grpc 1.37.1 → 1.39.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +96 -59
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/endpoint_config.h +48 -0
- data/include/grpc/event_engine/event_engine.h +334 -0
- data/include/grpc/event_engine/port.h +41 -0
- data/include/grpc/event_engine/slice_allocator.h +91 -0
- data/include/grpc/grpc.h +11 -4
- data/include/grpc/grpc_security.h +32 -0
- data/include/grpc/grpc_security_constants.h +15 -0
- data/include/grpc/impl/codegen/grpc_types.h +28 -13
- data/include/grpc/impl/codegen/port_platform.h +22 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +630 -3103
- data/src/core/ext/filters/client_channel/client_channel.h +489 -55
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +28 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +30 -29
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
- data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +46 -43
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -12
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +755 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +46 -54
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +23 -23
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +31 -46
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +146 -155
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -18
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +18 -12
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +20 -13
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -32
- data/src/core/ext/filters/client_channel/resolver.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2449 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +306 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
- data/src/core/ext/filters/client_channel/server_address.cc +1 -1
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
- data/src/core/ext/filters/client_channel/subchannel.h +7 -6
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +25 -18
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
- data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +3 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +44 -45
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +5 -4
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +139 -120
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +32 -27
- data/src/core/ext/transport/chttp2/transport/parsing.cc +65 -58
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +72 -60
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +348 -199
- data/src/core/ext/xds/xds_api.h +21 -12
- data/src/core/ext/xds/xds_bootstrap.cc +97 -159
- data/src/core/ext/xds/xds_bootstrap.h +19 -24
- data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
- data/src/core/ext/xds/xds_certificate_provider.h +4 -4
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +310 -178
- data/src/core/ext/xds/xds_client.h +41 -27
- data/src/core/ext/xds/xds_client_stats.h +3 -2
- data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +16 -20
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +16 -11
- data/src/core/lib/channel/channel_stack.cc +10 -9
- data/src/core/lib/channel/channel_stack.h +10 -9
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +21 -13
- data/src/core/lib/channel/channelz.h +3 -0
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/handshaker.cc +7 -6
- data/src/core/lib/channel/handshaker.h +5 -5
- data/src/core/lib/event_engine/endpoint_config.cc +46 -0
- data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
- data/src/core/lib/event_engine/event_engine.cc +50 -0
- data/src/core/lib/event_engine/slice_allocator.cc +89 -0
- data/src/core/lib/event_engine/sockaddr.cc +40 -0
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/ref_counted.h +28 -14
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +183 -0
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +11 -7
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +7 -9
- data/src/core/lib/iomgr/buffer_list.h +4 -5
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +168 -61
- data/src/core/lib/iomgr/error.h +217 -106
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +5 -5
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
- data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
- data/src/core/lib/iomgr/event_engine/closure.h +33 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +194 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
- data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
- data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +243 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
- data/src/core/lib/iomgr/exec_ctx.cc +12 -4
- data/src/core/lib/iomgr/exec_ctx.h +4 -5
- data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
