;
476
483
  }
@@ -621,10 +628,15 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
621
628
  hs->wait = ssl_hs_ok;
622
629
  return -1;
623
630
 
624
- case ssl_hs_handback:
631
+ case ssl_hs_handback: {
632
+ int ret = ssl->method->flush_flight(ssl);
633
+ if (ret <= 0) {
634
+ return ret;
635
+ }
625
636
  ssl->s3->rwstate = SSL_ERROR_HANDBACK;
626
637
  hs->wait = ssl_hs_handback;
627
638
  return -1;
639
+ }
628
640
 
629
641
  case ssl_hs_x509_lookup:
630
642
  ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
@@ -658,9 +670,8 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
658
670
 
659
671
  case ssl_hs_early_data_rejected:
660
672
  assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
673
+ assert(!hs->can_early_write);
661
674
  ssl->s3->rwstate = SSL_ERROR_EARLY_DATA_REJECTED;
662
- // Cause |SSL_write| to start failing immediately.
663
- hs->can_early_write = false;
664
675
  return -1;
665
676
 
666
677
  case ssl_hs_early_return:
@@ -406,7 +406,8 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
406
406
  (ssl->session->session_id_length == 0 &&
407
407
  ssl->session->ticket.empty()) ||
408
408
  ssl->session->not_resumable ||
409
- !ssl_session_is_time_valid(ssl, ssl->session.get())) {
409
+ !ssl_session_is_time_valid(ssl, ssl->session.get()) ||
410
+ (ssl->quic_method != nullptr) != ssl->session->is_quic) {
410
411
  ssl_set_session(ssl, NULL);
411
412
  }
412
413
  }
@@ -415,17 +416,20 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
415
416
  return ssl_hs_error;
416
417
  }
417
418
 
418
- if (ssl->session != nullptr &&
419
- !ssl->s3->initial_handshake_complete &&
420
- ssl->session->session_id_length > 0) {
421
- hs->session_id_len = ssl->session->session_id_length;
422
- OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
423
- hs->session_id_len);
424
- } else if (hs->max_version >= TLS1_3_VERSION) {
425
- // Initialize a random session ID.
426
- hs->session_id_len = sizeof(hs->session_id);
427
- if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
428
- return ssl_hs_error;
419
+ // Never send a session ID in QUIC. QUIC uses TLS 1.3 at a minimum and
420
+ // disables TLS 1.3 middlebox compatibility mode.
421
+ if (ssl->quic_method == nullptr) {
422
+ if (ssl->session != nullptr && !ssl->s3->initial_handshake_complete &&
423
+ ssl->session->session_id_length > 0) {
424
+ hs->session_id_len = ssl->session->session_id_length;
425
+ OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
426
+ hs->session_id_len);
427
+ } else if (hs->max_version >= TLS1_3_VERSION) {
428
+ // Initialize a random session ID.
429
+ hs->session_id_len = sizeof(hs->session_id);
430
+ if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
431
+ return ssl_hs_error;
432
+ }
429
433
  }
430
434
  }
431
435
 
@@ -461,11 +465,6 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
461
465
  !tls13_derive_early_secret(hs)) {
462
466
  return ssl_hs_error;
463
467
  }
464
- if (ssl->quic_method == nullptr &&
465
- !tls13_set_traffic_key(ssl, ssl_encryption_early_data, evp_aead_seal,
466
- hs->early_traffic_secret())) {
467
- return ssl_hs_error;
468
- }
469
468
 
470
469
  // Stash the early data session, so connection properties may be queried out
471
470
  // of it.
@@ -496,7 +495,9 @@ static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs
496
495
 
497
496
  // Defer releasing the 0-RTT key to after certificate reverification, so the
498
497
  // QUIC implementation does not accidentally write data too early.
499
- if (!tls13_set_early_secret_for_quic(hs)) {
498
+ if (!tls13_set_traffic_key(hs->ssl, ssl_encryption_early_data, evp_aead_seal,
499
+ hs->early_session.get(),
500
+ hs->early_traffic_secret())) {
500
501
  return ssl_hs_error;
501
502
  }
502
503
 
