grpc 1.37.1 → 1.38.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +64 -58
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/channel_args.h +28 -0
- data/include/grpc/event_engine/event_engine.h +336 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/event_engine/slice_allocator.h +81 -0
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security_constants.h +14 -0
- data/include/grpc/impl/codegen/grpc_types.h +11 -0
- data/include/grpc/impl/codegen/port_platform.h +5 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +628 -3101
- data/src/core/ext/filters/client_channel/client_channel.h +489 -55
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +26 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +27 -26
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +46 -43
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -12
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +36 -30
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +23 -23
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +31 -46
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +84 -61
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +17 -9
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +13 -11
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +43 -28
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2188 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +287 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +90 -0
- data/src/core/ext/filters/client_channel/server_address.cc +1 -1
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
- data/src/core/ext/filters/client_channel/subchannel.h +7 -6
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +16 -15
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +19 -18
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
- data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +44 -45
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +129 -116
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +31 -27
- data/src/core/ext/transport/chttp2/transport/parsing.cc +63 -56
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +30 -29
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +101 -93
- data/src/core/ext/xds/xds_api.h +6 -6
- data/src/core/ext/xds/xds_bootstrap.cc +97 -159
- data/src/core/ext/xds/xds_bootstrap.h +19 -24
- data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
- data/src/core/ext/xds/xds_certificate_provider.h +4 -4
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +310 -178
- data/src/core/ext/xds/xds_client.h +41 -27
- data/src/core/ext/xds/xds_client_stats.h +3 -2
- data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +3 -20
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +6 -11
- data/src/core/lib/channel/channel_stack.cc +10 -9
- data/src/core/lib/channel/channel_stack.h +10 -9
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +21 -13
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/handshaker.cc +7 -6
- data/src/core/lib/channel/handshaker.h +5 -5
- data/src/core/lib/event_engine/slice_allocator.cc +59 -0
- data/src/core/lib/event_engine/sockaddr.cc +38 -0
- data/src/core/lib/gprpp/ref_counted.h +28 -14
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +180 -0
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +11 -7
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +7 -9
- data/src/core/lib/iomgr/buffer_list.h +4 -5
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +167 -61
- data/src/core/lib/iomgr/error.h +217 -106
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +5 -5
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
- data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/exec_ctx.cc +4 -4
- data/src/core/lib/iomgr/exec_ctx.h +1 -1
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -2
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +5 -5
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +3 -3
- data/src/core/lib/iomgr/resolve_address.h +6 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +11 -10
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +22 -20
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +15 -17
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +36 -34
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +23 -21
- data/src/core/lib/iomgr/tcp_server_posix.cc +22 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -17
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +25 -23
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +6 -6
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/matchers/matchers.cc +39 -39
- data/src/core/lib/matchers/matchers.h +28 -28
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +2 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -9
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +22 -4
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +56 -60
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +33 -32
- data/src/core/lib/security/transport/server_auth_filter.cc +19 -13
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/surface/call.cc +46 -45
- data/src/core/lib/surface/call.h +2 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +3 -2
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +46 -47
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/lame_client.cc +11 -11
- data/src/core/lib/surface/lame_client.h +1 -1
- data/src/core/lib/surface/server.cc +28 -22
- data/src/core/lib/surface/server.h +16 -15
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +19 -8
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata_batch.cc +37 -37
- data/src/core/lib/transport/metadata_batch.h +19 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +4 -4
- data/src/core/lib/transport/transport_op_string.cc +5 -5
- data/src/core/tsi/alts/crypt/gsec.h +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/ssl_transport_security.cc +32 -14
- data/src/core/tsi/ssl_transport_security.h +3 -4
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +477 -461
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +4 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +45 -48
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +38 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +37 -45
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +103 -42
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +58 -37
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +19 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +39 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -38
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +185 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +416 -121
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -0
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +444 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +244 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +43 -12
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +149 -8
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +220 -46
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +7 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +74 -15
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +98 -64
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +34 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +205 -100
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- metadata +68 -45
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
|
@@ -152,6 +152,7 @@
|
|
|
152
152
|
#include <utility>
|
|
153
153
|
|
|
154
154
|
#include <openssl/aead.h>
|
|
155
|
+
#include <openssl/curve25519.h>
|
|
155
156
|
#include <openssl/err.h>
|
|
156
157
|
#include <openssl/lhash.h>
|
|
157
158
|
#include <openssl/mem.h>
|
|
@@ -161,6 +162,7 @@
|
|
|
161
162
|
|
|
162
163
|
#include "../crypto/err/internal.h"
|
|
163
164
|
#include "../crypto/internal.h"
|
|
165
|
+
#include "../crypto/hpke/internal.h"
|
|
164
166
|
|
|
165
167
|
|
|
166
168
|
#if defined(OPENSSL_WINDOWS)
|
|
@@ -378,6 +380,8 @@ class GrowableArray {
|
|
|
378
380
|
return *this;
|
|
379
381
|
}
|
|
380
382
|
|
|
383
|
+
const T *data() const { return array_.data(); }
|
|
384
|
+
T *data() { return array_.data(); }
|
|
381
385
|
size_t size() const { return size_; }
|
|
382
386
|
bool empty() const { return size_ == 0; }
|
|
383
387
|
|
|
@@ -1066,6 +1070,10 @@ class SSLKeyShare {
|
|
|
1066
1070
|
// |Serialize|.