- data/src/core/lib/iomgr/executor/threadpool.h +2 -2
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +2 -2
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +3 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -12
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +7 -7
- data/src/core/lib/iomgr/pollset_custom.h +3 -1
- data/src/core/lib/iomgr/pollset_uv.cc +3 -1
- data/src/core/lib/iomgr/pollset_uv.h +5 -1
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +7 -5
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +8 -4
- data/src/core/lib/iomgr/resolve_address.h +12 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +11 -10
- data/src/core/lib/iomgr/sockaddr.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +15 -2
- data/src/core/lib/iomgr/socket_mutator.h +26 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +24 -22
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +22 -19
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +78 -73
- data/src/core/lib/iomgr/tcp_posix.h +8 -0
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +26 -25
- data/src/core/lib/iomgr/tcp_server_posix.cc +28 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -18
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +25 -23
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer.h +6 -1
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +6 -6
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/matchers/matchers.cc +39 -39
- data/src/core/lib/matchers/matchers.h +28 -28
- data/src/core/lib/security/authorization/authorization_engine.h +44 -0
- data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
- data/src/core/lib/security/authorization/evaluate_args.h +91 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +2 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -10
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +22 -9
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +27 -4
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +56 -60
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +33 -32
- data/src/core/lib/security/transport/server_auth_filter.cc +19 -13
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/surface/call.cc +67 -46
- data/src/core/lib/surface/call.h +13 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +3 -2
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +68 -69
- data/src/core/lib/surface/completion_queue.h +3 -2
- data/src/core/lib/surface/completion_queue_factory.cc +1 -2
- data/src/core/lib/surface/init.cc +1 -3
- data/src/core/lib/surface/init.h +10 -1
- data/src/core/lib/surface/lame_client.cc +11 -11
- data/src/core/lib/surface/lame_client.h +1 -1
- data/src/core/lib/surface/server.cc +28 -22
- data/src/core/lib/surface/server.h +16 -15
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +21 -10
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata_batch.cc +37 -37
- data/src/core/lib/transport/metadata_batch.h +19 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +6 -4
- data/src/core/lib/transport/transport_op_string.cc +6 -6
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/crypt/gsec.h +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/ssl_transport_security.cc +32 -14
- data/src/core/tsi/ssl_transport_security.h +3 -4
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +11 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +483 -461
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +52 -65
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +52 -66
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +61 -75
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +80 -103
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +40 -49
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +367 -315
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +120 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +47 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +20 -49
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +25 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +283 -85
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +13 -19
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +445 -152
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -1
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +7 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1133 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +66 -30
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +154 -24
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +414 -135
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +51 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +664 -702
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +65 -7
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +213 -118
