grpc 1.37.1 → 1.38.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +64 -58
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/channel_args.h +28 -0
- data/include/grpc/event_engine/event_engine.h +336 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/event_engine/slice_allocator.h +81 -0
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security_constants.h +14 -0
- data/include/grpc/impl/codegen/grpc_types.h +11 -0
- data/include/grpc/impl/codegen/port_platform.h +5 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +628 -3101
- data/src/core/ext/filters/client_channel/client_channel.h +489 -55
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +26 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +27 -26
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +46 -43
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -12
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +36 -30
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +23 -23
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +31 -46
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +84 -61
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +17 -9
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +13 -11
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +43 -28
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2188 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +287 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +90 -0
- data/src/core/ext/filters/client_channel/server_address.cc +1 -1
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
- data/src/core/ext/filters/client_channel/subchannel.h +7 -6
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +16 -15
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +19 -18
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
- data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +44 -45
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +129 -116
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +31 -27
- data/src/core/ext/transport/chttp2/transport/parsing.cc +63 -56
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +30 -29
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +101 -93
- data/src/core/ext/xds/xds_api.h +6 -6
- data/src/core/ext/xds/xds_bootstrap.cc +97 -159
- data/src/core/ext/xds/xds_bootstrap.h +19 -24
- data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
- data/src/core/ext/xds/xds_certificate_provider.h +4 -4
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +310 -178
- data/src/core/ext/xds/xds_client.h +41 -27
- data/src/core/ext/xds/xds_client_stats.h +3 -2
- data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +3 -20
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +6 -11
- data/src/core/lib/channel/channel_stack.cc +10 -9
- data/src/core/lib/channel/channel_stack.h +10 -9
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +21 -13
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/handshaker.cc +7 -6
- data/src/core/lib/channel/handshaker.h +5 -5
- data/src/core/lib/event_engine/slice_allocator.cc +59 -0
- data/src/core/lib/event_engine/sockaddr.cc +38 -0
- data/src/core/lib/gprpp/ref_counted.h +28 -14
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +180 -0
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +11 -7
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +7 -9
- data/src/core/lib/iomgr/buffer_list.h +4 -5
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +167 -61
- data/src/core/lib/iomgr/error.h +217 -106
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +5 -5
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
- data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/exec_ctx.cc +4 -4
- data/src/core/lib/iomgr/exec_ctx.h +1 -1
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -2
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +5 -5
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +3 -3
- data/src/core/lib/iomgr/resolve_address.h +6 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +11 -10
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +22 -20
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +15 -17
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +36 -34
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +23 -21
- data/src/core/lib/iomgr/tcp_server_posix.cc +22 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -17
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +25 -23
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +6 -6
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/matchers/matchers.cc +39 -39
- data/src/core/lib/matchers/matchers.h +28 -28
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +2 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -9
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +22 -4
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +56 -60
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +33 -32
- data/src/core/lib/security/transport/server_auth_filter.cc +19 -13
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/surface/call.cc +46 -45
- data/src/core/lib/surface/call.h +2 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +3 -2
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +46 -47
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/lame_client.cc +11 -11
- data/src/core/lib/surface/lame_client.h +1 -1
- data/src/core/lib/surface/server.cc +28 -22
- data/src/core/lib/surface/server.h +16 -15
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +19 -8