@@ -1050,7 +1051,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
1050
1051
  return ssl_hs_error;
1051
1052
  }
1052
1053
  uint8_t alert = SSL_AD_DECODE_ERROR;
1053
- if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1054
+ if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
1054
1055
  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1055
1056
  return ssl_hs_error;
1056
1057
  }
@@ -1201,6 +1202,13 @@ static enum ssl_hs_wait_t do_read_server_hello_done(SSL_HANDSHAKE *hs) {
1201
1202
  return ssl_hs_error;
1202
1203
  }
1203
1204
 
1205
+ // ServerHelloDone should be the end of the flight.
1206
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
1207
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1208
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
1209
+ return ssl_hs_error;
1210
+ }
1211
+
1204
1212
  ssl->method->next_message(ssl);
1205
1213
  hs->state = state_send_client_certificate;
1206
1214
  return ssl_hs_ok;
@@ -1273,7 +1281,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1273
1281
  ssl_key_usage_t intended_use = (alg_k & SSL_kRSA)
1274
1282
  ? key_usage_encipherment
1275
1283
  : key_usage_digital_signature;
1276
- if (ssl->config->enforce_rsa_key_usage ||
1284
+ if (hs->config->enforce_rsa_key_usage ||
1277
1285
  EVP_PKEY_id(hs->peer_pubkey.get()) != EVP_PKEY_RSA) {
1278
1286
  if (!ssl_cert_check_key_usage(&leaf_cbs, intended_use)) {
1279
1287
  return ssl_hs_error;
@@ -325,7 +325,7 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
325
325
  *out_mask_a = mask_a;
326
326
  }
327
327
 
328
- static const SSL_CIPHER *ssl3_choose_cipher(
328
+ static const SSL_CIPHER *choose_cipher(
329
329
  SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
330
330
  const SSLCipherPreferenceList *server_pref) {
331
331
  SSL *const ssl = hs->ssl;
@@ -569,6 +569,14 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
569
569
  return ssl_hs_error;
570
570
  }
571
571
 
572
+ // ClientHello should be the end of the flight. We check this early to cover
573
+ // all protocol versions.
574
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
575
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
576
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
577
+ return ssl_hs_error;
578
+ }
579
+
572
580
  if (hs->config->handoff) {
573
581
  return ssl_hs_handoff;
574
582
  }
@@ -699,7 +707,7 @@ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
699
707
  SSLCipherPreferenceList *prefs = hs->config->cipher_list
700
708
  ? hs->config->cipher_list.get()
701
709
  : ssl->ctx->cipher_list.get();
702
- hs->new_cipher = ssl3_choose_cipher(hs, &client_hello, prefs);
710
+ hs->new_cipher = choose_cipher(hs, &client_hello, prefs);
703
711
  if (hs->new_cipher == NULL) {
704
712
  OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
705
713
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -1094,7 +1102,7 @@ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) {
1094
1102
  !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
1095
1103
  (ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
1096
1104
  (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
1097
- !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
1105
+ !tls12_add_verify_sigalgs(hs, &sigalgs_cbb))) ||
1098
1106
  !ssl_add_client_CA_list(hs, &body) ||
1099
1107
  !ssl_add_message_cbb(ssl, cbb.get())) {
1100
1108
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1439,7 +1447,7 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
1439
1447
  return ssl_hs_error;
1440
1448
  }
1441
1449
  uint8_t alert = SSL_AD_DECODE_ERROR;
1442
- if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1450
+ if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
1443
1451
  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1444
1452
  return ssl_hs_error;
1445
1453
  }
@@ -1356,23 +1356,17 @@ bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, Span psk);
1356
1356
  bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, Span<const uint8_t> in);
1357
1357
 
1358
1358
  // tls13_set_traffic_key sets the read or write traffic keys to
1359
- // |traffic_secret|. It returns true on success and false on error.
1359
+ // |traffic_secret|. The version and cipher suite are determined from |session|.
1360
+ // It returns true on success and false on error.
1360
1361
  bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
1361
1362
  enum evp_aead_direction_t direction,
1363
+ const SSL_SESSION *session,
1362
1364
  Span<const uint8_t> traffic_secret);
1363
1365
 
1364
1366
  // tls13_derive_early_secret derives the early traffic secret. It returns true
1365
- // on success and false on error. Unlike with other traffic secrets, this
1366
- // function does not pass the keys to QUIC. Call
1367
- // |tls13_set_early_secret_for_quic| to do so. This is done to due to an
1368
- // ordering complication around resolving HelloRetryRequest on the server.
1367
+ // on success and false on error.
1369
1368
  bool tls13_derive_early_secret(SSL_HANDSHAKE *hs);
1370
1369
 
