grpc 1.28.0 → 1.31.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8314 -11869
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +591 -479
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +279 -324
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +733 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1143 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +38 -8
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +49 -55
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +43 -23
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +565 -234
- data/src/core/ext/filters/client_channel/xds/xds_api.h +102 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +55 -71
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +619 -347
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/re2/re2/bitmap256.h +117 -0
- data/third_party/re2/re2/bitstate.cc +385 -0
- data/third_party/re2/re2/compile.cc +1279 -0
- data/third_party/re2/re2/dfa.cc +2130 -0
- data/third_party/re2/re2/filtered_re2.cc +121 -0
- data/third_party/re2/re2/filtered_re2.h +109 -0
- data/third_party/re2/re2/mimics_pcre.cc +197 -0
- data/third_party/re2/re2/nfa.cc +713 -0
- data/third_party/re2/re2/onepass.cc +623 -0
- data/third_party/re2/re2/parse.cc +2464 -0
- data/third_party/re2/re2/perl_groups.cc +119 -0
- data/third_party/re2/re2/pod_array.h +55 -0
- data/third_party/re2/re2/prefilter.cc +710 -0
- data/third_party/re2/re2/prefilter.h +108 -0
- data/third_party/re2/re2/prefilter_tree.cc +407 -0
- data/third_party/re2/re2/prefilter_tree.h +139 -0
- data/third_party/re2/re2/prog.cc +988 -0
- data/third_party/re2/re2/prog.h +436 -0
- data/third_party/re2/re2/re2.cc +1362 -0
- data/third_party/re2/re2/re2.h +1002 -0
- data/third_party/re2/re2/regexp.cc +980 -0
- data/third_party/re2/re2/regexp.h +659 -0
- data/third_party/re2/re2/set.cc +154 -0
- data/third_party/re2/re2/set.h +80 -0
- data/third_party/re2/re2/simplify.cc +657 -0
- data/third_party/re2/re2/sparse_array.h +392 -0
- data/third_party/re2/re2/sparse_set.h +264 -0
- data/third_party/re2/re2/stringpiece.cc +65 -0
- data/third_party/re2/re2/stringpiece.h +210 -0
- data/third_party/re2/re2/tostring.cc +351 -0
- data/third_party/re2/re2/unicode_casefold.cc +582 -0
- data/third_party/re2/re2/unicode_casefold.h +78 -0
- data/third_party/re2/re2/unicode_groups.cc +6269 -0
- data/third_party/re2/re2/unicode_groups.h +67 -0
- data/third_party/re2/re2/walker-inl.h +246 -0
- data/third_party/re2/util/benchmark.h +156 -0
- data/third_party/re2/util/flags.h +26 -0
- data/third_party/re2/util/logging.h +109 -0
- data/third_party/re2/util/malloc_counter.h +19 -0
- data/third_party/re2/util/mix.h +41 -0
- data/third_party/re2/util/mutex.h +148 -0
- data/third_party/re2/util/pcre.cc +1025 -0
- data/third_party/re2/util/pcre.h +681 -0
- data/third_party/re2/util/rune.cc +260 -0
- data/third_party/re2/util/strutil.cc +149 -0
- data/third_party/re2/util/strutil.h +21 -0
- data/third_party/re2/util/test.h +50 -0
- data/third_party/re2/util/utf.h +44 -0
- data/third_party/re2/util/util.h +42 -0
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +175 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -413,7 +413,6 @@ bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
|
|
413
413
|
// algorithms for verifying.
|
414
414
|
static const uint16_t kVerifySignatureAlgorithms[] = {
|
415
415
|
// List our preferred algorithms first.