|
|
1067
1071
|
static UniquePtr<SSLKeyShare> Create(CBS *in);
|
|
1068
1072
|
|
|
1073
|
+
// Serializes writes the group ID and private key, in a format that can be
|
|
1074
|
+
// read by |Create|.
|
|
1075
|
+
bool Serialize(CBB *out);
|
|
1076
|
+
|
|
1069
1077
|
// GroupID returns the group ID.
|
|
1070
1078
|
virtual uint16_t GroupID() const PURE_VIRTUAL;
|
|
1071
1079
|
|
|
@@ -1090,13 +1098,13 @@ class SSLKeyShare {
|
|
|
1090
1098
|
virtual bool Finish(Array<uint8_t> *out_secret, uint8_t *out_alert,
|
|
1091
1099
|
Span<const uint8_t> peer_key) PURE_VIRTUAL;
|
|
1092
1100
|
|
|
1093
|
-
//
|
|
1094
|
-
// successful and false otherwise.
|
|
1095
|
-
virtual bool
|
|
1101
|
+
// SerializePrivateKey writes the private key to |out|, returning true if
|
|
1102
|
+
// successful and false otherwise. It should be called after |Offer|.
|
|
1103
|
+
virtual bool SerializePrivateKey(CBB *out) { return false; }
|
|
1096
1104
|
|
|
1097
|
-
//
|
|
1098
|
-
// true if successful and false otherwise.
|
|
1099
|
-
virtual bool
|
|
1105
|
+
// DeserializePrivateKey initializes the state of the key exchange from |in|,
|
|
1106
|
+
// returning true if successful and false otherwise.
|
|
1107
|
+
virtual bool DeserializePrivateKey(CBS *in) { return false; }
|
|
1100
1108
|
};
|
|
1101
1109
|
|
|
1102
1110
|
struct NamedGroup {
|
|
@@ -1419,7 +1427,88 @@ bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
|
|
|
1419
1427
|
const SSLMessage &msg, CBS *binders);
|
|
1420
1428
|
|
|
1421
1429
|
|
|
1422
|
-
// Encrypted
|
|
1430
|
+
// Encrypted ClientHello.
|
|
1431
|
+
|
|
1432
|
+
class ECHServerConfig {
|
|
1433
|
+
public:
|
|
1434
|
+
ECHServerConfig() : is_retry_config_(false), initialized_(false) {}
|
|
1435
|
+
ECHServerConfig(ECHServerConfig &&other) = default;
|
|
1436
|
+
~ECHServerConfig() = default;
|
|
1437
|
+
ECHServerConfig &operator=(ECHServerConfig &&) = default;
|
|
1438
|
+
|
|
1439
|
+
// Init parses |ech_config| as an ECHConfig and saves a copy of |private_key|.
|
|
1440
|
+
// It returns true on success and false on error. It will also error if
|
|
1441
|
+
// |private_key| is not a valid X25519 private key or it does not correspond
|
|
1442
|
+
// to the parsed public key.
|
|
1443
|
+
bool Init(Span<const uint8_t> ech_config, Span<const uint8_t> private_key,
|
|
1444
|
+
bool is_retry_config);
|
|
1445
|
+
|
|
1446
|
+
// SupportsCipherSuite returns true when this ECHConfig supports the HPKE
|
|
1447
|
+
// ciphersuite composed of |kdf_id| and |aead_id|. This function must only be
|
|
1448
|
+
// called on an initialized object.
