grpc 1.37.1 → 1.38.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +64 -58
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/channel_args.h +28 -0
- data/include/grpc/event_engine/event_engine.h +336 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/event_engine/slice_allocator.h +81 -0
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security_constants.h +14 -0
- data/include/grpc/impl/codegen/grpc_types.h +11 -0
- data/include/grpc/impl/codegen/port_platform.h +5 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +628 -3101
- data/src/core/ext/filters/client_channel/client_channel.h +489 -55
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +26 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +27 -26
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +46 -43
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -12
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +36 -30
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +23 -23
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +31 -46
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +84 -61
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +17 -9
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +13 -11
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +43 -28
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2188 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +287 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +90 -0
- data/src/core/ext/filters/client_channel/server_address.cc +1 -1
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
- data/src/core/ext/filters/client_channel/subchannel.h +7 -6
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +16 -15
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +19 -18
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
- data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +44 -45
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +129 -116
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +31 -27
- data/src/core/ext/transport/chttp2/transport/parsing.cc +63 -56
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +30 -29
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +101 -93
- data/src/core/ext/xds/xds_api.h +6 -6
- data/src/core/ext/xds/xds_bootstrap.cc +97 -159
- data/src/core/ext/xds/xds_bootstrap.h +19 -24
- data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
- data/src/core/ext/xds/xds_certificate_provider.h +4 -4
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +310 -178
- data/src/core/ext/xds/xds_client.h +41 -27
- data/src/core/ext/xds/xds_client_stats.h +3 -2
- data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +3 -20
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +6 -11
- data/src/core/lib/channel/channel_stack.cc +10 -9
- data/src/core/lib/channel/channel_stack.h +10 -9
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +21 -13
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/handshaker.cc +7 -6
- data/src/core/lib/channel/handshaker.h +5 -5
- data/src/core/lib/event_engine/slice_allocator.cc +59 -0
- data/src/core/lib/event_engine/sockaddr.cc +38 -0
- data/src/core/lib/gprpp/ref_counted.h +28 -14
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +180 -0
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +11 -7
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +7 -9
- data/src/core/lib/iomgr/buffer_list.h +4 -5
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +167 -61
- data/src/core/lib/iomgr/error.h +217 -106
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +5 -5
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
- data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/exec_ctx.cc +4 -4
- data/src/core/lib/iomgr/exec_ctx.h +1 -1
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -2
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +5 -5
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +3 -3
- data/src/core/lib/iomgr/resolve_address.h +6 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +11 -10
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +22 -20
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +15 -17
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +36 -34
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +23 -21
- data/src/core/lib/iomgr/tcp_server_posix.cc +22 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -17
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +25 -23
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +6 -6
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/matchers/matchers.cc +39 -39
- data/src/core/lib/matchers/matchers.h +28 -28
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +2 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +9 -9
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +22 -4
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +56 -60
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +33 -32
- data/src/core/lib/security/transport/server_auth_filter.cc +19 -13
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/surface/call.cc +46 -45
- data/src/core/lib/surface/call.h +2 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +3 -2
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +46 -47
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/lame_client.cc +11 -11
- data/src/core/lib/surface/lame_client.h +1 -1
- data/src/core/lib/surface/server.cc +28 -22
- data/src/core/lib/surface/server.h +16 -15
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +19 -8
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata_batch.cc +37 -37
- data/src/core/lib/transport/metadata_batch.h +19 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +4 -4
- data/src/core/lib/transport/transport_op_string.cc +5 -5
- data/src/core/tsi/alts/crypt/gsec.h +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/ssl_transport_security.cc +32 -14
- data/src/core/tsi/ssl_transport_security.h +3 -4
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +477 -461
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +4 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +45 -48
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +38 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +37 -45
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +103 -42
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +58 -37
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +19 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +39 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -38
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +185 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +416 -121
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -0
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +444 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +244 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +43 -12
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +149 -8
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +220 -46
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +7 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +74 -15
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +98 -64
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +34 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +205 -100
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- metadata +68 -45
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
|
@@ -28,6 +28,7 @@
|
|
|
28
28
|
#include <openssl/stack.h>
|
|
29
29
|
|
|
30
30
|
#include "../crypto/internal.h"
|
|
31
|
+
#include "../crypto/hpke/internal.h"
|
|
31
32
|
#include "internal.h"
|
|
32
33
|
|
|
33
34
|
|
|
@@ -41,35 +42,57 @@ static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
|
|
|
41
42
|
// See RFC 8446, section 8.3.