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata_batch.cc +37 -37
- data/src/core/lib/transport/metadata_batch.h +19 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +4 -4
- data/src/core/lib/transport/transport_op_string.cc +5 -5
- data/src/core/tsi/alts/crypt/gsec.h +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/ssl_transport_security.cc +32 -14
- data/src/core/tsi/ssl_transport_security.h +3 -4
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +477 -461
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +4 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +45 -48
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +38 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +37 -45
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +103 -42
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +58 -37
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +19 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +39 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -38
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +185 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +416 -121
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -0
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +444 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +244 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +43 -12
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +149 -8
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +220 -46
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +7 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +74 -15
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +98 -64
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +34 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +205 -100
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- metadata +68 -45
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
@@ -1378,6 +1378,7 @@ int SSL_get_error(const SSL *ssl, int ret_code) {
|
|
1378
1378
|
case SSL_ERROR_EARLY_DATA_REJECTED:
|
1379
1379
|
case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
|
1380
1380
|
case SSL_ERROR_WANT_RENEGOTIATE:
|
1381
|
+
case SSL_ERROR_HANDSHAKE_HINTS_READY:
|
1381
1382
|
return ssl->s3->rwstate;
|
1382
1383
|
|
1383
1384
|
case SSL_ERROR_WANT_READ: {
|
@@ -1463,6 +1464,8 @@ const char *SSL_error_description(int err) {
|
|
1463
1464
|
return "HANDOFF";
|
1464
1465
|
case SSL_ERROR_HANDBACK:
|
1465
1466
|
return "HANDBACK";
|
1467
|
+
case SSL_ERROR_HANDSHAKE_HINTS_READY:
|
1468
|
+
return "HANDSHAKE_HINTS_READY";
|
1466
1469
|
default:
|
1467
1470
|
return nullptr;
|
1468
1471
|
}
|
@@ -2186,6 +2189,63 @@ int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
|
|
2186
2189
|
return 1;
|
2187
2190
|
}
|
2188
2191
|
|
2192
|
+
SSL_ECH_SERVER_CONFIG_LIST *SSL_ECH_SERVER_CONFIG_LIST_new() {
|
2193
|
+
return New<SSL_ECH_SERVER_CONFIG_LIST>();
|
2194
|
+
}
|
2195
|
+
|
2196
|
+
void SSL_ECH_SERVER_CONFIG_LIST_up_ref(SSL_ECH_SERVER_CONFIG_LIST *configs) {
|
2197
|
+
CRYPTO_refcount_inc(&configs->references);
|
2198
|
+
}
|
2199
|
+
|
2200
|
+
void SSL_ECH_SERVER_CONFIG_LIST_free(SSL_ECH_SERVER_CONFIG_LIST *configs) {
|
2201
|
+
if (configs == nullptr ||
|
2202
|
+
!CRYPTO_refcount_dec_and_test_zero(&configs->references)) {
|
2203
|
+
return;
|
2204
|
+
}
|
2205
|
+
|
2206
|
+
configs->~ssl_ech_server_config_list_st();
|
2207
|
+
OPENSSL_free(configs);
|
2208
|
+
}
|
2209
|
+
|
2210
|
+
int SSL_ECH_SERVER_CONFIG_LIST_add(SSL_ECH_SERVER_CONFIG_LIST *configs,
|
2211
|
+
int is_retry_config,
|
2212
|
+
const uint8_t *ech_config,
|
2213
|
+
size_t ech_config_len,
|
2214
|
+
const uint8_t *private_key,
|
2215
|
+
size_t private_key_len) {
|
2216
|
+
ECHServerConfig parsed_config;
|
2217
|
+
if (!parsed_config.Init(MakeConstSpan(ech_config, ech_config_len),
|
2218
|
+
MakeConstSpan(private_key, private_key_len),
|
2219
|
+
!!is_retry_config)) {
|
2220
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2221
|
+
return 0;
|
2222
|
+
}
|
2223
|
+
if (!configs->configs.Push(std::move(parsed_config))) {
|
2224
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
2225
|
+
return 0;
|
2226
|
+
}
|
2227
|
+
return 1;
|
2228
|
+
}
|
2229
|
+
|
2230
|
+
int SSL_CTX_set1_ech_server_config_list(SSL_CTX *ctx,
|
2231
|
+
SSL_ECH_SERVER_CONFIG_LIST *list) {
|
2232
|
+
bool has_retry_config = false;
|
2233
|
+
for (const bssl::ECHServerConfig &config : list->configs) {
|
2234
|
+
if (config.is_retry_config()) {
|
2235
|
+
has_retry_config = true;
|
2236
|
+
break;
|
2237
|
+
}
|
2238
|
+
}
|
2239
|
+
if (!has_retry_config) {
|
2240
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ECH_SERVER_WOULD_HAVE_NO_RETRY_CONFIGS);
|
2241
|
+
return 0;
|
2242
|
+
}
|
2243
|
+
UniquePtr<SSL_ECH_SERVER_CONFIG_LIST> owned_list = UpRef(list);
|
2244
|
+
MutexWriteLock lock(&ctx->lock);
|
2245
|
+
ctx->ech_server_config_list.swap(owned_list);
|
2246
|
+
return 1;
|
2247
|
+
}
|
2248
|
+
|
2189
2249
|
int SSL_select_next_proto(uint8_t **out, uint8_t *out_len, const uint8_t *peer,
|
2190
2250
|
unsigned peer_len, const uint8_t *supported,
|
2191
2251
|
unsigned supported_len) {
|
@@ -2243,21 +2303,26 @@ void SSL_CTX_set_next_proto_select_cb(
|
|
2243
2303
|
|
2244
2304
|
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
|
2245
2305
|
unsigned protos_len) {
|
2246
|
-
// Note this function's
|
2247
|
-
|
2248
|
-
|
2249
|
-
|
2306
|
+
// Note this function's return value is backwards.