|
|
1449
|
+
bool SupportsCipherSuite(uint16_t kdf_id, uint16_t aead_id) const;
|
|
1450
|
+
|
|
1451
|
+
Span<const uint8_t> raw() const {
|
|
1452
|
+
assert(initialized_);
|
|
1453
|
+
return raw_;
|
|
1454
|
+
}
|
|
1455
|
+
Span<const uint8_t> public_key() const {
|
|
1456
|
+
assert(initialized_);
|
|
1457
|
+
return public_key_;
|
|
1458
|
+
}
|
|
1459
|
+
Span<const uint8_t> private_key() const {
|
|
1460
|
+
assert(initialized_);
|
|
1461
|
+
return MakeConstSpan(private_key_, sizeof(private_key_));
|
|
1462
|
+
}
|
|
1463
|
+
Span<const uint8_t> config_id_sha256() const {
|
|
1464
|
+
assert(initialized_);
|
|
1465
|
+
return MakeConstSpan(config_id_sha256_, sizeof(config_id_sha256_));
|
|
1466
|
+
}
|
|
1467
|
+
bool is_retry_config() const {
|
|
1468
|
+
assert(initialized_);
|
|
1469
|
+
return is_retry_config_;
|
|
1470
|
+
}
|
|
1471
|
+
|
|
1472
|
+
private:
|
|
1473
|
+
Array<uint8_t> raw_;
|
|
1474
|
+
Span<const uint8_t> public_key_;
|
|
1475
|
+
Span<const uint8_t> cipher_suites_;
|
|
1476
|
+
|
|
1477
|
+
// private_key_ is the key corresponding to |public_key|. For clients, it must
|
|
1478
|
+
// be empty (|private_key_present_ == false|). For servers, it must be a valid
|
|
1479
|
+
// X25519 private key.
|
|
1480
|
+
uint8_t private_key_[X25519_PRIVATE_KEY_LEN];
|
|
1481
|
+
|
|
1482
|
+
// config_id_ stores the precomputed result of |ConfigID| for
|
|
1483
|
+
// |EVP_HPKE_HKDF_SHA256|.
|
|
1484
|
+
uint8_t config_id_sha256_[8];
|
|
1485
|
+
|
|
1486
|
+
bool is_retry_config_ : 1;
|
|
1487
|
+
bool initialized_ : 1;
|
|
1488
|
+
};
|
|
1489
|
+
|
|
1490
|
+
// ssl_decode_client_hello_inner recovers the full ClientHelloInner from the
|
|
1491
|
+
// EncodedClientHelloInner |encoded_client_hello_inner| by replacing its
|
|
1492
|
+
// outer_extensions extension with the referenced extensions from the
|
|
1493
|
+
// ClientHelloOuter |client_hello_outer|. If successful, it writes the recovered
|
|
1494
|
+
// ClientHelloInner to |out_client_hello_inner|. It returns true on success and
|
|
1495
|
+
// false on failure.
|
|
1496
|
+
OPENSSL_EXPORT bool ssl_decode_client_hello_inner(
|
|
1497
|
+
SSL *ssl, uint8_t *out_alert, Array<uint8_t> *out_client_hello_inner,
|
|
1498
|
+
Span<const uint8_t> encoded_client_hello_inner,
|
|
1499
|
+
const SSL_CLIENT_HELLO *client_hello_outer);
|
|
1500
|
+
|
|
1501
|
+
// ssl_client_hello_decrypt attempts to decrypt the given |payload| into
|
|
1502
|
+
// |out_encoded_client_hello_inner|. The decrypted value should be an
|
|
1503
|
+
// EncodedClientHelloInner. It returns false if any fatal errors occur and true
|
|
1504
|
+
// otherwise, regardless of whether the decrypt was successful. It sets
|
|
1505
|
+
// |out_encoded_client_hello_inner| to true if the decryption fails, and false
|
|
1506
|
+
// otherwise.
|
|
1507
|
+
bool ssl_client_hello_decrypt(
|
|
1508
|
+
EVP_HPKE_CTX *hpke_ctx, Array<uint8_t> *out_encoded_client_hello_inner,
|
|
1509
|
+
bool *out_is_decrypt_error, const SSL_CLIENT_HELLO *client_hello_outer,
|
|
1510
|
+
uint16_t kdf_id, uint16_t aead_id, Span<const uint8_t> config_id,
|
|
1511
|
+
Span<const uint8_t> enc, Span<const uint8_t> payload);
|
|
1423
1512
|
|
|
1424
1513
|
// tls13_ech_accept_confirmation computes the server's ECH acceptance signal,
|
|
1425
1514
|
// writing it to |out|. It returns true on success, and false on failure.
|
|
@@ -1428,6 +1517,45 @@ bool tls13_ech_accept_confirmation(
|
|
|
1428
1517
|
bssl::Span<const uint8_t> server_hello_ech_conf);
|
|
1429
1518
|
|
|
1430
1519
|
|
|
1520
|
+
// Delegated credentials.
|
|
1521
|
+
|
|
1522
|
+
// This structure stores a delegated credential (DC) as defined by
|
|
1523
|
+
// draft-ietf-tls-subcerts-03.
|
|
1524
|
+
struct DC {
|
|
1525
|
+
static constexpr bool kAllowUniquePtr = true;
|
|
1526
|
+
~DC();
|
|
1527
|
+
|
|
1528
|
+
// Dup returns a copy of this DC and takes references to |raw| and |pkey|.
|
|
1529
|
+
UniquePtr<DC> Dup();
|
|
1530
|
+
|
|
1531
|
+
// Parse parses the delegated credential stored in |in|. If successful it
|
|
1532
|
+
// returns the parsed structure, otherwise it returns |nullptr| and sets
|
|
1533
|
+
// |*out_alert|.