|
416
|
-
SSL_SIGN_ED25519,
|
417
416
|
SSL_SIGN_ECDSA_SECP256R1_SHA256,
|
418
417
|
SSL_SIGN_RSA_PSS_RSAE_SHA256,
|
419
418
|
SSL_SIGN_RSA_PKCS1_SHA256,
|
@@ -455,39 +454,15 @@ static const uint16_t kSignSignatureAlgorithms[] = {
|
|
455
454
|
SSL_SIGN_RSA_PKCS1_SHA1,
|
456
455
|
};
|
457
456
|
|
458
|
-
|
459
|
-
|
460
|
-
|
461
|
-
uint16_t sigalg = list[0];
|
462
|
-
list = list.subspan(1);
|
463
|
-
if (skip_ed25519 && sigalg == SSL_SIGN_ED25519) {
|
464
|
-
continue;
|
465
|
-
}
|
466
|
-
*out = sigalg;
|
467
|
-
return true;
|
468
|
-
}
|
469
|
-
return false;
|
457
|
+
static Span<const uint16_t> tls12_get_verify_sigalgs(const SSL_HANDSHAKE *hs) {
|
458
|
+
if (hs->config->verify_sigalgs.empty()) {
|
459
|
+
return Span<const uint16_t>(kVerifySignatureAlgorithms);
|
470
460
|
}
|
471
|
-
|
472
|
-
Span<const uint16_t> list;
|
473
|
-
bool skip_ed25519 = false;
|
474
|
-
};
|
475
|
-
|
476
|
-
static SSLSignatureAlgorithmList tls12_get_verify_sigalgs(const SSL *ssl) {
|
477
|
-
SSLSignatureAlgorithmList ret;
|
478
|
-
if (!ssl->config->verify_sigalgs.empty()) {
|
479
|
-
ret.list = ssl->config->verify_sigalgs;
|
480
|
-
} else {
|
481
|
-
ret.list = kVerifySignatureAlgorithms;
|
482
|
-
ret.skip_ed25519 = !ssl->ctx->ed25519_enabled;
|
483
|
-
}
|
484
|
-
return ret;
|
461
|
+
return hs->config->verify_sigalgs;
|
485
462
|
}
|
486
463
|
|
487
|
-
bool tls12_add_verify_sigalgs(const
|
488
|
-
|
489
|
-
uint16_t sigalg;
|
490
|
-
while (list.Next(&sigalg)) {
|
464
|
+
bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out) {
|
465
|
+
for (uint16_t sigalg : tls12_get_verify_sigalgs(hs)) {
|
491
466
|
if (!CBB_add_u16(out, sigalg)) {
|
492
467
|
return false;
|
493
468
|
}
|
@@ -495,11 +470,9 @@ bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
|
|
495
470
|
return true;
|
496
471
|
}
|
497
472
|
|
498
|
-
bool tls12_check_peer_sigalg(const
|
473
|
+
bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
499
474
|
uint16_t sigalg) {
|
500
|
-
|
501
|
-
uint16_t verify_sigalg;
|
502
|
-
while (list.Next(&verify_sigalg)) {
|
475
|
+
for (uint16_t verify_sigalg : tls12_get_verify_sigalgs(hs)) {
|
503
476
|
if (verify_sigalg == sigalg) {
|
504
477
|
return true;
|
505
478
|
}
|
@@ -936,7 +909,6 @@ static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
936
909
|
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
937
910
|
|
938
911
|
static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
939
|
-
SSL *const ssl = hs->ssl;
|
940
912
|
if (hs->max_version < TLS1_2_VERSION) {
|
941
913
|
return true;
|
942
914
|
}
|
@@ -945,7 +917,7 @@ static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
945
917
|
if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms) ||
|
946
918
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
947
919
|
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
|
948
|
-
!tls12_add_verify_sigalgs(
|
920
|
+
!tls12_add_verify_sigalgs(hs, &sigalgs_cbb) ||
|
949
921
|
!CBB_flush(out)) {
|
950
922
|
return false;
|
951
923
|
}
|
@@ -2575,10 +2547,17 @@ static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2575
2547
|
|
2576
2548
|
static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
2577
2549
|
CBB *out) {
|
2578
|
-
if (hs->config->quic_transport_params.empty()
|
2579
|
-
hs->max_version <= TLS1_2_VERSION) {
|
2550
|
+
if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
|
2580
2551
|
return true;
|
2581
2552
|
}
|
2553
|
+
if (hs->config->quic_transport_params.empty() || !hs->ssl->quic_method) {
|
2554
|
+
// QUIC Transport Parameters must be sent over QUIC, and they must not be
|
2555
|
+
// sent over non-QUIC transports. If transport params are set, then
|
2556
|
+
// SSL(_CTX)_set_quic_method must also be called.