|
|
42
43
|
static const int32_t kMaxTicketAgeSkewSeconds = 60;
|
|
43
44
|
|
|
44
|
-
static
|
|
45
|
-
|
|
45
|
+
static bool resolve_ecdhe_secret(SSL_HANDSHAKE *hs,
|
|
46
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
|
46
47
|
SSL *const ssl = hs->ssl;
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
// We only support connections that include an ECDHE key exchange.
|
|
50
|
-
CBS key_share;
|
|
51
|
-
if (!ssl_client_hello_get_extension(client_hello, &key_share,
|
|
52
|
-
TLSEXT_TYPE_key_share)) {
|
|
53
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
|
|
54
|
-
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
|
|
55
|
-
return 0;
|
|
56
|
-
}
|
|
48
|
+
const uint16_t group_id = hs->new_session->group_id;
|
|
57
49
|
|
|
58
50
|
bool found_key_share;
|
|
59
|
-
|
|
51
|
+
Span<const uint8_t> peer_key;
|
|
60
52
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
|
61
|
-
if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &
|
|
62
|
-
&alert,
|
|
53
|
+
if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &peer_key,
|
|
54
|
+
&alert, client_hello)) {
|
|
63
55
|
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
64
|
-
return
|
|
56
|
+
return false;
|
|
65
57
|
}
|
|
66
58
|
|
|
67
59
|
if (!found_key_share) {
|
|
68
|
-
|
|
69
|
-
|
|
60
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
|
61
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
|
62
|
+
return false;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
Array<uint8_t> secret;
|
|
66
|
+
SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
|
|
67
|
+
if (hints && !hs->hints_requested && hints->key_share_group_id == group_id &&
|
|
68
|
+
!hints->key_share_secret.empty()) {
|
|
69
|
+
// Copy DH secret from hints.
|
|
70
|
+
if (!hs->ecdh_public_key.CopyFrom(hints->key_share_public_key) ||
|
|
71
|
+
!secret.CopyFrom(hints->key_share_secret)) {
|
|
72
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
|
73
|
+
return false;
|
|
74
|
+
}
|
|
75
|
+
} else {
|
|
76
|
+
ScopedCBB public_key;
|
|
77
|
+
UniquePtr<SSLKeyShare> key_share = SSLKeyShare::Create(group_id);
|
|
78
|
+
if (!key_share || //
|
|
79
|
+
!CBB_init(public_key.get(), 32) ||
|
|
80
|
+
!key_share->Accept(public_key.get(), &secret, &alert, peer_key) ||
|
|
81
|
+
!CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
|
|
82
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
83
|
+
return false;
|
|
84
|
+
}
|
|
85
|
+
if (hints && hs->hints_requested) {
|
|
86
|
+
hints->key_share_group_id = group_id;
|
|
87
|
+
if (!hints->key_share_public_key.CopyFrom(hs->ecdh_public_key) ||
|
|
88
|
+
!hints->key_share_secret.CopyFrom(secret)) {
|
|
89
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
|
90
|
+
return false;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
70
93
|
}
|
|
71
94
|
|
|
72
|
-
return tls13_advance_key_schedule(hs,
|
|
95
|
+
return tls13_advance_key_schedule(hs, secret);
|
|
73
96
|
}
|
|
74
97
|
|
|
75
98
|
static int ssl_ext_supported_versions_add_serverhello(SSL_HANDSHAKE *hs,
|
|
@@ -186,13 +209,8 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) {
|
|
|
186
209
|
// the common handshake logic. Resolve the remaining non-PSK parameters.
|
|
187
210
|
SSL *const ssl = hs->ssl;
|
|
188
211
|
SSLMessage msg;
|
|
189
|
-
if (!ssl->method->get_message(ssl, &msg)) {
|
|
190
|
-
return ssl_hs_read_message;
|
|
191
|
-
}
|
|
192
212
|
SSL_CLIENT_HELLO client_hello;
|
|
193
|
-
if (!