|
|
1534
|
+
static UniquePtr<DC> Parse(CRYPTO_BUFFER *in, uint8_t *out_alert);
|
|
1535
|
+
|
|
1536
|
+
// raw is the delegated credential encoded as specified in draft-ietf-tls-
|
|
1537
|
+
// subcerts-03.
|
|
1538
|
+
UniquePtr<CRYPTO_BUFFER> raw;
|
|
1539
|
+
|
|
1540
|
+
// expected_cert_verify_algorithm is the signature scheme of the DC public
|
|
1541
|
+
// key.
|
|
1542
|
+
uint16_t expected_cert_verify_algorithm = 0;
|
|
1543
|
+
|
|
1544
|
+
// pkey is the public key parsed from |public_key|.
|
|
1545
|
+
UniquePtr<EVP_PKEY> pkey;
|
|
1546
|
+
|
|
1547
|
+
private:
|
|
1548
|
+
friend DC* New<DC>();
|
|
1549
|
+
DC();
|
|
1550
|
+
};
|
|
1551
|
+
|
|
1552
|
+
// ssl_signing_with_dc returns true if the peer has indicated support for
|
|
1553
|
+
// delegated credentials and this host has sent a delegated credential in
|
|
1554
|
+
// response. If this is true then we've committed to using the DC in the
|
|
1555
|
+
// handshake.
|
|
1556
|
+
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs);
|
|
1557
|
+
|
|
1558
|
+
|
|
1431
1559
|
// Handshake functions.
|
|
1432
1560
|
|
|
1433
1561
|
enum ssl_hs_wait_t {
|
|
@@ -1449,6 +1577,7 @@ enum ssl_hs_wait_t {
|
|
|
1449
1577
|
ssl_hs_read_end_of_early_data,
|
|
1450
1578
|
ssl_hs_read_change_cipher_spec,
|
|
1451
1579
|
ssl_hs_certificate_verify,
|
|
1580
|
+
ssl_hs_hints_ready,
|
|
1452
1581
|
};
|
|
1453
1582
|
|
|
1454
1583
|
enum ssl_grease_index_t {
|
|
@@ -1464,6 +1593,7 @@ enum ssl_grease_index_t {
|
|
|
1464
1593
|
enum tls12_server_hs_state_t {
|
|
1465
1594
|
state12_start_accept = 0,
|
|
1466
1595
|
state12_read_client_hello,
|
|
1596
|
+
state12_read_client_hello_after_ech,
|
|
1467
1597
|
state12_select_certificate,
|
|
1468
1598
|
state12_tls13,
|
|
1469
1599
|
state12_select_parameters,
|
|
@@ -1515,46 +1645,26 @@ enum handback_t {
|
|
|
1515
1645
|
handback_max_value = handback_tls13,
|
|
1516
1646
|
};
|
|
1517
1647
|
|
|
1518
|
-
|
|
1519
|
-
//
|
|
1520
|
-
|
|
1521
|
-
// This structure stores a delegated credential (DC) as defined by
|
|
1522
|
-
// draft-ietf-tls-subcerts-03.
|
|
1523
|
-
struct DC {
|
|
1648
|
+
// SSL_HANDSHAKE_HINTS contains handshake hints for a connection. See
|
|
1649
|
+
// |SSL_request_handshake_hints| and related functions.
|
|
1650
|
+
struct SSL_HANDSHAKE_HINTS {
|
|
1524
1651
|
static constexpr bool kAllowUniquePtr = true;
|
|
1525
|
-
~DC();
|
|
1526
1652
|
|
|
1527
|
-
|
|
1528
|
-
UniquePtr<DC> Dup();
|
|
1653
|
+
Array<uint8_t> server_random;
|
|
1529
1654
|
|
|
1530
|
-
|
|
1531
|
-
|
|
1532
|
-
|
|
1533
|
-
static UniquePtr<DC> Parse(CRYPTO_BUFFER *in, uint8_t *out_alert);
|
|
1655
|
+
uint16_t key_share_group_id = 0;
|
|
1656
|
+
Array<uint8_t> key_share_public_key;
|
|
1657
|
+
Array<uint8_t> key_share_secret;
|
|
1534
1658
|
|
|
1535
|
-
|
|
1536
|
-
|
|
1537
|
-
|
|
1659
|
+
uint16_t signature_algorithm = 0;
|
|
1660
|
+
Array<uint8_t> signature_input;
|
|
1661
|
+
Array<uint8_t> signature_spki;
|
|
1662
|
+
Array<uint8_t> signature;
|
|
1538
1663
|
|
|
1539
|
-
|
|
1540
|
-
|
|
1541
|
-
uint16_t expected_cert_verify_algorithm = 0;
|
|
1542
|
-
|
|
1543
|
-
// pkey is the public key parsed from |public_key|.
