grpc 1.31.1 → 1.32.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +595 -15723
- data/include/grpc/grpc_security.h +31 -14
- data/include/grpc/impl/codegen/README.md +22 -0
- data/include/grpc/impl/codegen/port_platform.h +6 -1
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +64 -20
- data/src/core/ext/filters/client_channel/client_channel.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +6 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +20 -13
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -13
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +29 -10
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +20 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +18 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +22 -14
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +18 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +54 -56
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +363 -14
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +0 -1
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +5 -4
- data/src/core/ext/filters/client_channel/server_address.cc +40 -7
- data/src/core/ext/filters/client_channel/server_address.h +42 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +64 -23
- data/src/core/ext/filters/client_channel/subchannel.h +16 -4
- data/src/core/ext/filters/max_age/max_age_filter.cc +2 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +18 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +10 -35
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +19 -25
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +6 -6
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +239 -277
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +5 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +1 -28
- data/src/core/ext/transport/chttp2/transport/writing.cc +6 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +12 -12
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +224 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +700 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +380 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1378 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/filter.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/outlier_detection.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +334 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/backoff.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +309 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +96 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +328 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +195 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +634 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/http_uri.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +152 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +536 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
- data/src/core/ext/upb-generated/envoy/config/listener/{v2 → v3}/api_listener.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +108 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +401 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +138 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +490 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +174 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +599 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +773 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2855 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +135 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +312 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1125 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +111 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +401 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +5 -4
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +129 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +386 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +127 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
- data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
- data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +8 -8
- data/src/core/ext/upb-generated/envoy/type/{percent.upb.c → v3/percent.upb.c} +9 -8
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
- data/src/core/ext/upb-generated/envoy/type/{range.upb.c → v3/range.upb.c} +12 -11
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
- data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +6 -5
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +36 -36
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +11 -11
- data/src/core/ext/upb-generated/validate/validate.upb.h +1 -1
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_api.cc +1045 -767
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_api.h +114 -99
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +44 -2
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +8 -3
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel.h +4 -4
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +3 -3
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_secure.cc +2 -5
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +85 -417
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +12 -45
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +2 -2
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +3 -3
- data/src/core/lib/channel/channelz.cc +14 -15
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/channelz_registry.cc +3 -1
- data/src/core/lib/gpr/sync_posix.cc +2 -8
- data/src/core/lib/iomgr/endpoint.cc +5 -1
- data/src/core/lib/iomgr/endpoint.h +7 -3
- data/src/core/lib/iomgr/endpoint_cfstream.cc +32 -11
- data/src/core/lib/iomgr/ev_posix.cc +0 -2
- data/src/core/lib/iomgr/iomgr.cc +0 -10
- data/src/core/lib/iomgr/iomgr.h +0 -10
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +1 -1
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.h +3 -3
- data/src/core/lib/iomgr/sockaddr_utils.cc +2 -1
- data/src/core/lib/iomgr/sockaddr_utils.h +2 -1
- data/src/core/lib/iomgr/tcp_custom.cc +32 -16
- data/src/core/lib/iomgr/tcp_posix.cc +31 -13
- data/src/core/lib/iomgr/tcp_windows.cc +26 -10
- data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
- data/src/core/lib/security/authorization/authorization_engine.h +84 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
- data/src/core/lib/security/authorization/evaluate_args.h +59 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +42 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +68 -0
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +93 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +56 -0
- data/src/core/lib/security/authorization/mock_cel/statusor.h +50 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +56 -38
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -2
- data/src/core/lib/security/transport/secure_endpoint.cc +7 -1
- data/src/core/lib/surface/call.cc +12 -12
- data/src/core/lib/surface/call.h +2 -1
- data/src/core/lib/surface/channel.cc +28 -20
- data/src/core/lib/surface/channel.h +12 -2
- data/src/core/lib/surface/completion_queue.cc +10 -272
- data/src/core/lib/surface/completion_queue.h +0 -8
- data/src/core/lib/surface/init.cc +1 -3
- data/src/core/lib/surface/server.cc +1066 -1244
- data/src/core/lib/surface/server.h +363 -87
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +38 -0
- data/src/core/lib/transport/authority_override.h +32 -0
- data/src/core/lib/transport/connectivity_state.cc +18 -13
- data/src/core/lib/transport/connectivity_state.h +18 -6
- data/src/core/lib/transport/error_utils.cc +13 -0
- data/src/core/lib/transport/error_utils.h +6 -0