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- metadata +94 -46
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -246
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
|
@@ -15,6 +15,7 @@
|
|
|
15
15
|
#include <openssl/ssl.h>
|
|
16
16
|
|
|
17
17
|
#include <openssl/bytestring.h>
|
|
18
|
+
#include <openssl/err.h>
|
|
18
19
|
|
|
19
20
|
#include "internal.h"
|
|
20
21
|
|
|
@@ -93,7 +94,7 @@ bool SSL_serialize_handoff(const SSL *ssl, CBB *out,
|
|
|
93
94
|
!serialize_features(&seq) ||
|
|
94
95
|
!CBB_flush(out) ||
|
|
95
96
|
!ssl->method->get_message(ssl, &msg) ||
|
|
96
|
-
!ssl_client_hello_init(ssl, out_hello, msg)) {
|
|
97
|
+
!ssl_client_hello_init(ssl, out_hello, msg.body)) {
|
|
97
98
|
return false;
|
|
98
99
|
}
|
|
99
100
|
|
|
@@ -231,7 +232,7 @@ static bool apply_remote_features(SSL *ssl, CBS *in) {
|
|
|
231
232
|
// disqualifies it for split handshakes.
|
|
232
233
|
static bool uses_disallowed_feature(const SSL *ssl) {
|
|
233
234
|
return ssl->method->is_dtls || (ssl->config->cert && ssl->config->cert->dc) ||
|
|
234
|
-
ssl->config->quic_transport_params.size() > 0;
|
|
235
|
+
ssl->config->quic_transport_params.size() > 0 || ssl->ctx->ech_keys;
|
|
235
236
|
}
|
|
236
237
|
|
|
237
238
|
bool SSL_apply_handoff(SSL *ssl, Span<const uint8_t> handoff) {
|
|
@@ -337,6 +338,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
|
337
338
|
} else {
|
|
338
339
|
session = s3->session_reused ? ssl->session.get() : hs->new_session.get();
|
|
339
340
|
}
|
|
341
|
+
static const uint8_t kUnusedChannelID[64] = {0};
|
|
340
342
|
if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
|
|
341
343
|
!CBB_add_asn1_uint64(&seq, kHandbackVersion) ||
|
|
342
344
|
!CBB_add_asn1_uint64(&seq, type) ||
|
|
@@ -351,7 +353,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
|
351
353
|
!CBB_add_asn1_octet_string(&seq, read_iv, read_iv_len) ||
|
|
352
354
|
!CBB_add_asn1_octet_string(&seq, write_iv, write_iv_len) ||
|
|
353
355
|
!CBB_add_asn1_bool(&seq, s3->session_reused) ||
|
|
354
|
-
!CBB_add_asn1_bool(&seq,
|
|
356
|
+
!CBB_add_asn1_bool(&seq, hs->channel_id_negotiated) ||
|
|
355
357
|
!ssl_session_serialize(session, &seq) ||
|
|
356
358
|
!CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),
|
|
357
359
|
s3->next_proto_negotiated.size()) ||
|
|
@@ -360,10 +362,12 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
|
|
|
360
362
|
!CBB_add_asn1_octet_string(
|
|
361
363
|
&seq, reinterpret_cast<uint8_t *>(s3->hostname.get()),
|
|
362
364
|
hostname_len) ||
|
|
363
|
-
!CBB_add_asn1_octet_string(&seq,
|
|
364
|
-
sizeof(
|
|
365
|
-
|
|
366
|
-
|
|
365
|
+
!CBB_add_asn1_octet_string(&seq, kUnusedChannelID,
|
|
366
|
+
sizeof(kUnusedChannelID)) ||
|
|
367
|
+
// These two fields were historically |token_binding_negotiated| and
|
|
368
|
+
// |negotiated_token_binding_param|.
|
|
369
|
+
!CBB_add_asn1_bool(&seq, 0) ||
|
|
370
|
+
!CBB_add_asn1_uint64(&seq, 0) ||
|
|
367
371
|
!CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||
|
|
368
372
|
!CBB_add_asn1_bool(&seq, s3->hs->cert_request) ||
|
|
369
373
|
!CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) ||
|
|
@@ -442,12 +446,13 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
|
442
446
|
}
|
|
443
447
|
|
|
444
448
|
SSL3_STATE *const s3 = ssl->s3;
|
|
445
|
-
uint64_t handback_version,
|
|
449
|
+
uint64_t handback_version, unused_token_binding_param, cipher, type_u64;
|
|
446
450
|
|
|
447
451
|
CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
|
|
448
|
-
next_proto, alpn, hostname,
|
|
449
|
-
int session_reused,
|
|
450
|
-
ticket_expected,
|
|
452
|
+
next_proto, alpn, hostname, unused_channel_id, transcript, key_share;
|
|
453
|
+
int session_reused, channel_id_negotiated, cert_request,
|
|
454
|
+
extended_master_secret, ticket_expected, unused_token_binding,
|
|
455
|
+
next_proto_neg_seen;
|
|
451
456
|
SSL_SESSION *session = nullptr;
|
|
452
457
|
|
|
453
458
|
CBS handback_cbs(handback);
|
|
@@ -475,7 +480,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
|
475
480
|
!CBS_get_asn1(&seq, &read_iv, CBS_ASN1_OCTETSTRING) ||
|
|
476
481
|
!CBS_get_asn1(&seq, &write_iv, CBS_ASN1_OCTETSTRING) ||
|
|
477
482
|
!CBS_get_asn1_bool(&seq, &session_reused) ||
|
|
478
|
-
!CBS_get_asn1_bool(&seq, &
|
|
483
|
+
!CBS_get_asn1_bool(&seq, &channel_id_negotiated)) {
|
|
479
484
|
return false;
|
|
480
485
|
}
|
|
481
486
|
|
|
@@ -494,12 +499,9 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
|
494
499
|
if (!session || !CBS_get_asn1(&seq, &next_proto, CBS_ASN1_OCTETSTRING) ||
|
|
495
500
|
!CBS_get_asn1(&seq, &alpn, CBS_ASN1_OCTETSTRING) ||
|
|
496
501
|
!CBS_get_asn1(&seq, &hostname, CBS_ASN1_OCTETSTRING) ||
|
|
497
|
-
!CBS_get_asn1(&seq, &
|
|
498
|
-
|
|
499
|
-
!