|
|
1544
|
-
UniquePtr<EVP_PKEY> pkey;
|
|
1545
|
-
|
|
1546
|
-
private:
|
|
1547
|
-
friend DC* New<DC>();
|
|
1548
|
-
DC();
|
|
1664
|
+
Array<uint8_t> decrypted_psk;
|
|
1665
|
+
bool ignore_psk = false;
|
|
1549
1666
|
};
|
|
1550
1667
|
|
|
1551
|
-
// ssl_signing_with_dc returns true if the peer has indicated support for
|
|
1552
|
-
// delegated credentials and this host has sent a delegated credential in
|
|
1553
|
-
// response. If this is true then we've committed to using the DC in the
|
|
1554
|
-
// handshake.
|
|
1555
|
-
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs);
|
|
1556
|
-
|
|
1557
|
-
|
|
1558
1668
|
struct SSL_HANDSHAKE {
|
|
1559
1669
|
explicit SSL_HANDSHAKE(SSL *ssl);
|
|
1560
1670
|
~SSL_HANDSHAKE();
|
|
@@ -1599,6 +1709,17 @@ struct SSL_HANDSHAKE {
|
|
|
1599
1709
|
public:
|
|
1600
1710
|
void ResizeSecrets(size_t hash_len);
|
|
1601
1711
|
|
|
1712
|
+
// GetClientHello, on the server, returns either the normal ClientHello
|
|
1713
|
+
// message or the ClientHelloInner if it has been serialized to
|
|
1714
|
+
// |ech_client_hello_buf|. This function should only be called when the
|
|
1715
|
+
// current message is a ClientHello. It returns true on success and false on
|
|
1716
|
+
// error.
|
|
1717
|
+
//
|
|
1718
|
+
// Note that fields of the returned |out_msg| and |out_client_hello| point
|
|
1719
|
+
// into a handshake-owned buffer, so their lifetimes should not exceed this
|
|
1720
|
+
// SSL_HANDSHAKE.
|
|
1721
|
+
bool GetClientHello(SSLMessage *out_msg, SSL_CLIENT_HELLO *out_client_hello);
|
|
1722
|
+
|
|
1602
1723
|
Span<uint8_t> secret() { return MakeSpan(secret_, hash_len_); }
|
|
1603
1724
|
Span<uint8_t> early_traffic_secret() {
|
|
1604
1725
|
return MakeSpan(early_traffic_secret_, hash_len_);
|
|
@@ -1651,6 +1772,10 @@ struct SSL_HANDSHAKE {
|
|
|
1651
1772
|
// the first ClientHello.
|
|
1652
1773
|
Array<uint8_t> ech_grease;
|
|
1653
1774
|
|
|
1775
|
+
// ech_client_hello_buf, on the server, contains the bytes of the
|
|
1776
|
+
// reconstructed ClientHelloInner message.
|
|
1777
|
+
Array<uint8_t> ech_client_hello_buf;
|
|
1778
|
+
|
|
1654
1779
|
// key_share_bytes is the value of the previously sent KeyShare extension by
|
|
1655
1780
|
// the client in TLS 1.3.
|
|
1656
1781
|
Array<uint8_t> key_share_bytes;
|
|
@@ -1687,6 +1812,10 @@ struct SSL_HANDSHAKE {
|
|
|
1687
1812
|
// |cert_compression_negotiated| is true.
|
|
1688
1813
|
uint16_t cert_compression_alg_id;
|
|
1689
1814
|
|
|
1815
|
+
// ech_hpke_ctx, on the server, is the HPKE context used to decrypt the
|
|
1816
|
+
// client's ECH payloads.
|
|
1817
|
+
ScopedEVP_HPKE_CTX ech_hpke_ctx;
|
|
1818
|
+
|
|
1690
1819
|
// server_params, in a TLS 1.2 server, stores the ServerKeyExchange
|
|
1691
1820
|
// parameters. It has client and server randoms prepended for signing
|
|
1692
1821
|
// convenience.
|
|
@@ -1723,12 +1852,28 @@ struct SSL_HANDSHAKE {
|
|
|
1723
1852
|
// the client if |in_early_data| is true.
|
|
1724
1853
|
UniquePtr<SSL_SESSION> early_session;
|
|
1725
1854
|
|
|
1855
|
+
// ech_server_config_list, for servers, is the list of ECHConfig values that
|
|
1856
|
+
// were valid when the server received the first ClientHello. Its value will
|
|
1857
|
+
// not change when the config list on |SSL_CTX| is updated.
|
|
1858
|
+
UniquePtr<SSL_ECH_SERVER_CONFIG_LIST> ech_server_config_list;
|
|
1859
|
+
|
|
1726
1860
|
// new_cipher is the cipher being negotiated in this handshake.
|
|
1727
1861
|
const SSL_CIPHER *new_cipher = nullptr;
|
|
1728
1862
|
|
|
1729
1863
|
// key_block is the record-layer key block for TLS 1.2 and earlier.