- data/src/core/lib/transport/static_metadata.cc +295 -276
- data/src/core/lib/transport/static_metadata.h +80 -73
- data/src/core/lib/transport/transport.h +7 -0
- data/src/core/lib/uri/uri_parser.cc +23 -21
- data/src/core/lib/uri/uri_parser.h +3 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +22 -0
- data/src/core/tsi/ssl_transport_security.cc +3 -9
- data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -4
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +10 -0
- data/src/ruby/spec/generic/active_call_spec.rb +19 -8
- data/third_party/abseil-cpp/absl/algorithm/container.h +1727 -0
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +161 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
- data/third_party/abseil-cpp/absl/container/fixed_array.h +515 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +503 -0
- data/third_party/abseil-cpp/absl/container/internal/common.h +202 -0
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +440 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +146 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +191 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +269 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +297 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +49 -0
- data/third_party/abseil-cpp/absl/container/internal/layout.h +741 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1882 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +138 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1895 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +192 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +125 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +70 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +99 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +85 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +128 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +194 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +25 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1480 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
- data/third_party/abseil-cpp/absl/hash/hash.h +324 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +988 -0
- data/third_party/abseil-cpp/absl/status/status.cc +447 -0
- data/third_party/abseil-cpp/absl/status/status.h +428 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +43 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
- data/third_party/abseil-cpp/absl/strings/cord.cc +2019 -0
- data/third_party/abseil-cpp/absl/strings/cord.h +1121 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +151 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +261 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +484 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2728 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +1056 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
- data/third_party/abseil-cpp/absl/types/variant.h +861 -0
- data/third_party/boringssl-with-bazel/err_data.c +263 -257
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +456 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +192 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +52 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +39 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +11 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +10 -0
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +34 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
- data/third_party/upb/upb/decode.c +64 -15
- data/third_party/upb/upb/encode.c +2 -2
- data/third_party/upb/upb/msg.h +2 -2
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +0 -11
- data/third_party/upb/upb/table.int.h +0 -9
- data/third_party/upb/upb/upb.c +16 -14
- data/third_party/upb/upb/upb.h +26 -0
- data/third_party/upb/upb/upb.hpp +2 -0
- metadata +257 -155
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -34
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -429
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -198
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -388
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1453
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -226
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -323
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -334
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -79
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -891
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -328
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -71
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -649
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -693
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -536
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -88
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -386
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -224
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -32
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -273
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -332
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -415
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -32
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -538
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -111
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -204
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -32
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -2984
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -135
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -52
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -732
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1167
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -49
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -136
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -145
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -86
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -111
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -61
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -250
- data/src/core/lib/security/transport/target_authority_table.cc +0 -75
- data/src/core/lib/security/transport/target_authority_table.h +0 -40
- data/src/core/lib/slice/slice_hash_table.h +0 -199
- data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
@@ -0,0 +1,192 @@
|
|
1
|
+
/* Copyright (c) 2020, Google Inc.
|
2
|
+
*
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
6
|
+
*
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
|
+
|
15
|
+
#ifndef OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
16
|
+
#define OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
17
|
+
|
18
|
+
#include <openssl/aead.h>
|
19
|
+
#include <openssl/base.h>
|
20
|
+
#include <openssl/curve25519.h>
|
21
|
+
|
22
|
+
#if defined(__cplusplus)
|
23
|
+
extern "C" {
|
24
|
+
#endif
|
25
|
+
|
26
|
+
|
27
|
+
// Hybrid Public Key Encryption.
|
28
|
+
//
|
29
|
+
// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
|
30
|
+
// receiver with a public key.
|
31
|
+
//
|
32
|
+
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-04.
|
33
|
+
|
34
|
+
// EVP_HPKE_AEAD_* are AEAD identifiers.
|
35
|
+
#define EVP_HPKE_AEAD_AES_GCM_128 0x0001
|
36
|
+
#define EVP_HPKE_AEAD_AES_GCM_256 0x0002
|
37
|
+
#define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003
|
38
|
+
|
39
|
+
// EVP_HPKE_HKDF_* are HKDF identifiers.
|
40
|
+
#define EVP_HPKE_HKDF_SHA256 0x0001
|
41
|
+
#define EVP_HPKE_HKDF_SHA384 0x0002
|
42
|
+
#define EVP_HPKE_HKDF_SHA512 0x0003
|
43
|
+
|
44
|
+
// EVP_HPKE_MAX_OVERHEAD contains the largest value that
|
45
|
+
// |EVP_HPKE_CTX_max_overhead| would ever return for any context.