|
2307
|
+
auto span = MakeConstSpan(protos, protos_len);
|
2308
|
+
if (!span.empty() && !ssl_is_valid_alpn_list(span)) {
|
2309
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL_LIST);
|
2310
|
+
return 1;
|
2311
|
+
}
|
2312
|
+
return ctx->alpn_client_proto_list.CopyFrom(span) ? 0 : 1;
|
2250
2313
|
}
|
2251
2314
|
|
2252
2315
|
int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos, unsigned protos_len) {
|
2253
|
-
// Note this function's
|
2316
|
+
// Note this function's return value is backwards.
|
2254
2317
|
if (!ssl->config) {
|
2255
2318
|
return 1;
|
2256
2319
|
}
|
2257
|
-
|
2258
|
-
|
2259
|
-
|
2260
|
-
|
2320
|
+
auto span = MakeConstSpan(protos, protos_len);
|
2321
|
+
if (!span.empty() && !ssl_is_valid_alpn_list(span)) {
|
2322
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL_LIST);
|
2323
|
+
return 1;
|
2324
|
+
}
|
2325
|
+
return ssl->config->alpn_client_proto_list.CopyFrom(span) ? 0 : 1;
|
2261
2326
|
}
|
2262
2327
|
|
2263
2328
|
void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
|
@@ -2935,16 +3000,10 @@ void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
|
|
2935
3000
|
ctx->false_start_allowed_without_alpn = !!allowed;
|
2936
3001
|
}
|
2937
3002
|
|
2938
|
-
int SSL_is_tls13_downgrade(const SSL *ssl) { return 0; }
|
2939
|
-
|
2940
3003
|
int SSL_used_hello_retry_request(const SSL *ssl) {
|
2941
3004
|
return ssl->s3->used_hello_retry_request;
|
2942
3005
|
}
|
2943
3006
|
|
2944
|
-
void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {}
|
2945
|
-
|
2946
|
-
void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {}
|
2947
|
-
|
2948
3007
|
void SSL_set_shed_handshake_config(SSL *ssl, int enable) {
|
2949
3008
|
if (!ssl->config) {
|
2950
3009
|
return;
|
@@ -209,11 +209,11 @@ static bool is_post_quantum_group(uint16_t id) {
|
|
209
209
|
}
|
210
210
|
|
211
211
|
bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
|
212
|
-
const
|
212
|
+
Span<const uint8_t> body) {
|
213
213
|
OPENSSL_memset(out, 0, sizeof(*out));
|
214
214
|
out->ssl = const_cast<SSL *>(ssl);
|
215
|
-
out->client_hello =
|
216
|
-
out->client_hello_len =
|
215
|
+
out->client_hello = body.data();
|
216
|
+
out->client_hello_len = body.size();
|
217
217
|
|
218
218
|
CBS client_hello, random, session_id;
|
219
219
|
CBS_init(&client_hello, out->client_hello, out->client_hello_len);
|
@@ -591,7 +591,7 @@ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
591
591
|
}
|
592
592
|
|
593
593
|
|
594
|
-
// Encrypted
|
594
|
+
// Encrypted ClientHello (ECH)
|
595
595
|
//
|
596
596
|
// https://tools.ietf.org/html/draft-ietf-tls-esni-09
|
597
597
|
|
@@ -620,7 +620,7 @@ static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) {
|
|
620
620
|
|
621
621
|
constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256;
|
622
622
|
const uint16_t aead_id = EVP_has_aes_hardware()
|
623
|
-
?