|
2557
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2558
|
+
return false;
|
2559
|
+
}
|
2560
|
+
assert(hs->min_version > TLS1_2_VERSION);
|
2582
2561
|
|
2583
2562
|
CBB contents;
|
2584
2563
|
if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
|
@@ -2596,13 +2575,19 @@ static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2596
2575
|
CBS *contents) {
|
2597
2576
|
SSL *const ssl = hs->ssl;
|
2598
2577
|
if (contents == nullptr) {
|
2599
|
-
|
2578
|
+
if (!ssl->quic_method) {
|
2579
|
+
return true;
|
2580
|
+
}
|
2581
|
+
assert(ssl->quic_method);
|
2582
|
+
*out_alert = SSL_AD_MISSING_EXTENSION;
|
2583
|
+
return false;
|
2600
2584
|
}
|
2601
|
-
|
2602
|
-
if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
2585
|
+
if (!ssl->quic_method) {
|
2603
2586
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
2604
2587
|
return false;
|
2605
2588
|
}
|
2589
|
+
// QUIC requires TLS 1.3.
|
2590
|
+
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
2606
2591
|
|
2607
2592
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2608
2593
|
}
|
@@ -2611,21 +2596,34 @@ static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2611
2596
|
uint8_t *out_alert,
|
2612
2597
|
CBS *contents) {
|
2613
2598
|
SSL *const ssl = hs->ssl;
|
2614
|
-
if (!contents
|
2615
|
-
|
2599
|
+
if (!contents) {
|
2600
|
+
if (!ssl->quic_method) {
|
2601
|
+
if (hs->config->quic_transport_params.empty()) {
|
2602
|
+
return true;
|
2603
|
+
}
|
2604
|
+
// QUIC transport parameters must not be set if |ssl| is not configured
|
2605
|
+
// for QUIC.
|
2606
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2607
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
2608
|
+
}
|
2609
|
+
*out_alert = SSL_AD_MISSING_EXTENSION;
|
2610
|
+
return false;
|
2616
2611
|
}
|
2617
|
-
|
2618
|
-
|
2619
|
-
return
|
2612
|
+
if (!ssl->quic_method) {
|
2613
|
+
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
2614
|
+
return false;
|
2620
2615
|
}
|
2621
|
-
|
2616
|
+
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
2622
2617
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2623
2618
|
}
|
2624
2619
|
|
2625
2620
|
static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
|
2626
2621
|
CBB *out) {
|
2622
|
+
assert(hs->ssl->quic_method != nullptr);
|
2627
2623
|
if (hs->config->quic_transport_params.empty()) {
|
2628
|
-
|
2624
|
+
// Transport parameters must be set when using QUIC.
|
2625
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2626
|
+
return false;
|
2629
2627
|
}
|
2630
2628
|
|
2631
2629
|
CBB contents;
|
@@ -3870,7 +3868,3 @@ int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
|
|
3870
3868
|
*out_len = CBS_len(&cbs);
|
3871
3869
|
return 1;
|
3872
3870
|
}
|
3873
|
-
|
3874
|
-
void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled) {
|
3875
|
-
ctx->ed25519_enabled = !!enabled;
|
3876
|
-
}
|
@@ -356,7 +356,7 @@ bool tls13_process_certificate_verify(SSL_HANDSHAKE *hs, const SSLMessage &msg)
|
|
356
356
|
}
|
357
357
|
|
358
358
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
359
|
-
if (!tls12_check_peer_sigalg(
|
359
|
+
if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
|
360
360
|
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
361
361
|
return false;
|
362
362
|
}
|
@@ -52,6 +52,54 @@ enum client_hs_state_t {
|
|
52
52
|
|
53
53
|
static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
|
54
54
|
|
55
|
+
// end_of_early_data closes the early data stream for |hs| and switches the
|
56
|
+
// encryption level to |level|. It returns true on success and false on error.