|
|
194
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
|
|
195
|
-
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
|
213
|
+
if (!hs->GetClientHello(&msg, &client_hello)) {
|
|
196
214
|
return ssl_hs_error;
|
|
197
215
|
}
|
|
198
216
|
|
|
@@ -252,6 +270,16 @@ static enum ssl_ticket_aead_result_t select_session(
|
|
|
252
270
|
return ssl_ticket_aead_ignore_ticket;
|
|
253
271
|
}
|
|
254
272
|
|
|
273
|
+
// Per RFC8446, section 4.2.9, servers MUST abort the handshake if the client
|
|
274
|
+
// sends pre_shared_key without psk_key_exchange_modes.
|
|
275
|
+
CBS unused;
|
|
276
|
+
if (!ssl_client_hello_get_extension(client_hello, &unused,
|
|
277
|
+
TLSEXT_TYPE_psk_key_exchange_modes)) {
|
|
278
|
+
*out_alert = SSL_AD_MISSING_EXTENSION;
|
|
279
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
|
|
280
|
+
return ssl_ticket_aead_error;
|
|
281
|
+
}
|
|
282
|
+
|
|
255
283
|
CBS ticket, binders;
|
|
256
284
|
uint32_t client_ticket_age;
|
|
257
285
|
if (!ssl_ext_pre_shared_key_parse_clienthello(
|
|
@@ -337,13 +365,8 @@ static bool quic_ticket_compatible(const SSL_SESSION *session,
|
|
|
337
365
|
static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
338
366
|
SSL *const ssl = hs->ssl;
|
|
339
367
|
SSLMessage msg;
|
|
340
|
-
if (!ssl->method->get_message(ssl, &msg)) {
|
|
341
|
-
return ssl_hs_read_message;
|
|
342
|
-
}
|
|
343
368
|
SSL_CLIENT_HELLO client_hello;
|
|
344
|
-
if (!
|
|
345
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
|
|
346
|
-
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
|
369
|
+
if (!hs->GetClientHello(&msg, &client_hello)) {
|
|
347
370
|
return ssl_hs_error;
|
|
348
371
|
}
|
|
349
372
|
|
|
@@ -393,6 +416,23 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
|
393
416
|
return ssl_hs_error;
|
|
394
417
|
}
|
|
395
418
|
|
|
419
|
+
// Record connection properties in the new session.
|
|
420
|
+
hs->new_session->cipher = hs->new_cipher;
|
|
421
|
+
if (!tls1_get_shared_group(hs, &hs->new_session->group_id)) {
|
|
422
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
|
|
423
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
|
|
424
|
+
return ssl_hs_error;
|
|
425
|
+
}
|
|
426
|
+
|
|
427
|
+
// Determine if we need HelloRetryRequest.
|
|
428
|
+
bool found_key_share;
|
|
429
|
+
if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share,
|
|
430
|
+
/*out_key_share=*/nullptr, &alert,
|
|
431
|
+
&client_hello)) {
|
|
432
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
433
|
+
return ssl_hs_error;
|
|
434
|
+
}
|
|
435
|
+
|
|
396
436
|
// Determine if we're negotiating 0-RTT.
|
|
397
437
|
if (!ssl->enable_early_data) {
|
|
398
438
|
ssl->s3->early_data_reason = ssl_early_data_disabled;
|
|
@@ -423,6 +463,8 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
|
423
463
|
ssl->s3->early_data_reason = ssl_early_data_ticket_age_skew;
|
|
424
464
|
} else if (!quic_ticket_compatible(session.get(), hs->config)) {
|
|
425
465
|
ssl->s3->early_data_reason = ssl_early_data_quic_parameter_mismatch;
|
|
466
|
+
} else if (!found_key_share) {
|
|
467
|
+
ssl->s3->early_data_reason = ssl_early_data_hello_retry_request;
|
|
426
468
|
} else {
|
|
427
469
|
// |ssl_session_is_resumable| forbids cross-cipher resumptions even if the
|
|
428
470
|
// PRF hashes match.
|
|
@@ -432,9 +474,6 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
|
432
474
|
ssl->s3->early_data_accepted = true;
|
|
433
475
|
}
|
|
434
476
|
|
|
435
|
-
// Record connection properties in the new session.