|
623
|
+
? EVP_HPKE_AEAD_AES_128_GCM
|
624
624
|
: EVP_HPKE_AEAD_CHACHA20POLY1305;
|
625
625
|
const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id);
|
626
626
|
assert(aead != nullptr);
|
@@ -748,6 +748,35 @@ static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
748
748
|
return true;
|
749
749
|
}
|
750
750
|
|
751
|
+
static bool ext_ech_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
752
|
+
SSL *const ssl = hs->ssl;
|
753
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION || //
|
754
|
+
hs->ech_accept || //
|
755
|
+
hs->ech_server_config_list == nullptr) {
|
756
|
+
return true;
|
757
|
+
}
|
758
|
+
|
759
|
+
// Write the list of retry configs to |out|. Note
|
760
|
+
// |SSL_CTX_set1_ech_server_config_list| ensures |ech_server_config_list|
|
761
|
+
// contains at least one retry config.
|
762
|
+
CBB body, retry_configs;
|
763
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
764
|
+
!CBB_add_u16_length_prefixed(out, &body) ||
|
765
|
+
!CBB_add_u16_length_prefixed(&body, &retry_configs)) {
|
766
|
+
return false;
|
767
|
+
}
|
768
|
+
for (const ECHServerConfig &config : hs->ech_server_config_list->configs) {
|
769
|
+
if (!config.is_retry_config()) {
|
770
|
+
continue;
|
771
|
+
}
|
772
|
+
if (!CBB_add_bytes(&retry_configs, config.raw().data(),
|
773
|
+
config.raw().size())) {
|
774
|
+
return false;
|
775
|
+
}
|
776
|
+
}
|
777
|
+
return CBB_flush(out);
|
778
|
+
}
|
779
|
+
|
751
780
|
static bool ext_ech_is_inner_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
752
781
|
return true;
|
753
782
|
}
|
@@ -1499,6 +1528,22 @@ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1499
1528
|
return true;
|
1500
1529
|
}
|
1501
1530
|
|
1531
|
+
bool ssl_is_valid_alpn_list(Span<const uint8_t> in) {
|
1532
|
+
CBS protocol_name_list = in;
|
1533
|
+
if (CBS_len(&protocol_name_list) == 0) {
|
1534
|
+
return false;
|
1535
|
+
}
|
1536
|
+
while (CBS_len(&protocol_name_list) > 0) {
|
1537
|
+
CBS protocol_name;
|
1538
|
+
if (!CBS_get_u8_length_prefixed(&protocol_name_list, &protocol_name) ||
|
1539
|
+
// Empty protocol names are forbidden.
|
1540
|
+
CBS_len(&protocol_name) == 0) {
|
1541
|
+
return false;
|
1542
|
+
}
|
1543
|
+
}
|
1544
|
+
return true;
|
1545
|
+
}
|
1546
|
+
|
1502
1547
|
bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs,
|
1503
1548
|
Span<const uint8_t> protocol) {
|
1504
1549
|
if (hs->config->alpn_client_proto_list.empty()) {
|
@@ -1551,25 +1596,12 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1551
1596
|
CBS protocol_name_list;
|
1552
1597
|
if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
|
1553
1598
|
CBS_len(&contents) != 0 ||
|
1554
|
-
|
1599
|
+
!ssl_is_valid_alpn_list(protocol_name_list)) {
|
1555
1600
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
1556
1601
|
*out_alert = SSL_AD_DECODE_ERROR;
|
1557
1602
|
return false;
|
1558
1603
|
}
|
1559
1604
|
|
1560
|
-
// Validate the protocol list.