|
57
|
+
static bool close_early_data(SSL_HANDSHAKE *hs, ssl_encryption_level_t level) {
|
58
|
+
SSL *const ssl = hs->ssl;
|
59
|
+
assert(hs->in_early_data);
|
60
|
+
|
61
|
+
// Note |can_early_write| may already be false if |SSL_write| exceeded the
|
62
|
+
// early data write limit.
|
63
|
+
hs->can_early_write = false;
|
64
|
+
|
65
|
+
// 0-RTT write states on the client differ between TLS 1.3, DTLS 1.3, and
|
66
|
+
// QUIC. TLS 1.3 has one write encryption level at a time. 0-RTT write keys
|
67
|
+
// overwrite the null cipher and defer handshake write keys. While a
|
68
|
+
// HelloRetryRequest can cause us to rewind back to the null cipher, sequence
|
69
|
+
// numbers have no effect, so we can install a "new" null cipher.
|
70
|
+
//
|
71
|
+
// In QUIC and DTLS 1.3, 0-RTT write state cannot override or defer the normal
|
72
|
+
// write state. The two ClientHello sequence numbers must align, and handshake
|
73
|
+
// write keys must be installed early to ACK the EncryptedExtensions.
|
74
|
+
//
|
75
|
+
// We do not currently implement DTLS 1.3 and, in QUIC, the caller handles
|
76
|
+
// 0-RTT data, so we can skip installing 0-RTT keys and act as if there is one
|
77
|
+
// write level. If we implement DTLS 1.3, we'll need to model this better.
|
78
|
+
if (ssl->quic_method == nullptr) {
|
79
|
+
if (level == ssl_encryption_initial) {
|
80
|
+
bssl::UniquePtr<SSLAEADContext> null_ctx =
|
81
|
+
SSLAEADContext::CreateNullCipher(SSL_is_dtls(ssl));
|
82
|
+
if (!null_ctx ||
|
83
|
+
!ssl->method->set_write_state(ssl, ssl_encryption_initial,
|
84
|
+
std::move(null_ctx),
|
85
|
+
/*secret_for_quic=*/{})) {
|
86
|
+
return false;
|
87
|
+
}
|
88
|
+
ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
|
89
|
+
} else {
|
90
|
+
assert(level == ssl_encryption_handshake);
|
91
|
+
if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal,
|
92
|
+
hs->new_session.get(),
|
93
|
+
hs->client_handshake_secret())) {
|
94
|
+
return false;
|
95
|
+
}
|
96
|
+
}
|
97
|
+
}
|
98
|
+
|
99
|
+
assert(ssl->s3->write_level == level);
|
100
|
+
return true;
|
101
|
+
}
|
102
|
+
|
55
103
|
static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
|
56
104
|
SSL *const ssl = hs->ssl;
|
57
105
|
assert(ssl->s3->have_version);
|
@@ -183,28 +231,30 @@ static enum ssl_hs_wait_t do_read_hello_retry_request(SSL_HANDSHAKE *hs) {
|
|
183
231
|
return ssl_hs_error;
|
184
232
|
}
|
185
233
|
|
234
|
+
// HelloRetryRequest should be the end of the flight.
|
235
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
236
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
237
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
238
|
+
return ssl_hs_error;
|
239
|
+
}
|
240
|
+
|
186
241
|
ssl->method->next_message(ssl);
|
187
242
|
ssl->s3->used_hello_retry_request = true;
|
188
243
|
hs->tls13_state = state_send_second_client_hello;
|
189
244
|
// 0-RTT is rejected if we receive a HelloRetryRequest.