|
|
436
|
-
hs->new_session->cipher = hs->new_cipher;
|
|
437
|
-
|
|
438
477
|
// Store the ALPN and ALPS values in the session for 0-RTT. Note the peer
|
|
439
478
|
// applications settings are not generally known until client
|
|
440
479
|
// EncryptedExtensions.
|
|
@@ -497,33 +536,30 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
|
|
|
497
536
|
ssl->s3->skip_early_data = true;
|
|
498
537
|
}
|
|
499
538
|
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
if (ssl->s3->early_data_accepted) {
|
|
505
|
-
ssl->s3->early_data_reason = ssl_early_data_hello_retry_request;
|
|
506
|
-
ssl->s3->early_data_accepted = false;
|
|
507
|
-
}
|
|
508
|
-
ssl->s3->skip_early_data = true;
|
|
509
|
-
ssl->method->next_message(ssl);
|
|
510
|
-
if (!hs->transcript.UpdateForHelloRetryRequest()) {
|
|
511
|
-
return ssl_hs_error;
|
|
512
|
-
}
|
|
513
|
-
hs->tls13_state = state13_send_hello_retry_request;
|
|
514
|
-
return ssl_hs_ok;
|
|
539
|
+
if (!found_key_share) {
|
|
540
|
+
ssl->method->next_message(ssl);
|
|
541
|
+
if (!hs->transcript.UpdateForHelloRetryRequest()) {
|
|
542
|
+
return ssl_hs_error;
|
|
515
543
|
}
|
|
544
|
+
hs->tls13_state = state13_send_hello_retry_request;
|
|
545
|
+
return ssl_hs_ok;
|
|
546
|
+
}
|
|
547
|
+
|
|
548
|
+
if (!resolve_ecdhe_secret(hs, &client_hello)) {
|
|
516
549
|
return ssl_hs_error;
|
|
517
550
|
}
|
|
518
551
|
|
|
519
552
|
ssl->method->next_message(ssl);
|
|
553
|
+
hs->ech_client_hello_buf.Reset();
|
|
520
554
|
hs->tls13_state = state13_send_server_hello;
|
|
521
555
|
return ssl_hs_ok;
|
|
522
556
|
}
|
|
523
557
|
|
|
524
558
|
static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) {
|
|
525
559
|
SSL *const ssl = hs->ssl;
|
|
526
|
-
|
|
560
|
+
if (hs->hints_requested) {
|
|
561
|
+
return ssl_hs_hints_ready;
|
|
562
|
+
}
|
|
527
563
|
|
|
528
564
|
ScopedCBB cbb;
|
|
529
565
|
CBB body, session_id, extensions;
|
|
@@ -566,12 +602,78 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
|
|
|
566
602
|
return ssl_hs_error;
|
|
567
603
|
}
|
|
568
604
|
SSL_CLIENT_HELLO client_hello;
|
|
569
|
-
if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
|
|
605
|
+
if (!ssl_client_hello_init(ssl, &client_hello, msg.body)) {
|
|
570
606
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
|
|
571
607
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
|
572
608
|
return ssl_hs_error;
|
|
573
609
|
}
|
|
574
610
|
|
|
611
|
+
if (hs->ech_accept) {
|
|
612
|
+
// If we previously accepted the ClientHelloInner, check that the second
|
|
613
|
+
// ClientHello contains an encrypted_client_hello extension.
|
|
614
|
+
CBS ech_body;
|
|
615
|
+
if (!ssl_client_hello_get_extension(&client_hello, &ech_body,
|
|
616
|
+
TLSEXT_TYPE_encrypted_client_hello)) {
|
|
617
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
|
|
618
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
|
|
619
|
+
return ssl_hs_error;
|
|
620
|
+
}
|
|
621
|
+
|
|
622
|
+
// Parse a ClientECH out of the extension body.
|
|
623
|
+
uint16_t kdf_id, aead_id;
|
|
624
|
+
CBS config_id, enc, payload;
|
|
625
|
+
if (!CBS_get_u16(&ech_body, &kdf_id) || //
|
|
626
|
+
!CBS_get_u16(&ech_body, &aead_id) ||
|
|
627
|
+
!CBS_get_u8_length_prefixed(&ech_body, &config_id) ||
|
|
628
|
+
!CBS_get_u16_length_prefixed(&ech_body, &enc) ||
|
|
629
|
+
!CBS_get_u16_length_prefixed(&ech_body, &payload) ||
|
|
630
|
+
CBS_len(&ech_body) != 0) {
|
|
631
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
632
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
|
633
|
+
return ssl_hs_error;
|
|
634
|
+
}
|
|
635
|
+
|
|
636
|
+
// Check that ClientECH.cipher_suite is unchanged and that
|
|
637
|
+
// ClientECH.config_id and ClientECH.enc are empty.