|
46
|
+
#define EVP_HPKE_MAX_OVERHEAD EVP_AEAD_MAX_OVERHEAD
|
47
|
+
|
48
|
+
|
49
|
+
// Encryption contexts.
|
50
|
+
|
51
|
+
// An |EVP_HPKE_CTX| is an HPKE encryption context.
|
52
|
+
typedef struct evp_hpke_ctx_st {
|
53
|
+
const EVP_MD *hkdf_md;
|
54
|
+
EVP_AEAD_CTX aead_ctx;
|
55
|
+
uint16_t kdf_id;
|
56
|
+
uint16_t aead_id;
|
57
|
+
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
58
|
+
uint8_t exporter_secret[EVP_MAX_MD_SIZE];
|
59
|
+
uint64_t seq;
|
60
|
+
int is_sender;
|
61
|
+
} EVP_HPKE_CTX;
|
62
|
+
|
63
|
+
// EVP_HPKE_CTX_init initializes an already-allocated |EVP_HPKE_CTX|. The caller
|
64
|
+
// should then use one of the |EVP_HPKE_CTX_setup_*| functions.
|
65
|
+
//
|
66
|
+
// It is safe, but not necessary to call |EVP_HPKE_CTX_cleanup| in this state.
|
67
|
+
OPENSSL_EXPORT void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx);
|
68
|
+
|
69
|
+
// EVP_HPKE_CTX_cleanup releases memory referenced by |ctx|. |ctx| must have
|
70
|
+
// been initialized with |EVP_HPKE_CTX_init|.
|
71
|
+
OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
|
72
|
+
|
73
|
+
|
74
|
+
// Setting up HPKE contexts.
|
75
|
+
//
|
76
|
+
// In each of the following functions, |hpke| must have been initialized with
|
77
|
+
// |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and
|
78
|
+
// must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
|
79
|
+
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*"
|
80
|
+
// constants."
|
81
|
+
//
|
82
|
+
// See https://www.ietf.org/id/draft-irtf-cfrg-hpke-04.html#section-5.1.1.
|
83
|
+
|
84
|
+
// EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
|
85
|
+
// encrypt for the private key corresponding to |peer_public_value| (the
|
86
|
+
// recipient's public key). It returns one on success, and zero otherwise. Note
|
87
|
+
// that this function may fail if |peer_public_value| is invalid.
|
88
|
+
//
|
89
|
+
// This function writes the encapsulated shared secret to |out_enc|.
|
90
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519(
|
91
|
+
EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
|
92
|
+
uint16_t kdf_id, uint16_t aead_id,
|
93
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
94
|
+
const uint8_t *info, size_t info_len);
|
95
|
+
|
96
|
+
// EVP_HPKE_CTX_setup_base_s_x25519_for_test behaves like
|
97
|
+
// |EVP_HPKE_CTX_setup_base_s_x25519|, but takes a pre-generated ephemeral
|
98
|
+
// sender key.
|
99
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
|
100
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
101
|
+
const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
|
102
|
+
const uint8_t *info, size_t info_len,
|
103
|
+
const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
|
104
|
+
const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]);
|
105
|
+
|
106
|
+
// EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that
|
107
|
+
// can decrypt messages. |private_key| is the recipient's private key, and |enc|
|
108
|
+
// is the encapsulated shared secret from the sender. Note that this function
|
109
|
+
// may fail if |enc| is invalid.
|
110
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
|
111
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
112
|
+
const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
|
113
|
+
const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
|
114
|
+
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
115
|
+
size_t info_len);
|
116
|
+
|
117
|
+
|
118
|
+
// Using an HPKE context.
|
119
|
+
|
120
|
+
// EVP_HPKE_CTX_open uses the HPKE context |hpke| to authenticate |in_len| bytes
|
121
|
+
// from |in| and |ad_len| bytes from |ad| and to decrypt at most |in_len| bytes
|
122
|
+
// into |out|. It returns one on success, and zero otherwise.
|
123
|
+
//
|
124
|
+
// This operation will fail if the |hpke| context is not set up as a receiver.
|
125
|
+
//
|
126
|
+
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
127
|
+
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
128
|
+
// |EVP_HPKE_CTX_open|, etc.