|
190
245
|
if (hs->in_early_data) {
|
191
246
|
ssl->s3->early_data_reason = ssl_early_data_hello_retry_request;
|
247
|
+
if (!close_early_data(hs, ssl_encryption_initial)) {
|
248
|
+
return ssl_hs_error;
|
249
|
+
}
|
192
250
|
return ssl_hs_early_data_rejected;
|
193
251
|
}
|
194
252
|
return ssl_hs_ok;
|
195
253
|
}
|
196
254
|
|
197
255
|
static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) {
|
198
|
-
|
199
|
-
|
200
|
-
bssl::UniquePtr<SSLAEADContext> null_ctx =
|
201
|
-
SSLAEADContext::CreateNullCipher(SSL_is_dtls(ssl));
|
202
|
-
if (!null_ctx ||
|
203
|
-
!ssl->method->set_write_state(ssl, std::move(null_ctx))) {
|
204
|
-
return ssl_hs_error;
|
205
|
-
}
|
206
|
-
|
207
|
-
ssl->s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
|
256
|
+
// Any 0-RTT keys must have been discarded.
|
257
|
+
assert(hs->ssl->s3->write_level == ssl_encryption_initial);
|
208
258
|
|
209
259
|
if (!ssl_write_client_hello(hs)) {
|
210
260
|
return ssl_hs_error;
|
@@ -391,21 +441,28 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
|
|
391
441
|
|
392
442
|
if (!tls13_advance_key_schedule(hs, dhe_secret) ||
|
393
443
|
!ssl_hash_message(hs, msg) ||
|
394
|
-
!tls13_derive_handshake_secrets(hs)
|
395
|
-
!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
|
396
|
-
hs->server_handshake_secret())) {
|
444
|
+
!tls13_derive_handshake_secrets(hs)) {
|
397
445
|
return ssl_hs_error;
|
398
446
|
}
|
399
447
|
|
400
|
-
|
401
|
-
|
402
|
-
|
448
|
+
// If currently sending early data over TCP, we defer installing client
|
449
|
+
// traffic keys to when the early data stream is closed. See
|
450
|
+
// |close_early_data|. Note if the server has already rejected 0-RTT via
|
451
|
+
// HelloRetryRequest, |in_early_data| is already false.
|
452
|
+
if (!hs->in_early_data || ssl->quic_method != nullptr) {
|
403
453
|
if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal,
|
454
|
+
hs->new_session.get(),
|
404
455
|
hs->client_handshake_secret())) {
|
405
456
|
return ssl_hs_error;
|
406
457
|
}
|
407
458
|
}
|
408
459
|
|
460
|
+
if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
|
461
|
+
hs->new_session.get(),
|
462
|
+
hs->server_handshake_secret())) {
|
463
|
+
return ssl_hs_error;
|
464
|
+
}
|
465
|
+
|
409
466
|
ssl->method->next_message(ssl);
|
410
467
|
hs->tls13_state = state_read_encrypted_extensions;
|
411
468
|
return ssl_hs_ok;
|
@@ -439,14 +496,20 @@ static enum ssl_hs_wait_t do_read_encrypted_extensions(SSL_HANDSHAKE *hs) {
|
|
439
496
|
}
|
440
497
|
|
441
498
|
if (ssl->s3->early_data_accepted) {
|
442
|
-
if (hs->early_session->cipher != hs->new_session->cipher
|
443
|
-
|
444
|
-
|
499
|
+
if (hs->early_session->cipher != hs->new_session->cipher) {
|
500
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA);
|
501
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
502
|
+
return ssl_hs_error;
|
503
|
+
}
|
504
|
+
if (MakeConstSpan(hs->early_session->early_alpn) !=
|
505
|
+
ssl->s3->alpn_selected) {
|
445
506
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ALPN_MISMATCH_ON_EARLY_DATA);
|
507
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
446
508
|
return ssl_hs_error;
|
447
509
|
}
|
448
510
|
if (ssl->s3->channel_id_valid || ssl->s3->token_binding_negotiated) {
|
449
511
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA);
|
512
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
450
513
|
return ssl_hs_error;
|
451
514
|
}
|
452
515
|
}
|
@@ -458,6 +521,9 @@ static enum ssl_hs_wait_t do_read_encrypted_extensions(SSL_HANDSHAKE *hs) {
|
|
458
521
|
ssl->method->next_message(ssl);
|
459
522
|
hs->tls13_state = state_read_certificate_request;
|
460
523
|
if (hs->in_early_data && !ssl->s3->early_data_accepted) {
|
524
|
+
if (!close_early_data(hs, ssl_encryption_handshake)) {
|
525
|
+
return ssl_hs_error;
|
526
|
+
}
|
461
527
|
return ssl_hs_early_data_rejected;
|
462
528
|
}
|
463
529
|
return ssl_hs_ok;
|
@@ -622,6 +688,13 @@ static enum ssl_hs_wait_t do_read_server_finished(SSL_HANDSHAKE *hs) {
|
|
622
688
|
return ssl_hs_error;
|
623
689
|
}
|
624
690
|
|
691
|
+
// Finished should be the end of the flight.