|
|
638
|
+
if (kdf_id != EVP_HPKE_CTX_get_kdf_id(hs->ech_hpke_ctx.get()) ||
|
|
639
|
+
aead_id != EVP_HPKE_CTX_get_aead_id(hs->ech_hpke_ctx.get()) ||
|
|
640
|
+
CBS_len(&config_id) > 0 || CBS_len(&enc) > 0) {
|
|
641
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
642
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
|
643
|
+
return ssl_hs_error;
|
|
644
|
+
}
|
|
645
|
+
|
|
646
|
+
// Decrypt the payload with the HPKE context from the first ClientHello.
|
|
647
|
+
Array<uint8_t> encoded_client_hello_inner;
|
|
648
|
+
bool unused;
|
|
649
|
+
if (!ssl_client_hello_decrypt(
|
|
650
|
+
hs->ech_hpke_ctx.get(), &encoded_client_hello_inner, &unused,
|
|
651
|
+
&client_hello, kdf_id, aead_id, config_id, enc, payload)) {
|
|
652
|
+
// Decryption failure is fatal in the second ClientHello.
|
|
653
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
|
|
654
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
|
655
|
+
return ssl_hs_error;
|
|
656
|
+
}
|
|
657
|
+
|
|
658
|
+
// Recover the ClientHelloInner from the EncodedClientHelloInner.
|
|
659
|
+
uint8_t alert = SSL_AD_DECODE_ERROR;
|
|
660
|
+
bssl::Array<uint8_t> client_hello_inner;
|
|
661
|
+
if (!ssl_decode_client_hello_inner(ssl, &alert, &client_hello_inner,
|
|
662
|
+
encoded_client_hello_inner,
|
|
663
|
+
&client_hello)) {
|
|
664
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
665
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
|
|
666
|
+
return ssl_hs_error;
|
|
667
|
+
}
|
|
668
|
+
hs->ech_client_hello_buf = std::move(client_hello_inner);
|
|
669
|
+
|
|
670
|
+
// Reparse |client_hello| from the buffer owned by |hs|.
|
|
671
|
+
if (!hs->GetClientHello(&msg, &client_hello)) {
|
|
672
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
673
|
+
return ssl_hs_error;
|
|
674
|
+
}
|
|
675
|
+
}
|
|
676
|
+
|
|
575
677
|
// We perform all our negotiation based on the first ClientHello (for
|
|
576
678
|
// consistency with what |select_certificate_cb| observed), which is in the
|
|
577
679
|
// transcript, so we can ignore most of this second one.
|
|
@@ -607,13 +709,7 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
|
|
|
607
709
|
}
|
|
608
710
|
}
|
|
609
711
|
|
|
610
|
-
|
|
611
|
-
if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
|
|
612
|
-
if (need_retry) {
|
|
613
|
-
// Only send one HelloRetryRequest.