|
1561
|
-
CBS protocol_name_list_copy = protocol_name_list;
|
1562
|
-
while (CBS_len(&protocol_name_list_copy) > 0) {
|
1563
|
-
CBS protocol_name;
|
1564
|
-
if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
|
1565
|
-
// Empty protocol names are forbidden.
|
1566
|
-
CBS_len(&protocol_name) == 0) {
|
1567
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
1568
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
1569
|
-
return false;
|
1570
|
-
}
|
1571
|
-
}
|
1572
|
-
|
1573
1605
|
const uint8_t *selected;
|
1574
1606
|
uint8_t selected_len;
|
1575
1607
|
int ret = ssl->ctx->alpn_select_cb(
|
@@ -2415,25 +2447,29 @@ bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2415
2447
|
}
|
2416
2448
|
|
2417
2449
|
bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
2418
|
-
|
2419
|
-
uint8_t *out_alert,
|
2420
|
-
|
2421
|
-
|
2422
|
-
|
2423
|
-
|
2424
|
-
|
2450
|
+
Span<const uint8_t> *out_peer_key,
|
2451
|
+
uint8_t *out_alert,
|
2452
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
2453
|
+
// We only support connections that include an ECDHE key exchange.
|
2454
|
+
CBS contents;
|
2455
|
+
if (!ssl_client_hello_get_extension(client_hello, &contents,
|
2456
|
+
TLSEXT_TYPE_key_share)) {
|
2457
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
|
2458
|
+
*out_alert = SSL_AD_MISSING_EXTENSION;
|
2425
2459
|
return false;
|
2426
2460
|
}
|
2427
2461
|
|
2428
|
-
|
2429
|
-
|
2462
|
+
CBS key_shares;
|
2463
|
+
if (!CBS_get_u16_length_prefixed(&contents, &key_shares) ||
|
2464
|
+
CBS_len(&contents) != 0) {
|
2430
2465
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2431
2466
|
return false;
|
2432
2467
|
}
|
2433
2468
|
|
2434
2469
|
// Find the corresponding key share.
|
2470
|
+
const uint16_t group_id = hs->new_session->group_id;
|
2435
2471
|
CBS peer_key;
|
2436
|
-
CBS_init(&peer_key,
|
2472
|
+
CBS_init(&peer_key, nullptr, 0);
|
2437
2473
|
while (CBS_len(&key_shares) > 0) {
|
2438
2474
|
uint16_t id;
|
2439
2475
|
CBS peer_key_tmp;
|
@@ -2456,47 +2492,24 @@ bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
2456
2492
|
}
|
2457
2493
|
}
|
2458
2494
|
|
2459
|
-
if (
|
2460
|
-
*
|
2461
|
-
out_secret->Reset();
|
2462
|
-
return true;
|
2495
|
+
if (out_peer_key != nullptr) {
|
2496
|
+
*out_peer_key = peer_key;
|
2463
2497
|
}
|
2464
|
-
|
2465
|
-
// Compute the DH secret.
|
2466
|
-
Array<uint8_t> secret;
|
2467
|
-
ScopedCBB public_key;
|
2468
|
-
UniquePtr<SSLKeyShare> key_share = SSLKeyShare::Create(group_id);
|
2469
|
-
if (!key_share ||
|
2470
|
-
!CBB_init(public_key.get(), 32) ||
|
2471
|
-
!key_share->Accept(public_key.get(), &secret, out_alert, peer_key) ||
|
2472
|
-
!CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
|
2473
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
2474
|
-
return false;
|
2475
|
-
}
|
2476
|
-
|
2477
|
-
*out_secret = std::move(secret);
|
2478
|
-
*out_found = true;
|
2498
|
+
*out_found = CBS_len(&peer_key) != 0;
|
2479
2499
|
return true;
|
2480
2500
|
}
|
2481
2501
|
|
2482
|
-
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out
|
2483
|
-
bool dry_run) {
|
2484
|
-
uint16_t group_id;
|
2502
|
+
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
2485
2503
|
CBB kse_bytes, public_key;
|
2486
|
-
if (!