|
|
500
|
-
sizeof(s3->channel_id)) ||
|
|
501
|
-
!CBS_get_asn1_bool(&seq, &token_binding_negotiated) ||
|
|
502
|
-
!CBS_get_asn1_uint64(&seq, &negotiated_token_binding_param) ||
|
|
502
|
+
!CBS_get_asn1(&seq, &unused_channel_id, CBS_ASN1_OCTETSTRING) ||
|
|
503
|
+
!CBS_get_asn1_bool(&seq, &unused_token_binding) ||
|
|
504
|
+
!CBS_get_asn1_uint64(&seq, &unused_token_binding_param) ||
|
|
503
505
|
!CBS_get_asn1_bool(&seq, &next_proto_neg_seen) ||
|
|
504
506
|
!CBS_get_asn1_bool(&seq, &cert_request) ||
|
|
505
507
|
!CBS_get_asn1_bool(&seq, &extended_master_secret) ||
|
|
@@ -613,7 +615,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
|
613
615
|
return false;
|
|
614
616
|
}
|
|
615
617
|
s3->session_reused = session_reused;
|
|
616
|
-
|
|
618
|
+
hs->channel_id_negotiated = channel_id_negotiated;
|
|
617
619
|
s3->next_proto_negotiated.CopyFrom(next_proto);
|
|
618
620
|
s3->alpn_selected.CopyFrom(alpn);
|
|
619
621
|
|
|
@@ -628,9 +630,6 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
|
628
630
|
s3->hostname.reset(hostname_str);
|
|
629
631
|
}
|
|
630
632
|
|
|
631
|
-
s3->token_binding_negotiated = token_binding_negotiated;
|
|
632
|
-
s3->negotiated_token_binding_param =
|
|
633
|
-
static_cast<uint8_t>(negotiated_token_binding_param);
|
|
634
633
|
hs->next_proto_neg_seen = next_proto_neg_seen;
|
|
635
634
|
hs->wait = ssl_hs_flush;
|
|
636
635
|
hs->extended_master_secret = extended_master_secret;
|
|
@@ -708,3 +707,280 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
|
708
707
|
}
|
|
709
708
|
|
|
710
709
|
BSSL_NAMESPACE_END
|
|
710
|
+
|
|
711
|
+
using namespace bssl;
|
|
712
|
+
|
|
713
|
+
int SSL_serialize_capabilities(const SSL *ssl, CBB *out) {
|
|
714
|
+
CBB seq;
|
|
715
|
+
if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
|
|
716
|
+
!serialize_features(&seq) || //
|
|
717
|
+
!CBB_flush(out)) {
|
|
718
|
+
return 0;
|
|
719
|
+
}
|
|
720
|
+
|
|
721
|
+
return 1;
|
|
722
|
+
}
|
|
723
|
+
|
|
724
|
+
int SSL_request_handshake_hints(SSL *ssl, const uint8_t *client_hello,
|
|
725
|
+
size_t client_hello_len,
|
|
726
|
+
const uint8_t *capabilities,
|
|
727
|
+
size_t capabilities_len) {
|
|
728
|
+
if (SSL_is_dtls(ssl)) {
|
|
729
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
730
|
+
return 0;
|
|
731
|
+
}
|
|
732
|
+
|
|
733
|
+
CBS cbs, seq;
|
|
734
|
+
CBS_init(&cbs, capabilities, capabilities_len);
|
|
735
|
+
UniquePtr<SSL_HANDSHAKE_HINTS> hints = MakeUnique<SSL_HANDSHAKE_HINTS>();
|
|
736
|
+
if (hints == nullptr ||
|
|
737
|
+
!CBS_get_asn1(&cbs, &seq, CBS_ASN1_SEQUENCE) ||
|
|
738
|
+
!apply_remote_features(ssl, &seq)) {