|
|
614
|
-
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
|
615
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
|
616
|
-
}
|
|
712
|
+
if (!resolve_ecdhe_secret(hs, &client_hello)) {
|
|
617
713
|
return ssl_hs_error;
|
|
618
714
|
}
|
|
619
715
|
|
|
@@ -629,70 +725,73 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
|
|
|
629
725
|
}
|
|
630
726
|
|
|
631
727
|
ssl->method->next_message(ssl);
|
|
728
|
+
hs->ech_client_hello_buf.Reset();
|
|
632
729
|
hs->tls13_state = state13_send_server_hello;
|
|
633
730
|
return ssl_hs_ok;
|
|
634
731
|
}
|
|
635
732
|
|
|
733
|
+
static bool make_server_hello(SSL_HANDSHAKE *hs, Array<uint8_t> *out) {
|
|
734
|
+
SSL *const ssl = hs->ssl;
|
|
735
|
+
ScopedCBB cbb;
|
|
736
|
+
CBB body, extensions, session_id;
|
|
737
|
+
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_HELLO) ||
|
|
738
|
+
!CBB_add_u16(&body, TLS1_2_VERSION) ||
|
|
739
|
+
!CBB_add_bytes(&body, ssl->s3->server_random,
|
|
740
|
+
sizeof(ssl->s3->server_random)) ||
|
|
741
|
+
!CBB_add_u8_length_prefixed(&body, &session_id) ||
|
|
742
|
+
!CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
|
|
743
|
+
!CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
|
|
744
|
+
!CBB_add_u8(&body, 0) ||
|
|
745
|
+
!CBB_add_u16_length_prefixed(&body, &extensions) ||
|
|
746
|
+
!ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||
|
|
747
|
+
!ssl_ext_key_share_add_serverhello(hs, &extensions) ||
|
|
748
|
+
!ssl_ext_supported_versions_add_serverhello(hs, &extensions) ||
|
|
749
|
+
!ssl->method->finish_message(ssl, cbb.get(), out)) {
|
|
750
|
+
return false;
|
|
751
|
+
}
|
|
752
|
+
return true;
|
|
753
|
+
}
|
|
754
|
+
|
|
636
755
|
static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
637
756
|
SSL *const ssl = hs->ssl;
|
|
638
757
|
|
|
639
758
|
Span<uint8_t> random(ssl->s3->server_random);
|
|
640
|
-
RAND_bytes(random.data(), random.size());
|
|
641
759
|
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
760
|
+
SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
|
|
761
|
+
if (hints && !hs->hints_requested &&
|
|
762
|
+
hints->server_random.size() == random.size()) {
|
|
763
|
+
OPENSSL_memcpy(random.data(), hints->server_random.data(), random.size());
|
|
764
|
+
} else {
|
|
765
|
+
RAND_bytes(random.data(), random.size());
|
|
766
|
+
if (hints && hs->hints_requested &&
|
|
767
|
+
!hints->server_random.CopyFrom(random)) {
|
|
768
|
+
return ssl_hs_error;
|
|
769
|
+
}
|
|
770
|
+
}
|
|
771
|
+
|
|
772
|
+
assert(!hs->ech_accept || hs->ech_is_inner_present);
|
|
773
|
+
|
|
645
774
|
if (hs->ech_is_inner_present) {
|
|
646
775
|
// Construct the ServerHelloECHConf message, which is the same as
|
|
647
776
|
// ServerHello, except the last 8 bytes of its random field are zeroed out.
|
|
648
777
|
Span<uint8_t> random_suffix = random.subspan(24);
|
|
649
778
|
OPENSSL_memset(random_suffix.data(), 0, random_suffix.size());
|
|
650
779
|
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
!CBB_add_u16(&body, TLS1_2_VERSION) ||
|
|
656
|
-
!CBB_add_bytes(&body, random.data(), random.size()) ||
|
|
657
|
-
!CBB_add_u8_length_prefixed(&body, &session_id) ||
|
|
658
|
-
!CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
|
|
659
|
-
!CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
|
|
660
|
-
!CBB_add_u8(&body, 0) ||
|
|
661
|
-
!CBB_add_u16_length_prefixed(&body, &extensions) ||
|
|
662
|
-
!ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||
|
|
663
|
-
!ssl_ext_key_share_add_serverhello(hs, &extensions, /*dry_run=*/true) ||
|
|
664
|
-
!ssl_ext_supported_versions_add_serverhello(hs, &extensions) ||
|
|
665
|
-
!CBB_flush(cbb.get())) {
|
|
666
|
-
return ssl_hs_error;
|
|
667
|
-
}
|
|
668
|
-
|
|
669
|
-
// Note that |cbb| includes the message type and length fields, but not the
|
|
670
|
-
// record layer header.