1371
- // tls13_set_early_secret_for_quic passes the early traffic secrets, as
1372
- // derived by |tls13_derive_early_secret|, to QUIC. It returns true on success
1373
- // and false on error.
1374
- bool tls13_set_early_secret_for_quic(SSL_HANDSHAKE *hs);
1375
-
1376
1370
  // tls13_derive_handshake_secrets derives the handshake traffic secret. It
1377
1371
  // returns true on success and false on error.
1378
1372
  bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs);
@@ -1485,6 +1479,7 @@ enum tls13_server_hs_state_t {
1485
1479
  state13_send_server_hello,
1486
1480
  state13_send_server_certificate_verify,
1487
1481
  state13_send_server_finished,
1482
+ state13_send_half_rtt_ticket,
1488
1483
  state13_read_second_client_flight,
1489
1484
  state13_process_end_of_early_data,
1490
1485
  state13_read_client_certificate,
@@ -1498,10 +1493,11 @@ enum tls13_server_hs_state_t {
1498
1493
  // handback_t lists the points in the state machine where a handback can occur.
1499
1494
  // These are the different points at which key material is no longer needed.
1500
1495
  enum handback_t {
1501
- handback_after_session_resumption,
1502
- handback_after_ecdhe,
1503
- handback_after_handshake,
1504
- handback_tls13,
1496
+ handback_after_session_resumption = 0,
1497
+ handback_after_ecdhe = 1,
1498
+ handback_after_handshake = 2,
1499
+ handback_tls13 = 3,
1500
+ handback_max_value = handback_tls13,
1505
1501
  };
1506
1502
 
1507
1503
 
@@ -1999,12 +1995,12 @@ Span tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs);
1999
1995
 
2000
1996
  // tls12_add_verify_sigalgs adds the signature algorithms acceptable for the
2001
1997
  // peer signature to |out|. It returns true on success and false on error.
2002
- bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out);
1998
+ bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out);
2003
1999
 
2004
2000
  // tls12_check_peer_sigalg checks if |sigalg| is acceptable for the peer
2005
2001
  // signature. It returns true on success and false on error, setting
2006
2002
  // |*out_alert| to an alert to send.
2007
- bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
2003
+ bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
2008
2004
  uint16_t sigalg);
2009
2005
 
2010
2006
 
@@ -2108,6 +2104,9 @@ struct SSL_PROTOCOL_METHOD {
2108
2104
  bool (*get_message)(const SSL *ssl, SSLMessage *out);
2109
2105
  // next_message is called to release the current handshake message.
2110
2106
  void (*next_message)(SSL *ssl);
2107
+ // has_unprocessed_handshake_data returns whether there is buffered
2108
+ // handshake data that has not been consumed by |get_message|.
2109
+ bool (*has_unprocessed_handshake_data)(const SSL *ssl);
2111
2110
  // Use the |ssl_open_handshake| wrapper.
2112
2111
  ssl_open_record_t (*open_handshake)(SSL *ssl, size_t *out_consumed,
2113
2112
  uint8_t *out_alert, Span<uint8_t> in);
@@ -2140,14 +2139,20 @@ struct SSL_PROTOCOL_METHOD {
2140
2139
  int (*flush_flight)(SSL *ssl);
2141
2140
  // on_handshake_complete is called when the handshake is complete.
2142
2141
  void (*on_handshake_complete)(SSL *ssl);
2143
- // set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It returns
2144
- // true on success and false if changing the read state is forbidden at this
2145
- // point.
2146
- bool (*set_read_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
2147
- // set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It returns
2148
- // true on success and false if changing the write state is forbidden at this
2149
- // point.
2150
- bool (*set_write_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
2142
+ // set_read_state sets |ssl|'s read cipher state and level to |aead_ctx| and
2143
+ // |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
2144
+ // is the original secret. This function returns true on success and false on
2145
+ // error.
2146
+ bool (*set_read_state)(SSL *ssl, ssl_encryption_level_t level,
2147
+ UniquePtr<SSLAEADContext> aead_ctx,
2148
+ Span<const uint8_t> secret_for_quic);
2149
+ // set_write_state sets |ssl|'s write cipher state and level to |aead_ctx| and
2150
+ // |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
2151
+ // is the original secret. This function returns true on success and false on
2152
+ // error.
2153
+ bool (*set_write_state)(SSL *ssl, ssl_encryption_level_t level,
2154
+ UniquePtr<SSLAEADContext> aead_ctx,
2155
+ Span<const uint8_t> secret_for_quic);
2151
2156
  };
2152
2157
 