|
129
|
+
//
|
130
|
+
// At most |in_len| bytes are written to |out|. In order to ensure success,
|
131
|
+
// |max_out_len| should be at least |in_len|. On successful return, |*out_len|
|
132
|
+
// is set to the actual number of bytes written.
|
133
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out,
|
134
|
+
size_t *out_len, size_t max_out_len,
|
135
|
+
const uint8_t *in, size_t in_len,
|
136
|
+
const uint8_t *ad, size_t ad_len);
|
137
|
+
|
138
|
+
// EVP_HPKE_CTX_seal uses the HPKE context |hpke| to encrypt and authenticate
|
139
|
+
// |in_len| bytes of ciphertext |in| and authenticate |ad_len| bytes from |ad|,
|
140
|
+
// writing the result to |out|. It returns one on success and zero otherwise.
|
141
|
+
//
|
142
|
+
// This operation will fail if the |hpke| context is not set up as a sender.
|
143
|
+
//
|
144
|
+
// Note that HPKE encryption is stateful and ordered. The sender's first call to
|
145
|
+
// |EVP_HPKE_CTX_seal| must correspond to the recipient's first call to
|
146
|
+
// |EVP_HPKE_CTX_open|, etc.
|
147
|
+
//
|
148
|
+
// At most, |max_out_len| encrypted bytes are written to |out|. On successful
|
149
|
+
// return, |*out_len| is set to the actual number of bytes written.
|
150
|
+
//
|
151
|
+
// To ensure success, |max_out_len| should be |in_len| plus the result of
|
152
|
+
// |EVP_HPKE_CTX_max_overhead| or |EVP_HPKE_MAX_OVERHEAD|.
|
153
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *hpke, uint8_t *out,
|
154
|
+
size_t *out_len, size_t max_out_len,
|
155
|
+
const uint8_t *in, size_t in_len,
|
156
|
+
const uint8_t *ad, size_t ad_len);
|
157
|
+
|
158
|
+
// EVP_HPKE_CTX_export uses the HPKE context |hpke| to export a secret of
|
159
|
+
// |secret_len| bytes into |out|. This function uses |context_len| bytes from
|
160
|
+
// |context| as a context string for the secret. This is necessary to separate
|
161
|
+
// different uses of exported secrets and bind relevant caller-specific context
|
162
|
+
// into the output. It returns one on success and zero otherwise.
|
163
|
+
OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
|
164
|
+
size_t secret_len,
|
165
|
+
const uint8_t *context,
|
166
|
+
size_t context_len);
|
167
|
+
|
168
|
+
// EVP_HPKE_CTX_max_overhead returns the maximum number of additional bytes
|
169
|
+
// added by sealing data with |EVP_HPKE_CTX_seal|. The |hpke| context must be
|
170
|
+
// set up as a sender.
|
171
|
+
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke);
|
172
|
+
|
173
|
+
|
174
|
+
#if defined(__cplusplus)
|
175
|
+
} // extern C
|
176
|
+
#endif
|
177
|
+
|
178
|
+
#if !defined(BORINGSSL_NO_CXX)
|
179
|
+
extern "C++" {
|
180
|
+
|
181
|
+
BSSL_NAMESPACE_BEGIN
|
182
|
+
|
183
|
+
using ScopedEVP_HPKE_CTX =
|
184
|
+
internal::StackAllocated<EVP_HPKE_CTX, void, EVP_HPKE_CTX_init,
|
185
|
+
EVP_HPKE_CTX_cleanup>;
|
186
|
+
|
187
|
+
BSSL_NAMESPACE_END
|
188
|
+
|
189
|
+
} // extern C++
|
190
|
+
#endif
|
191
|
+
|
192
|
+
#endif // OPENSSL_HEADER_CRYPTO_HPKE_INTERNAL_H
|
@@ -67,3 +67,23 @@ ASN1_SEQUENCE(X509_SIG) = {
|
|
67
67
|
} ASN1_SEQUENCE_END(X509_SIG)
|
68
68
|
|
69
69
|
IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
|
70
|
+
|
71
|
+
void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **out_alg,
|
72
|
+
const ASN1_OCTET_STRING **out_digest) {
|
73
|
+
if (out_alg != NULL) {
|
74
|
+
*out_alg = sig->algor;
|
75
|
+
}
|
76
|
+
if (out_digest != NULL) {
|
77
|
+
*out_digest = sig->digest;
|
78
|
+
}
|
79
|
+
}
|
80
|
+
|
81
|
+
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
|
82
|
+
ASN1_OCTET_STRING **out_digest) {
|
83
|
+
if (out_alg != NULL) {
|
84
|
+
*out_alg = sig->algor;
|
85
|
+
}
|
86
|
+
if (out_digest != NULL) {
|
87
|
+
*out_digest = sig->digest;
|
88
|
+
}
|
89
|
+
}
|
@@ -117,5 +117,57 @@
|
|
117
117
|
// ARMV8_PMULL indicates support for carryless multiplication.