|
692
|
+
if (ssl->method->has_unprocessed_handshake_data(ssl)) {
|
693
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
|
694
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
|
695
|
+
return ssl_hs_error;
|
696
|
+
}
|
697
|
+
|
625
698
|
ssl->method->next_message(ssl);
|
626
699
|
hs->tls13_state = state_send_end_of_early_data;
|
627
700
|
return ssl_hs_ok;
|
@@ -631,7 +704,6 @@ static enum ssl_hs_wait_t do_send_end_of_early_data(SSL_HANDSHAKE *hs) {
|
|
631
704
|
SSL *const ssl = hs->ssl;
|
632
705
|
|
633
706
|
if (ssl->s3->early_data_accepted) {
|
634
|
-
hs->can_early_write = false;
|
635
707
|
// QUIC omits the EndOfEarlyData message. See draft-ietf-quic-tls-22,
|
636
708
|
// section 8.3.
|
637
709
|
if (ssl->quic_method == nullptr) {
|
@@ -643,11 +715,8 @@ static enum ssl_hs_wait_t do_send_end_of_early_data(SSL_HANDSHAKE *hs) {
|
|
643
715
|
return ssl_hs_error;
|
644
716
|
}
|
645
717
|
}
|
646
|
-
}
|
647
718
|
|
648
|
-
|
649
|
-
if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_seal,
|
650
|
-
hs->client_handshake_secret())) {
|
719
|
+
if (!close_early_data(hs, ssl_encryption_handshake)) {
|
651
720
|
return ssl_hs_error;
|
652
721
|
}
|
653
722
|
}
|
@@ -741,10 +810,12 @@ static enum ssl_hs_wait_t do_complete_second_flight(SSL_HANDSHAKE *hs) {
|
|
741
810
|
}
|
742
811
|
|
743
812
|
// Derive the final keys and enable them.
|
744
|
-
if (!tls13_set_traffic_key(ssl, ssl_encryption_application,
|
745
|
-
hs->
|
746
|
-
!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
|
813
|
+
if (!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
|
814
|
+
hs->new_session.get(),
|
747
815
|
hs->client_traffic_secret_0()) ||
|
816
|
+
!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_open,
|
817
|
+
hs->new_session.get(),
|
818
|
+
hs->server_traffic_secret_0()) ||
|
748
819
|
!tls13_derive_resumption_secret(hs)) {
|
749
820
|
return ssl_hs_error;
|
750
821
|
}
|
@@ -860,26 +931,43 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
860
931
|
return true;
|
861
932
|
}
|
862
933
|
|
934
|
+
CBS body = msg.body;
|
935
|
+
UniquePtr<SSL_SESSION> session = tls13_create_session_with_ticket(ssl, &body);
|
936
|
+
if (!session) {
|
937
|
+
return false;
|
938
|
+
}
|
939
|
+
|
940
|
+
if ((ssl->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) &&
|
941
|
+
ssl->session_ctx->new_session_cb != NULL &&
|
942
|
+
ssl->session_ctx->new_session_cb(ssl, session.get())) {
|
943
|
+
// |new_session_cb|'s return value signals that it took ownership.