|
|
739
|
+
return 0;
|
|
740
|
+
}
|
|
741
|
+
|
|
742
|
+
SSL3_STATE *const s3 = ssl->s3;
|
|
743
|
+
s3->v2_hello_done = true;
|
|
744
|
+
s3->has_message = true;
|
|
745
|
+
|
|
746
|
+
Array<uint8_t> client_hello_msg;
|
|
747
|
+
ScopedCBB client_hello_cbb;
|
|
748
|
+
CBB client_hello_body;
|
|
749
|
+
if (!ssl->method->init_message(ssl, client_hello_cbb.get(),
|
|
750
|
+
&client_hello_body, SSL3_MT_CLIENT_HELLO) ||
|
|
751
|
+
!CBB_add_bytes(&client_hello_body, client_hello, client_hello_len) ||
|
|
752
|
+
!ssl->method->finish_message(ssl, client_hello_cbb.get(),
|
|
753
|
+
&client_hello_msg)) {
|
|
754
|
+
return 0;
|
|
755
|
+
}
|
|
756
|
+
|
|
757
|
+
s3->hs_buf.reset(BUF_MEM_new());
|
|
758
|
+
if (!s3->hs_buf || !BUF_MEM_append(s3->hs_buf.get(), client_hello_msg.data(),
|
|
759
|
+
client_hello_msg.size())) {
|
|
760
|
+
return 0;
|
|
761
|
+
}
|
|
762
|
+
|
|
763
|
+
s3->hs->hints_requested = true;
|
|
764
|
+
s3->hs->hints = std::move(hints);
|
|
765
|
+
return 1;
|
|
766
|
+
}
|
|
767
|
+
|
|
768
|
+
// |SSL_HANDSHAKE_HINTS| is serialized as the following ASN.1 structure. We use
|
|
769
|
+
// implicit tagging to make it a little more compact.
|
|
770
|
+
//
|
|
771
|
+
// HandshakeHints ::= SEQUENCE {
|
|
772
|
+
// serverRandom [0] IMPLICIT OCTET STRING OPTIONAL,
|
|
773
|
+
// keyShareHint [1] IMPLICIT KeyShareHint OPTIONAL,
|
|
774
|
+
// signatureHint [2] IMPLICIT SignatureHint OPTIONAL,
|
|
775
|
+
// -- At most one of decryptedPSKHint or ignorePSKHint may be present. It
|
|
776
|
+
// -- corresponds to the first entry in pre_shared_keys. TLS 1.2 session
|
|
777
|
+
// -- tickets will use a separate hint, to ensure the caller does not mix
|
|
778
|
+
// -- them up.
|
|
779
|
+
// decryptedPSKHint [3] IMPLICIT OCTET STRING OPTIONAL,
|
|
780
|
+
// ignorePSKHint [4] IMPLICIT NULL OPTIONAL,
|
|
781
|
+
// compressCertificateHint [5] IMPLICIT CompressCertificateHint OPTIONAL,
|
|
782
|
+
// }
|
|
783
|
+
//
|
|
784
|
+
// KeyShareHint ::= SEQUENCE {
|
|
785
|
+
// groupId INTEGER,
|
|
786
|
+
// publicKey OCTET STRING,
|
|
787
|
+
// secret OCTET STRING,
|
|
788
|
+
// }
|
|
789
|
+
//
|
|
790
|
+
// SignatureHint ::= SEQUENCE {
|
|
791
|
+
// algorithm INTEGER,
|
|
792
|
+
// input OCTET STRING,
|
|
793
|
+
// subjectPublicKeyInfo OCTET STRING,
|
|
794
|
+
// signature OCTET STRING,
|
|
795
|
+
// }
|
|
796
|
+
//
|
|
797
|
+
// CompressCertificateHint ::= SEQUENCE {
|
|
798
|
+
// algorithm INTEGER,
|
|
799
|
+
// input OCTET STRING,
|
|
800
|
+
// compressed OCTET STRING,
|
|
801
|
+
// }
|
|
802
|
+
|
|
803
|
+
// HandshakeHints tags.