|
118
118
|
#define ARMV8_PMULL (1 << 5)
|
119
119
|
|
120
|
+
#if defined(__ASSEMBLER__)
|
121
|
+
|
122
|
+
// Support macros for
|
123
|
+
// - Armv8.3-A Pointer Authentication and
|
124
|
+
// - Armv8.5-A Branch Target Identification
|
125
|
+
// features which require emitting a .note.gnu.property section with the
|
126
|
+
// appropriate architecture-dependent feature bits set.
|
127
|
+
// Read more: "ELF for the Arm® 64-bit Architecture"
|
128
|
+
|
129
|
+
#if (__ARM_FEATURE_BTI_DEFAULT == 1)
|
130
|
+
#define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has Branch Target Identification
|
131
|
+
#define AARCH64_VALID_CALL_TARGET hint #34 // BTI 'c'
|
132
|
+
#else
|
133
|
+
#define GNU_PROPERTY_AARCH64_BTI 0 // No Branch Target Identification
|
134
|
+
#define AARCH64_VALID_CALL_TARGET
|
135
|
+
#endif
|
136
|
+
|
137
|
+
#if ((__ARM_FEATURE_PAC_DEFAULT & 1) == 1) // Signed with A-key
|
138
|
+
#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
|
139
|
+
(1 << 1) // Has Pointer Authentication
|
140
|
+
#define AARCH64_SIGN_LINK_REGISTER hint #25 // PACIASP
|
141
|
+
#define AARCH64_VALIDATE_LINK_REGISTER hint #29 // AUTIASP
|
142
|
+
#elif ((__ARM_FEATURE_PAC_DEFAULT & 2) == 2) // Signed with B-key
|
143
|
+
#define GNU_PROPERTY_AARCH64_POINTER_AUTH \
|
144
|
+
(1 << 1) // Has Pointer Authentication
|
145
|
+
#define AARCH64_SIGN_LINK_REGISTER hint #27 // PACIBSP
|
146
|
+
#define AARCH64_VALIDATE_LINK_REGISTER hint #31 // AUTIBSP
|
147
|
+
#else
|
148
|
+
#define GNU_PROPERTY_AARCH64_POINTER_AUTH 0 // No Pointer Authentication
|
149
|
+
#if defined(__ARM_FEATURE_BTI_DEFAULT)
|
150
|
+
#define AARCH64_SIGN_LINK_REGISTER AARCH64_VALID_CALL_TARGET
|
151
|
+
#else
|
152
|
+
#define AARCH64_SIGN_LINK_REGISTER
|
153
|
+
#endif
|
154
|
+
#define AARCH64_VALIDATE_LINK_REGISTER
|
155
|
+
#endif
|
156
|
+
|
157
|
+
#if (GNU_PROPERTY_AARCH64_POINTER_AUTH != 0) || (GNU_PROPERTY_AARCH64_BTI != 0)
|
158
|
+
.pushsection note.gnu.property, "a";
|
159
|
+
.balign 8;
|
160
|
+
.long 4;
|
161
|
+
.long 0x10;
|
162
|
+
.long 0x5;
|
163
|
+
.asciz "GNU";
|
164
|
+
.long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
|
165
|
+
.long 4;
|
166
|
+
.long (GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
|
167
|
+
.long 0
|
168
|
+
.popsection
|
169
|
+
#endif
|
170
|
+
|
171
|
+
#endif /* defined __ASSEMBLER__ */
|
120
172
|
|
121
173
|
#endif // OPENSSL_HEADER_ARM_ARCH_H
|
@@ -184,7 +184,7 @@ extern "C" {
|
|
184
184
|
// A consumer may use this symbol in the preprocessor to temporarily build
|
185
185
|
// against multiple revisions of BoringSSL at the same time. It is not
|
186
186
|
// recommended to do so for longer than is necessary.