|
2487
|
-
!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
|
2504
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
|
2488
2505
|
!CBB_add_u16_length_prefixed(out, &kse_bytes) ||
|
2489
|
-
!CBB_add_u16(&kse_bytes, group_id) ||
|
2506
|
+
!CBB_add_u16(&kse_bytes, hs->new_session->group_id) ||
|
2490
2507
|
!CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
|
2491
2508
|
!CBB_add_bytes(&public_key, hs->ecdh_public_key.data(),
|
2492
2509
|
hs->ecdh_public_key.size()) ||
|
2493
2510
|
!CBB_flush(out)) {
|
2494
2511
|
return false;
|
2495
2512
|
}
|
2496
|
-
if (!dry_run) {
|
2497
|
-
hs->ecdh_public_key.Reset();
|
2498
|
-
hs->new_session->group_id = group_id;
|
2499
|
-
}
|
2500
2513
|
return true;
|
2501
2514
|
}
|
2502
2515
|
|
@@ -3264,7 +3277,7 @@ static const struct tls_extension kExtensions[] = {
|
|
3264
3277
|
ext_ech_add_clienthello,
|
3265
3278
|
ext_ech_parse_serverhello,
|
3266
3279
|
ext_ech_parse_clienthello,
|
3267
|
-
|
3280
|
+
ext_ech_add_serverhello,
|
3268
3281
|
},
|
3269
3282
|
{
|
3270
3283
|
TLSEXT_TYPE_ech_is_inner,
|
@@ -4046,6 +4059,7 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
4046
4059
|
SSL_HANDSHAKE *hs, UniquePtr<SSL_SESSION> *out_session,
|
4047
4060
|
bool *out_renew_ticket, Span<const uint8_t> ticket,
|
4048
4061
|
Span<const uint8_t> session_id) {
|
4062
|
+
SSL *const ssl = hs->ssl;
|
4049
4063
|
*out_renew_ticket = false;
|
4050
4064
|
out_session->reset();
|
4051
4065
|
|
@@ -4054,9 +4068,21 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
4054
4068
|
return ssl_ticket_aead_ignore_ticket;
|
4055
4069
|
}
|
4056
4070
|
|
4071
|
+
// Tickets in TLS 1.3 are tied into pre-shared keys (PSKs), unlike in TLS 1.2
|
4072
|
+
// where that concept doesn't exist. The |decrypted_psk| and |ignore_psk|
|
4073
|
+
// hints only apply to PSKs. We check the version to determine which this is.
|
4074
|
+
const bool is_psk = ssl_protocol_version(ssl) >= TLS1_3_VERSION;
|
4075
|
+
|
4057
4076
|
Array<uint8_t> plaintext;
|
4058
4077
|
enum ssl_ticket_aead_result_t result;
|
4059
|
-
|
4078
|
+
SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
|
4079
|
+
if (is_psk && hints && !hs->hints_requested &&
|
4080
|
+
!hints->decrypted_psk.empty()) {
|
4081
|
+
result = plaintext.CopyFrom(hints->decrypted_psk) ? ssl_ticket_aead_success
|
4082
|
+
: ssl_ticket_aead_error;
|
4083
|
+
} else if (is_psk && hints && !hs->hints_requested && hints->ignore_psk) {
|
4084
|
+
result = ssl_ticket_aead_ignore_ticket;
|
4085
|
+
} else if (ssl->session_ctx->ticket_aead_method != NULL) {
|
4060
4086
|
result = ssl_decrypt_ticket_with_method(hs, &plaintext, out_renew_ticket,
|
4061
4087
|
ticket);
|
4062
4088
|
} else {
|
@@ -4065,9 +4091,8 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
4065
4091
|
// length should be well under the minimum size for the session material and
|
4066
4092
|
// HMAC.