|
|
1730
1864
|
Array<uint8_t> key_block;
|
|
1731
1865
|
|
|
1866
|
+
// hints contains the handshake hints for this connection. If
|
|
1867
|
+
// |hints_requested| is true, this field is non-null and contains the pending
|
|
1868
|
+
// hints to filled as the predicted handshake progresses. Otherwise, this
|
|
1869
|
+
// field, if non-null, contains hints configured by the caller and will
|
|
1870
|
+
// influence the handshake on match.
|
|
1871
|
+
UniquePtr<SSL_HANDSHAKE_HINTS> hints;
|
|
1872
|
+
|
|
1873
|
+
// ech_accept, on the server, indicates whether the server should overwrite
|
|
1874
|
+
// part of ServerHello.random with the ECH accept_confirmation value.
|
|
1875
|
+
bool ech_accept : 1;
|
|
1876
|
+
|
|
1732
1877
|
// ech_present, on the server, indicates whether the ClientHello contained an
|
|
1733
1878
|
// encrypted_client_hello extension.
|
|
1734
1879
|
bool ech_present : 1;
|
|
@@ -1814,6 +1959,11 @@ struct SSL_HANDSHAKE {
|
|
|
1814
1959
|
// |SSL_apply_handoff|.
|
|
1815
1960
|
bool handback : 1;
|
|
1816
1961
|
|
|
1962
|
+
// hints_requested indicates the caller has requested handshake hints. Only
|
|
1963
|
+
// the first round-trip of the handshake will complete, after which the
|
|
1964
|
+
// |hints| structure can be serialized.
|
|
1965
|
+
bool hints_requested : 1;
|
|
1966
|
+
|
|
1817
1967
|
// cert_compression_negotiated is true iff |cert_compression_alg_id| is valid.
|
|
1818
1968
|
bool cert_compression_negotiated : 1;
|
|
1819
1969
|
|
|
@@ -1901,10 +2051,10 @@ bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
|
1901
2051
|
Array<uint8_t> *out_secret,
|
|
1902
2052
|
uint8_t *out_alert, CBS *contents);
|
|
1903
2053
|
bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
1904
|
-
|
|
1905
|
-
uint8_t *out_alert,
|
|
1906
|
-
|
|
1907
|
-
|
|
2054
|
+
Span<const uint8_t> *out_peer_key,
|
|
2055
|
+
uint8_t *out_alert,
|
|
2056
|
+
const SSL_CLIENT_HELLO *client_hello);
|
|
2057
|
+
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out);
|
|
1908
2058
|
|
|
1909
2059
|
bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
1910
2060
|
uint8_t *out_alert,
|
|
@@ -1935,6 +2085,9 @@ bool tls13_get_cert_verify_signature_input(
|
|
|
1935
2085
|
SSL_HANDSHAKE *hs, Array<uint8_t> *out,
|
|
1936
2086
|
enum ssl_cert_verify_context_t cert_verify_context);
|
|
1937
2087
|
|
|
2088
|
+
// ssl_is_valid_alpn_list returns whether |in| is a valid ALPN protocol list.
|
|
2089
|
+
bool ssl_is_valid_alpn_list(Span<const uint8_t> in);
|
|
2090
|
+
|
|
1938
2091
|
// ssl_is_alpn_protocol_allowed returns whether |protocol| is a valid server
|
|
1939
2092
|
// selection for |hs->ssl|'s client preferences.
|
|
1940
2093
|
bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs,
|
|
@@ -1993,8 +2146,11 @@ bool ssl_log_secret(const SSL *ssl, const char *label,
|
|
|
1993
2146
|
|
|
1994
2147
|
// ClientHello functions.
|
|
1995
2148
|
|
|
1996
|
-
|
|
1997
|
-
|
|
2149
|
+
// ssl_client_hello_init parses |body| as a ClientHello message, excluding the
|
|
2150
|
+
// message header, and writes the result to |*out|. It returns true on success
|
|
2151
|
+
// and false on error. This function is exported for testing.
|
|
2152
|
+
OPENSSL_EXPORT bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
|
|
2153
|
+
Span<const uint8_t> body);
|
|
1998
2154
|
|
|
1999
2155
|
bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
|
|
2000
2156
|
CBS *out, uint16_t extension_type);
|
|
@@ -3318,6 +3474,11 @@ struct ssl_ctx_st {
|
|
|
3318
3474
|
// The client's Channel ID private key.
|
|
3319
3475
|
bssl::UniquePtr<EVP_PKEY> channel_id_private;
|
|
3320
3476
|
|
|
3477
|
+
// ech_server_config_list contains the server's list of ECHConfig values and
|
|
3478
|
+
// associated private keys. This list may be swapped out at any time, so all
|
|
3479
|
+
// access must be synchronized through |lock|.