|
187
|
-
#define BORINGSSL_API_VERSION
|
187
|
+
#define BORINGSSL_API_VERSION 11
|
188
188
|
|
189
189
|
#if defined(BORINGSSL_SHARED_LIBRARY)
|
190
190
|
|
@@ -953,6 +953,18 @@ OPENSSL_EXPORT size_t SSL_get0_certificate_types(const SSL *ssl,
|
|
953
953
|
OPENSSL_EXPORT size_t
|
954
954
|
SSL_get0_peer_verify_algorithms(const SSL *ssl, const uint16_t **out_sigalgs);
|
955
955
|
|
956
|
+
// SSL_get0_peer_delegation_algorithms sets |*out_sigalgs| to an array
|
957
|
+
// containing the signature algorithms the peer is willing to use with delegated
|
958
|
+
// credentials. It returns the length of the array. If not sent, the empty
|
959
|
+
// array is returned.
|
960
|
+
//
|
961
|
+
// The behavior of this function is undefined except during the callbacks set by
|
962
|
+
// by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or when the
|
963
|
+
// handshake is paused because of them.
|
964
|
+
OPENSSL_EXPORT size_t
|
965
|
+
SSL_get0_peer_delegation_algorithms(const SSL *ssl,
|
966
|
+
const uint16_t **out_sigalgs);
|
967
|
+
|
956
968
|
// SSL_certs_clear resets the private key, leaf certificate, and certificate
|
957
969
|
// chain of |ssl|.
|
958
970
|
OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl);
|
@@ -4688,6 +4700,23 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
|
|
4688
4700
|
// |SSL_CTX_set_tlsext_status_cb|'s callback and returns one.
|
4689
4701
|
OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
|
4690
4702
|
|
4703
|
+
// The following symbols are compatibility aliases for reason codes used when
|
4704
|
+
// receiving an alert from the peer. Use the other names instead, which fit the
|
4705
|
+
// naming convention.
|
4706
|
+
//
|
4707
|
+
// TODO(davidben): Fix references to |SSL_R_TLSV1_CERTIFICATE_REQUIRED| and
|
4708
|
+
// remove the compatibility value. The others come from OpenSSL.
|
4709
|
+
#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION \
|
4710
|
+
SSL_R_TLSV1_ALERT_UNSUPPORTED_EXTENSION
|
4711
|
+
#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE \
|
4712
|
+
SSL_R_TLSV1_ALERT_CERTIFICATE_UNOBTAINABLE
|
4713
|
+
#define SSL_R_TLSV1_UNRECOGNIZED_NAME SSL_R_TLSV1_ALERT_UNRECOGNIZED_NAME
|
4714
|
+
#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE \
|
4715
|
+
SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
|
4716
|
+
#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE \
|
4717
|
+
SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE
|
4718
|
+
#define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED
|
4719
|
+
|
4691
4720
|
|
4692
4721
|
// Nodejs compatibility section (hidden).
|
4693
4722
|
//
|
@@ -5179,6 +5208,8 @@ BSSL_NAMESPACE_END
|
|
5179
5208
|
#define SSL_R_INCONSISTENT_CLIENT_HELLO 303
|
5180
5209
|
#define SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA 304
|
5181
5210
|
#define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305
|
5211
|
+
#define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306
|
5212
|
+
#define SSL_R_MISSING_ALPN 307
|
5182
5213
|
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
|
5183
5214
|
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
|
5184
5215
|
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
|
@@ -5204,12 +5235,13 @@ BSSL_NAMESPACE_END
|
|
5204
5235
|
#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
|
5205
5236
|
#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
|
5206
5237
|
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
|
5207
|
-
#define
|
5208
|
-
#define
|
5209
|
-
#define
|
5210
|
-
#define
|
5211
|
-
#define
|
5212
|
-
#define
|
5213
|
-
#define
|
5238
|
+
#define SSL_R_TLSV1_ALERT_UNSUPPORTED_EXTENSION 1110
|
5239
|
+
#define SSL_R_TLSV1_ALERT_CERTIFICATE_UNOBTAINABLE 1111
|
5240
|
+
#define SSL_R_TLSV1_ALERT_UNRECOGNIZED_NAME 1112
|
5241
|
+
#define SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 1113
|
5242
|
+
#define SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE 1114
|
5243
|
+
#define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
|
5244
|
+
#define SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED 1116
|
5245
|
+
#define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
|
5214
5246
|
|
5215
5247
|
#endif // OPENSSL_HEADER_SSL_H
|
@@ -232,9 +232,8 @@ extern "C" {
|
|
232
232
|
// ExtensionType value from RFC5746
|
233
233
|
#define TLSEXT_TYPE_renegotiate 0xff01
|
234
234
|
|
235
|
-
// ExtensionType value from draft-ietf-tls-subcerts.