2153
2158
  // The following wrappers call |open_*| but handle |read_shutdown| correctly.
@@ -2680,6 +2685,9 @@ struct SSL_CONFIG {
2680
2685
  // Contains the QUIC transport params that this endpoint will send.
2681
2686
  Array<uint8_t> quic_transport_params;
2682
2687
 
2688
+ // Contains the context used to decide whether to accept early data in QUIC.
2689
+ Array<uint8_t> quic_early_data_context;
2690
+
2683
2691
  // verify_sigalgs, if not empty, is the set of signature algorithms
2684
2692
  // accepted from the peer in decreasing order of preference.
2685
2693
  Array<uint16_t> verify_sigalgs;
@@ -2732,6 +2740,11 @@ struct SSL_CONFIG {
2732
2740
  bool jdk11_workaround : 1;
2733
2741
  };
2734
2742
 
2743
+ // Computes a SHA-256 hash of the transport parameters and early data context
2744
+ // for QUIC, putting the hash in |SHA256_DIGEST_LENGTH| bytes at |hash_out|.
2745
+ bool compute_quic_early_data_hash(const SSL_CONFIG *config,
2746
+ uint8_t hash_out[SHA256_DIGEST_LENGTH]);
2747
+
2735
2748
  // From RFC 8446, used in determining PSK modes.
2736
2749
  #define SSL_PSK_DHE_KE 0x1
2737
2750
 
@@ -2835,29 +2848,29 @@ void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
2835
2848
 
2836
2849
  void ssl_send_alert(SSL *ssl, int level, int desc);
2837
2850
  int ssl_send_alert_impl(SSL *ssl, int level, int desc);
2838
- bool ssl3_get_message(const SSL *ssl, SSLMessage *out);
2839
- ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
2840
- uint8_t *out_alert, Span<uint8_t> in);
2841
- void ssl3_next_message(SSL *ssl);
2851
+ bool tls_get_message(const SSL *ssl, SSLMessage *out);
2852
+ ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
2853
+ uint8_t *out_alert, Span<uint8_t> in);
2854
+ void tls_next_message(SSL *ssl);
2842
2855
 
2843
- int ssl3_dispatch_alert(SSL *ssl);
2844
- ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out,
2845
- size_t *out_consumed, uint8_t *out_alert,
2846
- Span<uint8_t> in);
2847
- ssl_open_record_t ssl3_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
2848
- uint8_t *out_alert,
2849
- Span<uint8_t> in);
2850
- int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
2851
- int len);
2856
+ int tls_dispatch_alert(SSL *ssl);
2857
+ ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out,
2858
+ size_t *out_consumed, uint8_t *out_alert,
2859
+ Span<uint8_t> in);
2860
+ ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
2861
+ uint8_t *out_alert,
2862
+ Span<uint8_t> in);
2863
+ int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
2864
+ int len);
2852
2865
 
2853
- bool ssl3_new(SSL *ssl);
2854
- void ssl3_free(SSL *ssl);
2866
+ bool tls_new(SSL *ssl);
2867
+ void tls_free(SSL *ssl);
2855
2868
 
2856
- bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2857
- bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
2858
- bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg);
2859
- bool ssl3_add_change_cipher_spec(SSL *ssl);
2860
- int ssl3_flush_flight(SSL *ssl);
2869
+ bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2870
+ bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
2871
+ bool tls_add_message(SSL *ssl, Array<uint8_t> msg);
2872
+ bool tls_add_change_cipher_spec(SSL *ssl);
2873
+ int tls_flush_flight(SSL *ssl);
2861
2874
 
2862
2875
  bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2863
2876
  bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
@@ -3307,9 +3320,6 @@ struct ssl_ctx_st {
3307
3320
  // protocols from the peer.
3308
3321
  bool allow_unknown_alpn_protos : 1;
3309
3322
 