|
|
3480
|
+
bssl::UniquePtr<SSL_ECH_SERVER_CONFIG_LIST> ech_server_config_list;
|
|
3481
|
+
|
|
3321
3482
|
// keylog_callback, if not NULL, is the key logging callback. See
|
|
3322
3483
|
// |SSL_CTX_set_keylog_callback|.
|
|
3323
3484
|
void (*keylog_callback)(const SSL *ssl, const char *line) = nullptr;
|
|
@@ -3631,5 +3792,18 @@ struct ssl_session_st {
|
|
|
3631
3792
|
friend void SSL_SESSION_free(SSL_SESSION *);
|
|
3632
3793
|
};
|
|
3633
3794
|
|
|
3795
|
+
struct ssl_ech_server_config_list_st {
|
|
3796
|
+
ssl_ech_server_config_list_st() = default;
|
|
3797
|
+
ssl_ech_server_config_list_st(const ssl_ech_server_config_list_st &) = delete;
|
|
3798
|
+
ssl_ech_server_config_list_st &operator=(
|
|
3799
|
+
const ssl_ech_server_config_list_st &) = delete;
|
|
3800
|
+
|
|
3801
|
+
bssl::GrowableArray<bssl::ECHServerConfig> configs;
|
|
3802
|
+
CRYPTO_refcount_t references = 1;
|
|
3803
|
+
|
|
3804
|
+
private:
|
|
3805
|
+
~ssl_ech_server_config_list_st() = default;
|
|
3806
|
+
friend void SSL_ECH_SERVER_CONFIG_LIST_free(SSL_ECH_SERVER_CONFIG_LIST *);
|
|
3807
|
+
};
|
|
3634
3808
|
|
|
3635
3809
|
#endif // OPENSSL_HEADER_SSL_INTERNAL_H
|
|
@@ -251,7 +251,8 @@ bool tls_flush_pending_hs_data(SSL *ssl) {
|
|
|
251
251
|
MakeConstSpan(reinterpret_cast<const uint8_t *>(pending_hs_data->data),
|
|
252
252
|
pending_hs_data->length);
|
|
253
253
|
if (ssl->quic_method) {
|
|
254
|
-
if (
|
|
254
|
+
if ((ssl->s3->hs == nullptr || !ssl->s3->hs->hints_requested) &&
|
|
255
|
+
!ssl->quic_method->add_handshake_data(ssl, ssl->s3->write_level,
|
|
255
256
|
data.data(), data.size())) {
|
|
256
257
|
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_INTERNAL_ERROR);
|
|
257
258
|
return false;
|
|
@@ -322,6 +323,11 @@ int tls_flush_flight(SSL *ssl) {
|
|
|
322
323
|
}
|
|
323
324
|
}
|
|
324
325
|
|
|
326
|
+
if (ssl->wbio == nullptr) {
|
|
327
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BIO_NOT_SET);
|
|
328
|
+
return -1;
|
|
329
|
+
}
|
|
330
|
+
|
|
325
331
|
// Write the pending flight.
|
|
326
332
|
while (ssl->s3->pending_flight_offset < ssl->s3->pending_flight->length) {
|
|
327
333
|
int ret = BIO_write(
|
|
@@ -548,13 +548,11 @@ bool ssl_cert_check_key_usage(const CBS *in, enum ssl_key_usage_t bit) {
|
|
|
548
548
|
// subjectPublicKeyInfo
|
|
549
549
|
!CBS_get_asn1(&tbs_cert, NULL, CBS_ASN1_SEQUENCE) ||
|
|
550
550
|
// issuerUniqueID
|
|
551
|
-
!CBS_get_optional_asn1(
|
|
552
|
-
|
|
553
|
-
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1) ||
|
|
551
|
+
!CBS_get_optional_asn1(&tbs_cert, NULL, NULL,
|
|
552
|
+
CBS_ASN1_CONTEXT_SPECIFIC | 1) ||
|
|
554
553
|
// subjectUniqueID
|
|
555
|
-
!CBS_get_optional_asn1(
|
|
556
|
-
|
|
557
|
-
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2) ||
|
|
554
|
+
!CBS_get_optional_asn1(&tbs_cert, NULL, NULL,
|
|
555
|
+
CBS_ASN1_CONTEXT_SPECIFIC | 2) ||
|
|
558
556
|
!CBS_get_optional_asn1(
|
|
559
557
|
&tbs_cert, &outer_extensions, &has_extensions,
|
|
560
558
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3)) {
|
|
@@ -124,29 +124,17 @@ class ECKeyShare : public SSLKeyShare {
|
|
|
124
124
|
return true;
|
|
125
125
|
}
|
|
126
126
|
|
|
127
|
-
bool
|
|
127
|
+
bool SerializePrivateKey(CBB *out) override {
|
|
128
128
|
assert(private_key_);
|
|
129
|
-
CBB cbb;
|
|
130
129
|
UniquePtr<EC_GROUP> group(EC_GROUP_new_by_curve_name(nid_));
|
|
131
130
|
// Padding is added to avoid leaking the length.