|
236
|
-
|
237
|
-
#define TLSEXT_TYPE_delegated_credential 0xff02
|
235
|
+
// ExtensionType value from draft-ietf-tls-subcerts.
|
236
|
+
#define TLSEXT_TYPE_delegated_credential 0x22
|
238
237
|
|
239
238
|
// ExtensionType value from RFC6962
|
240
239
|
#define TLSEXT_TYPE_certificate_timestamp 18
|
@@ -559,6 +559,17 @@ OPENSSL_EXPORT void X509_CINF_set_modified(X509_CINF *cinf);
|
|
559
559
|
// |X509_get0_tbs_sigalg| instead.
|
560
560
|
OPENSSL_EXPORT const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf);
|
561
561
|
|
562
|
+
// X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
|
563
|
+
// |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
|
564
|
+
// |out_digest| may be NULL to skip those fields.
|
565
|
+
OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
|
566
|
+
const X509_ALGOR **out_alg,
|
567
|
+
const ASN1_OCTET_STRING **out_digest);
|
568
|
+
|
569
|
+
// X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
|
570
|
+
OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
|
571
|
+
ASN1_OCTET_STRING **out_digest);
|
572
|
+
|
562
573
|
OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
|
563
574
|
OPENSSL_EXPORT X509_CRL_METHOD *X509_CRL_METHOD_new(
|
564
575
|
int (*crl_init)(X509_CRL *crl), int (*crl_free)(X509_CRL *crl),
|
@@ -1650,6 +1650,10 @@ struct SSL_HANDSHAKE {
|
|
1650
1650
|
// advertise this extension to the client.
|
1651
1651
|
Array<uint16_t> peer_supported_group_list;
|
1652
1652
|
|
1653
|
+
// peer_delegated_credential_sigalgs are the signature algorithms the peer
|
1654
|
+
// supports with delegated credentials.
|
1655
|
+
Array<uint16_t> peer_delegated_credential_sigalgs;
|
1656
|
+
|
1653
1657
|
// peer_key is the peer's ECDH key for a TLS 1.2 client.
|
1654
1658
|
Array<uint8_t> peer_key;
|
1655
1659
|
|
@@ -821,16 +821,13 @@ static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) {
|
|
821
821
|
}
|
822
822
|
|
823
823
|
// Check that the DC signature algorithm is supported by the peer.
|
824
|
-
Span<const uint16_t> peer_sigalgs =
|
825
|
-
bool sigalg_found = false;
|
824
|
+
Span<const uint16_t> peer_sigalgs = hs->peer_delegated_credential_sigalgs;
|
826
825
|
for (uint16_t peer_sigalg : peer_sigalgs) {
|
827
826
|
if (dc->expected_cert_verify_algorithm == peer_sigalg) {
|
828
|
-
|
829
|
-
break;
|
827
|
+
return true;
|
830
828
|
}
|
831
829
|
}
|
832
|
-
|
833
|
-
return sigalg_found;
|
830
|
+
return false;
|
834
831
|
}
|
835
832
|
|
836
833
|
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) {
|
@@ -2360,6 +2360,16 @@ size_t SSL_get0_peer_verify_algorithms(const SSL *ssl,
|
|
2360
2360
|
return sigalgs.size();
|
2361
2361
|
}
|
2362
2362
|
|
2363
|
+
size_t SSL_get0_peer_delegation_algorithms(const SSL *ssl,
|
2364
|
+
const uint16_t **out_sigalgs){
|
2365
|
+
Span<const uint16_t> sigalgs;
|
2366
|
+
if (ssl->s3->hs != nullptr) {
|
2367
|
+
sigalgs = ssl->s3->hs->peer_delegated_credential_sigalgs;
|
2368
|
+
}
|
2369
|
+
*out_sigalgs = sigalgs.data();
|
2370
|
+
return sigalgs.size();
|
2371
|
+
}
|
2372
|
+
|
2363
2373
|
EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
|
2364
2374
|
if (!ssl->config) {
|
2365
2375
|
assert(ssl->config);
|
@@ -1245,6 +1245,12 @@ static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1245
1245
|
|
1246
1246
|
static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1247
1247
|
SSL *const ssl = hs->ssl;
|
1248
|
+
if (hs->config->alpn_client_proto_list.empty() && ssl->quic_method) {
|
1249
|
+
// ALPN MUST be used with QUIC.