|
4067
4093
|
if (ticket.size() < SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH) {
|
4068
|
-
|
4069
|
-
}
|
4070
|
-
if (hs->ssl->session_ctx->ticket_key_cb != NULL) {
|
4094
|
+
result = ssl_ticket_aead_ignore_ticket;
|
4095
|
+
} else if (ssl->session_ctx->ticket_key_cb != NULL) {
|
4071
4096
|
result =
|
4072
4097
|
ssl_decrypt_ticket_with_cb(hs, &plaintext, out_renew_ticket, ticket);
|
4073
4098
|
} else {
|
@@ -4075,13 +4100,22 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
4075
4100
|
}
|
4076
4101
|
}
|
4077
4102
|
|
4103
|
+
if (is_psk && hints && hs->hints_requested) {
|
4104
|
+
if (result == ssl_ticket_aead_ignore_ticket) {
|
4105
|
+
hints->ignore_psk = true;
|
4106
|
+
} else if (result == ssl_ticket_aead_success &&
|
4107
|
+
!hints->decrypted_psk.CopyFrom(plaintext)) {
|
4108
|
+
return ssl_ticket_aead_error;
|
4109
|
+
}
|
4110
|
+
}
|
4111
|
+
|
4078
4112
|
if (result != ssl_ticket_aead_success) {
|
4079
4113
|
return result;
|
4080
4114
|
}
|
4081
4115
|
|
4082
4116
|
// Decode the session.
|
4083
4117
|
UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
|
4084
|
-
plaintext.data(), plaintext.size(),
|
4118
|
+
plaintext.data(), plaintext.size(), ssl->ctx.get()));
|
4085
4119
|
if (!session) {
|
4086
4120
|
ERR_clear_error(); // Don't leave an error on the queue.
|
4087
4121
|
return ssl_ticket_aead_ignore_ticket;
|
@@ -580,10 +580,40 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
580
580
|
return ssl_private_key_failure;
|
581
581
|
}
|
582
582
|
|
583
|
-
|
584
|
-
|
585
|
-
if (
|
586
|
-
|
583
|
+
SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
|
584
|
+
Array<uint8_t> spki;
|
585
|
+
if (hints) {
|
586
|
+
ScopedCBB spki_cbb;
|
587
|
+
if (!CBB_init(spki_cbb.get(), 64) ||
|
588
|
+
!EVP_marshal_public_key(spki_cbb.get(), hs->local_pubkey.get()) ||
|
589
|
+
!CBBFinishArray(spki_cbb.get(), &spki)) {
|
590
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
591
|
+
return ssl_private_key_failure;
|
592
|
+
}
|
593
|
+
}
|
594
|
+
|
595
|
+
if (hints && !hs->hints_requested &&
|
596
|
+
signature_algorithm == hints->signature_algorithm &&
|
597
|
+
MakeConstSpan(msg) == hints->signature_input &&
|
598
|
+
MakeConstSpan(spki) == hints->signature_spki &&
|
599
|
+
!hints->signature.empty() && hints->signature.size() <= max_sig_len) {
|
600
|
+
// Signature algorithm and input both match. Reuse the signature from hints.
|
601
|
+
sig_len = hints->signature.size();
|
602
|
+
OPENSSL_memcpy(sig, hints->signature.data(), sig_len);
|
603
|
+
} else {
|
604
|
+
enum ssl_private_key_result_t sign_result = ssl_private_key_sign(
|
605
|
+
hs, sig, &sig_len, max_sig_len, signature_algorithm, msg);
|
606
|
+
if (sign_result != ssl_private_key_success) {
|
607
|
+
return sign_result;
|
608
|
+
}
|
609
|
+
if (hints && hs->hints_requested) {
|
610
|
+
hints->signature_algorithm = signature_algorithm;
|
611
|
+
hints->signature_input = std::move(msg);
|
612
|
+
hints->signature_spki = std::move(spki);
|
613
|
+
if (!hints->signature.CopyFrom(MakeSpan(sig, sig_len))) {
|
614
|
+
return ssl_private_key_failure;
|
615
|
+
}
|
616
|
+
}
|
587
617
|
}
|
588
618
|
|
589
619
|
if (!CBB_did_write(&child, sig_len) ||
|