|
|
132
131
|
size_t len = BN_num_bytes(EC_GROUP_get0_order(group.get()));
|
|
133
|
-
|
|
134
|
-
!CBB_add_asn1(out, &cbb, CBS_ASN1_OCTETSTRING) ||
|
|
135
|
-
!BN_bn2cbb_padded(&cbb, len, private_key_.get()) ||
|
|
136
|
-
!CBB_flush(out)) {
|
|
137
|
-
return false;
|
|
138
|
-
}
|
|
139
|
-
return true;
|
|
132
|
+
return BN_bn2cbb_padded(out, len, private_key_.get());
|
|
140
133
|
}
|
|
141
134
|
|
|
142
|
-
bool
|
|
135
|
+
bool DeserializePrivateKey(CBS *in) override {
|
|
143
136
|
assert(!private_key_);
|
|
144
|
-
|
|
145
|
-
if (!CBS_get_asn1(in, &private_key, CBS_ASN1_OCTETSTRING)) {
|
|
146
|
-
return false;
|
|
147
|
-
}
|
|
148
|
-
private_key_.reset(BN_bin2bn(CBS_data(&private_key),
|
|
149
|
-
CBS_len(&private_key), nullptr));
|
|
137
|
+
private_key_.reset(BN_bin2bn(CBS_data(in), CBS_len(in), nullptr));
|
|
150
138
|
return private_key_ != nullptr;
|
|
151
139
|
}
|
|
152
140
|
|
|
@@ -189,16 +177,13 @@ class X25519KeyShare : public SSLKeyShare {
|
|
|
189
177
|
return true;
|
|
190
178
|
}
|
|
191
179
|
|
|
192
|
-
bool
|
|
193
|
-
return (
|
|
194
|
-
CBB_add_asn1_octet_string(out, private_key_, sizeof(private_key_)));
|
|
180
|
+
bool SerializePrivateKey(CBB *out) override {
|
|
181
|
+
return CBB_add_bytes(out, private_key_, sizeof(private_key_));
|
|
195
182
|
}
|
|
196
183
|
|
|
197
|
-
bool
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
CBS_len(&key) != sizeof(private_key_) ||
|
|
201
|
-
!CBS_copy_bytes(&key, private_key_, sizeof(private_key_))) {
|
|
184
|
+
bool DeserializePrivateKey(CBS *in) override {
|
|
185
|
+
if (CBS_len(in) != sizeof(private_key_) ||
|
|
186
|
+
!CBS_copy_bytes(in, private_key_, sizeof(private_key_))) {
|
|
202
187
|
return false;
|
|
203
188
|
}
|
|
204
189
|
return true;
|
|
@@ -339,16 +324,28 @@ UniquePtr<SSLKeyShare> SSLKeyShare::Create(uint16_t group_id) {
|
|
|
339
324
|
|
|
340
325
|
UniquePtr<SSLKeyShare> SSLKeyShare::Create(CBS *in) {
|
|
341
326
|
uint64_t group;
|
|
342
|
-
|
|
327
|
+
CBS private_key;
|
|
328
|
+
if (!CBS_get_asn1_uint64(in, &group) || group > 0xffff ||
|
|
329
|
+
!CBS_get_asn1(in, &private_key, CBS_ASN1_OCTETSTRING)) {
|
|
343
330
|
return nullptr;
|
|
344
331
|
}
|
|
345
332
|
UniquePtr<SSLKeyShare> key_share = Create(static_cast<uint16_t>(group));
|
|
346
|
-
if (!key_share || !key_share->
|
|
333
|
+
if (!key_share || !key_share->DeserializePrivateKey(&private_key)) {
|
|
347
334
|
return nullptr;
|
|
348
335
|
}
|
|
349
336
|
return key_share;
|
|
350
337
|
}
|
|
351
338
|
|
|
339
|
+
bool SSLKeyShare::Serialize(CBB *out) {
|
|
340
|
+
CBB private_key;
|
|
341
|
+
if (!CBB_add_asn1_uint64(out, GroupID()) ||
|
|
342
|
+
!CBB_add_asn1(out, &private_key, CBS_ASN1_OCTETSTRING) ||
|
|
343
|
+
!SerializePrivateKey(&private_key) || //
|
|
344
|
+
!CBB_flush(out)) {
|
|
345
|
+
return false;
|
|
346
|
+
}
|
|
347
|
+
return true;
|
|
348
|
+
}
|
|
352
349
|
|
|
353
350
|
bool SSLKeyShare::Accept(CBB *out_public_key, Array<uint8_t> *out_secret,
|
|
354
351
|
uint8_t *out_alert, Span<const uint8_t> peer_key) {
|