|
1250
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
|
1251
|
+
return false;
|
1252
|
+
}
|
1253
|
+
|
1248
1254
|
if (hs->config->alpn_client_proto_list.empty() ||
|
1249
1255
|
ssl->s3->initial_handshake_complete) {
|
1250
1256
|
return true;
|
@@ -1267,6 +1273,12 @@ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1267
1273
|
CBS *contents) {
|
1268
1274
|
SSL *const ssl = hs->ssl;
|
1269
1275
|
if (contents == NULL) {
|
1276
|
+
if (ssl->quic_method) {
|
1277
|
+
// ALPN is required when QUIC is used.
|
1278
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
|
1279
|
+
*out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
|
1280
|
+
return false;
|
1281
|
+
}
|
1270
1282
|
return true;
|
1271
1283
|
}
|
1272
1284
|
|
@@ -1342,6 +1354,12 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1342
1354
|
!ssl_client_hello_get_extension(
|
1343
1355
|
client_hello, &contents,
|
1344
1356
|
TLSEXT_TYPE_application_layer_protocol_negotiation)) {
|
1357
|
+
if (ssl->quic_method) {
|
1358
|
+
// ALPN is required when QUIC is used.
|
1359
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
|
1360
|
+
*out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
|
1361
|
+
return false;
|
1362
|
+
}
|
1345
1363
|
// Ignore ALPN if not configured or no extension was supplied.
|
1346
1364
|
return true;
|
1347
1365
|
}
|
@@ -1388,6 +1406,11 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1388
1406
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
1389
1407
|
return false;
|
1390
1408
|
}
|
1409
|
+
} else if (ssl->quic_method) {
|
1410
|
+
// ALPN is required when QUIC is used.
|
1411
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
|
1412
|
+
*out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
|
1413
|
+
return false;
|
1391
1414
|
}
|
1392
1415
|
|
1393
1416
|
return true;
|
@@ -2650,20 +2673,22 @@ static bool ext_delegated_credential_add_clienthello(SSL_HANDSHAKE *hs,
|
|
2650
2673
|
static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs,
|
2651
2674
|
uint8_t *out_alert,
|
2652
2675
|
CBS *contents) {
|
2653
|
-
assert(TLSEXT_TYPE_delegated_credential == 0xff02);
|
2654
|
-
// TODO: Check that the extension is empty.
|
2655
|
-
//
|
2656
|
-
// As of draft-03, the client sends an empty extension in order indicate
|
2657
|
-
// support for delegated credentials. This could change, however, since the
|
2658
|
-
// spec is not yet finalized. This assertion is here to remind us to enforce
|
2659
|
-
// this check once the extension ID is assigned.
|
2660
|
-
|
2661
2676
|
if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
|
2662
2677
|
// Don't use delegated credentials unless we're negotiating TLS 1.3 or
|
2663
2678
|
// higher.
|
2664
2679
|
return true;
|
2665
2680
|
}
|
2666
2681
|
|
2682
|
+
// The contents of the extension are the signature algorithms the client will
|
2683
|
+
// accept for a delegated credential.
|
2684
|
+
CBS sigalg_list;
|
2685
|
+
if (!CBS_get_u16_length_prefixed(contents, &sigalg_list) ||
|
2686
|
+
CBS_len(&sigalg_list) == 0 ||
|
2687
|
+
CBS_len(contents) != 0 ||
|
2688
|
+
!parse_u16_array(&sigalg_list, &hs->peer_delegated_credential_sigalgs)) {
|
2689
|
+
return false;
|
2690
|
+
}
|
2691
|
+
|
2667
2692
|
hs->delegated_credential_requested = true;
|
2668
2693
|
return true;
|
2669
2694
|
}
|
@@ -3047,7 +3072,7 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
|
|
3047
3072
|
last_was_empty = false;
|
3048
3073
|
}
|
3049
3074
|
|
3050
|
-
if (!SSL_is_dtls(ssl)) {
|
3075
|
+
if (!SSL_is_dtls(ssl) && !ssl->quic_method) {
|
3051
3076
|
size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
|
3052
3077
|
header_len += 2 + CBB_len(&extensions) + psk_extension_len;
|
3053
3078
|
size_t padding_len = 0;
|