3310
- // ed25519_enabled is whether Ed25519 is advertised in the handshake.
3311
- bool ed25519_enabled : 1;
3312
-
3313
3323
  // false_start_allowed_without_alpn is whether False Start (if
3314
3324
  // |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN.
3315
3325
  bool false_start_allowed_without_alpn : 1;
@@ -3546,6 +3556,13 @@ struct ssl_session_st {
3546
3556
  // is_server is whether this session was created by a server.
3547
3557
  bool is_server : 1;
3548
3558
 
3559
+ // is_quic indicates whether this session was created using QUIC.
3560
+ bool is_quic : 1;
3561
+
3562
+ // quic_early_data_hash is used to determine whether early data must be
3563
+ // rejected when performing a QUIC handshake.
3564
+ bssl::Array<uint8_t> quic_early_data_hash;
3565
+
3549
3566
  private:
3550
3567
  ~ssl_session_st();
3551
3568
  friend void SSL_SESSION_free(SSL_SESSION *);
@@ -168,7 +168,7 @@ static bool add_record_to_flight(SSL *ssl, uint8_t type,
168
168
  return true;
169
169
  }
170
170
 
171
- bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
171
+ bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
172
172
  // Pick a modest size hint to save most of the |realloc| calls.
173
173
  if (!CBB_init(cbb, 64) ||
174
174
  !CBB_add_u8(cbb, type) ||
@@ -181,11 +181,11 @@ bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
181
181
  return true;
182
182
  }
183
183
 
184
- bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
184
+ bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
185
185
  return CBBFinishArray(cbb, out_msg);
186
186
  }
187
187
 
188
- bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg) {
188
+ bool tls_add_message(SSL *ssl, Array<uint8_t> msg) {
189
189
  // Pack handshake data into the minimal number of records. This avoids
190
190
  // unnecessary encryption overhead, notably in TLS 1.3 where we send several
191
191
  // encrypted messages in a row. For now, we do not do this for the null
@@ -262,7 +262,7 @@ bool tls_flush_pending_hs_data(SSL *ssl) {
262
262
  return add_record_to_flight(ssl, SSL3_RT_HANDSHAKE, data);
263
263
  }
264
264
 
265
- bool ssl3_add_change_cipher_spec(SSL *ssl) {
265
+ bool tls_add_change_cipher_spec(SSL *ssl) {
266
266
  static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
267
267
 
268
268
  if (!tls_flush_pending_hs_data(ssl)) {
@@ -280,7 +280,7 @@ bool ssl3_add_change_cipher_spec(SSL *ssl) {
280
280
  return true;
281
281
  }
282
282
 
283
- int ssl3_flush_flight(SSL *ssl) {
283
+ int tls_flush_flight(SSL *ssl) {
284
284
  if (!tls_flush_pending_hs_data(ssl)) {
285
285
  return -1;
286
286
  }
@@ -496,7 +496,7 @@ static bool parse_message(const SSL *ssl, SSLMessage *out,
496
496
  return true;
497
497
  }
498
498
 
499
- bool ssl3_get_message(const SSL *ssl, SSLMessage *out) {
499
+ bool tls_get_message(const SSL *ssl, SSLMessage *out) {
500
500
  size_t unused;
501
501
  if (!parse_message(ssl, out, &unused)) {
502
502
  return false;
@@ -552,8 +552,8 @@ bool tls_append_handshake_data(SSL *ssl, Span data) {
552
552
  BUF_MEM_append(ssl->s3->hs_buf.get(), data.data(), data.size());
553
553
  }
554
554
 
555
- ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
556
- uint8_t *out_alert, Span<uint8_t> in) {
555
+ ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
556
+ uint8_t *out_alert, Span<uint8_t> in) {
557
557
  *out_consumed = 0;
558
558
  // Bypass the record layer for the first message to handle V2ClientHello.
559
559
  if (ssl->server && !ssl->s3->v2_hello_done) {
@@ -631,9 +631,9 @@ ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
631
631
  return ssl_open_record_success;
632
632
  }
633
633
 
634
- void ssl3_next_message(SSL *ssl) {
634
+ void tls_next_message(SSL *ssl) {
635
635
  SSLMessage msg;
636
- if (!ssl3_get_message(ssl, &msg) ||
636
+ if (!tls_get_message(ssl, &msg) ||
637
637
  !ssl->s3->hs_buf ||
638
638
  ssl->s3->hs_buf->length < CBS_len(&msg.raw)) {
639
639
  assert(0);