|
944
|
+
session.release();
|
945
|
+
}
|
946
|
+
|
947
|
+
return true;
|
948
|
+
}
|
949
|
+
|
950
|
+
UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl, CBS *body) {
|
863
951
|
UniquePtr<SSL_SESSION> session = SSL_SESSION_dup(
|
864
952
|
ssl->s3->established_session.get(), SSL_SESSION_INCLUDE_NONAUTH);
|
865
953
|
if (!session) {
|
866
|
-
return
|
954
|
+
return nullptr;
|
867
955
|
}
|
868
956
|
|
869
957
|
ssl_session_rebase_time(ssl, session.get());
|
870
958
|
|
871
959
|
uint32_t server_timeout;
|
872
|
-
CBS
|
873
|
-
if (!CBS_get_u32(
|
874
|
-
!CBS_get_u32(
|
875
|
-
!CBS_get_u8_length_prefixed(
|
876
|
-
!CBS_get_u16_length_prefixed(
|
960
|
+
CBS ticket_nonce, ticket, extensions;
|
961
|
+
if (!CBS_get_u32(body, &server_timeout) ||
|
962
|
+
!CBS_get_u32(body, &session->ticket_age_add) ||
|
963
|
+
!CBS_get_u8_length_prefixed(body, &ticket_nonce) ||
|
964
|
+
!CBS_get_u16_length_prefixed(body, &ticket) ||
|
877
965
|
!session->ticket.CopyFrom(ticket) ||
|
878
|
-
!CBS_get_u16_length_prefixed(
|
879
|
-
CBS_len(
|
966
|
+
!CBS_get_u16_length_prefixed(body, &extensions) ||
|
967
|
+
CBS_len(body) != 0) {
|
880
968
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
881
969
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
882
|
-
return
|
970
|
+
return nullptr;
|
883
971
|
}
|
884
972
|
|
885
973
|
// Cap the renewable lifetime by the server advertised value. This avoids
|
@@ -889,7 +977,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
889
977
|
}
|
890
978
|
|
891
979
|
if (!tls13_derive_session_psk(session.get(), ticket_nonce)) {
|
892
|
-
return
|
980
|
+
return nullptr;
|
893
981
|
}
|
894
982
|
|
895
983
|
// Parse out the extensions.
|
@@ -904,7 +992,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
904
992
|
OPENSSL_ARRAY_SIZE(ext_types),
|
905
993
|
1 /* ignore unknown */)) {
|
906
994
|
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
907
|
-
return
|
995
|
+
return nullptr;
|
908
996
|
}
|
909
997
|
|
910
998
|
if (have_early_data) {
|
@@ -912,7 +1000,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
912
1000
|
CBS_len(&early_data) != 0) {
|
913
1001
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
914
1002
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
915
|
-
return
|
1003
|
+
return nullptr;
|
916
1004
|
}
|
917
1005
|
|
918
1006
|
// QUIC does not use the max_early_data_size parameter and always sets it to
|
@@ -921,7 +1009,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
921
1009
|
session->ticket_max_early_data != 0xffffffff) {
|
922
1010
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
923
1011
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
924
|
-
return
|
1012
|
+
return nullptr;
|
925
1013
|
}
|
926
1014
|
}
|
927
1015
|
|
@@ -933,14 +1021,7 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg) {
|
|
933
1021
|
session->ticket_age_add_valid = true;
|
934
1022
|
session->not_resumable = false;
|
935
1023
|
|
936
|
-
|
937
|
-
ssl->session_ctx->new_session_cb != NULL &&
|
938
|
-
ssl->session_ctx->new_session_cb(ssl, session.get())) {
|
939
|
-
// |new_session_cb|'s return value signals that it took ownership.
|
940
|
-
session.release();
|
941
|
-
}
|
942
|
-
|
943
|
-
return true;
|
1024
|
+
return session;
|
944
1025
|
}
|
945
1026
|
|
946
1027
|
BSSL_NAMESPACE_END
|