|
|
671
|
-
if (!tls13_ech_accept_confirmation(
|
|
672
|
-
hs, random_suffix,
|
|
673
|
-
bssl::MakeConstSpan(CBB_data(cbb.get()), CBB_len(cbb.get())))) {
|
|
780
|
+
Array<uint8_t> server_hello_ech_conf;
|
|
781
|
+
if (!make_server_hello(hs, &server_hello_ech_conf) ||
|
|
782
|
+
!tls13_ech_accept_confirmation(hs, random_suffix,
|
|
783
|
+
server_hello_ech_conf)) {
|
|
674
784
|
return ssl_hs_error;
|
|
675
785
|
}
|
|
676
786
|
}
|
|
677
787
|
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
|
|
681
|
-
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_HELLO) ||
|
|
682
|
-
!CBB_add_u16(&body, TLS1_2_VERSION) ||
|
|
683
|
-
!CBB_add_bytes(&body, random.data(), random.size()) ||
|
|
684
|
-
!CBB_add_u8_length_prefixed(&body, &session_id) ||
|
|
685
|
-
!CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
|
|
686
|
-
!CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
|
|
687
|
-
!CBB_add_u8(&body, 0) ||
|
|
688
|
-
!CBB_add_u16_length_prefixed(&body, &extensions) ||
|
|
689
|
-
!ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||
|
|
690
|
-
!ssl_ext_key_share_add_serverhello(hs, &extensions, /*dry_run=*/false) ||
|
|
691
|
-
!ssl_ext_supported_versions_add_serverhello(hs, &extensions) ||
|
|
692
|
-
!ssl_add_message_cbb(ssl, cbb.get())) {
|
|
788
|
+
Array<uint8_t> server_hello;
|
|
789
|
+
if (!make_server_hello(hs, &server_hello) ||
|
|
790
|
+
!ssl->method->add_message(ssl, std::move(server_hello))) {
|
|
693
791
|
return ssl_hs_error;
|
|
694
792
|
}
|
|
695
793
|
|
|
794
|
+
hs->ecdh_public_key.Reset(); // No longer needed.
|
|
696
795
|
if (!ssl->s3->used_hello_retry_request &&
|
|
697
796
|
!ssl->method->add_change_cipher_spec(ssl)) {
|
|
698
797
|
return ssl_hs_error;
|
|
@@ -707,6 +806,8 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
|
|
|
707
806
|
}
|
|
708
807
|
|
|
709
808
|
// Send EncryptedExtensions.
|
|
809
|
+
ScopedCBB cbb;
|
|
810
|
+
CBB body;
|
|
710
811
|
if (!ssl->method->init_message(ssl, cbb.get(), &body,
|
|
711
812
|
SSL3_MT_ENCRYPTED_EXTENSIONS) ||
|
|
712
813
|
!ssl_add_serverhello_tlsext(hs, &body) ||
|
|
@@ -796,6 +897,10 @@ static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
|
796
897
|
|
|
797
898
|
static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
|
|
798
899
|
SSL *const ssl = hs->ssl;
|
|
900
|
+
if (hs->hints_requested) {
|
|
901
|
+
return ssl_hs_hints_ready;
|
|
902
|
+
}
|
|
903
|
+
|
|
799
904
|
if (!tls13_add_finished(hs) ||
|
|
800
905
|
// Update the secret to the master secret and derive traffic keys.
|
|
801
906
|
!tls13_advance_key_schedule(
|
|
@@ -93,7 +93,8 @@ static bool tls_set_read_state(SSL *ssl, ssl_encryption_level_t level,
|
|
|
93
93
|
}
|
|
94
94
|
|
|
95
95
|
if (ssl->quic_method != nullptr) {
|
|
96
|
-
if (
|
|
96
|
+
if ((ssl->s3->hs == nullptr || !ssl->s3->hs->hints_requested) &&
|
|
97
|
+
!ssl->quic_method->set_read_secret(ssl, level, aead_ctx->cipher(),
|
|
97
98
|
secret_for_quic.data(),
|
|
98
99
|
secret_for_quic.size())) {
|
|
99
100
|
return false;
|
|
@@ -121,7 +122,8 @@ static bool tls_set_write_state(SSL *ssl, ssl_encryption_level_t level,
|
|
|
121
122
|
}
|
|
122
123
|
|
|
123
124
|
if (ssl->quic_method != nullptr) {
|
|
124
|
-
if (
|
|
125
|
+
if ((ssl->s3->hs == nullptr || !ssl->s3->hs->hints_requested) &&
|
|
126
|
+
!ssl->quic_method->set_write_secret(ssl, level, aead_ctx->cipher(),
|
|
125
127
|
secret_for_quic.data(),
|
|
126
128
|
secret_for_quic.size())) {
|
|
127
129
|
return false;
|