|
|
804
|
+
static const unsigned kServerRandomTag = CBS_ASN1_CONTEXT_SPECIFIC | 0;
|
|
805
|
+
static const unsigned kKeyShareHintTag =
|
|
806
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1;
|
|
807
|
+
static const unsigned kSignatureHintTag =
|
|
808
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2;
|
|
809
|
+
static const unsigned kDecryptedPSKTag = CBS_ASN1_CONTEXT_SPECIFIC | 3;
|
|
810
|
+
static const unsigned kIgnorePSKTag = CBS_ASN1_CONTEXT_SPECIFIC | 4;
|
|
811
|
+
static const unsigned kCompressCertificateTag = CBS_ASN1_CONTEXT_SPECIFIC | 5;
|
|
812
|
+
|
|
813
|
+
int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out) {
|
|
814
|
+
const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
|
815
|
+
if (!ssl->server || !hs->hints_requested) {
|
|
816
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
817
|
+
return 0;
|
|
818
|
+
}
|
|
819
|
+
|
|
820
|
+
const SSL_HANDSHAKE_HINTS *hints = hs->hints.get();
|
|
821
|
+
CBB seq, child;
|
|
822
|
+
if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE)) {
|
|
823
|
+
return 0;
|
|
824
|
+
}
|
|
825
|
+
|
|
826
|
+
if (!hints->server_random.empty()) {
|
|
827
|
+
if (!CBB_add_asn1(&seq, &child, kServerRandomTag) ||
|
|
828
|
+
!CBB_add_bytes(&child, hints->server_random.data(),
|
|
829
|
+
hints->server_random.size())) {
|
|
830
|
+
return 0;
|
|
831
|
+
}
|
|
832
|
+
}
|
|
833
|
+
|
|
834
|
+
if (hints->key_share_group_id != 0 && !hints->key_share_public_key.empty() &&
|
|
835
|
+
!hints->key_share_secret.empty()) {
|
|
836
|
+
if (!CBB_add_asn1(&seq, &child, kKeyShareHintTag) ||
|
|
837
|
+
!CBB_add_asn1_uint64(&child, hints->key_share_group_id) ||
|
|
838
|
+
!CBB_add_asn1_octet_string(&child, hints->key_share_public_key.data(),
|
|
839
|
+
hints->key_share_public_key.size()) ||
|
|
840
|
+
!CBB_add_asn1_octet_string(&child, hints->key_share_secret.data(),
|
|
841
|
+
hints->key_share_secret.size())) {
|
|
842
|
+
return 0;
|
|
843
|
+
}
|
|
844
|
+
}
|
|
845
|
+
|
|
846
|
+
if (hints->signature_algorithm != 0 && !hints->signature_input.empty() &&
|
|
847
|
+
!hints->signature.empty()) {
|
|
848
|
+
if (!CBB_add_asn1(&seq, &child, kSignatureHintTag) ||
|
|
849
|
+
!CBB_add_asn1_uint64(&child, hints->signature_algorithm) ||
|
|
850
|
+
!CBB_add_asn1_octet_string(&child, hints->signature_input.data(),
|
|
851
|
+
hints->signature_input.size()) ||
|
|
852
|
+
!CBB_add_asn1_octet_string(&child, hints->signature_spki.data(),
|
|
853
|
+
hints->signature_spki.size()) ||
|
|
854
|
+
!CBB_add_asn1_octet_string(&child, hints->signature.data(),
|
|
855
|
+
hints->signature.size())) {
|
|
856
|
+
return 0;
|
|
857
|
+
}
|
|
858
|
+
}
|
|
859
|
+
|
|
860
|
+
if (!hints->decrypted_psk.empty()) {
|
|
861
|
+
if (!CBB_add_asn1(&seq, &child, kDecryptedPSKTag) ||
|
|
862
|
+
!CBB_add_bytes(&child, hints->decrypted_psk.data(),
|
|
863
|
+
hints->decrypted_psk.size())) {
|
|
864
|
+
return 0;
|
|
865
|
+
}
|
|
866
|
+
}
|
|
867
|
+
|
|
868
|
+
if (hints->ignore_psk && //
|
|
869
|
+
!CBB_add_asn1(&seq, &child, kIgnorePSKTag)) {
|
|
870
|
+
return 0;
|
|
871
|
+
}
|
|
872
|
+
|
|
873
|
+
if (hints->cert_compression_alg_id != 0 &&
|
|
874
|
+
!hints->cert_compression_input.empty() &&
|
|
875
|
+
!hints->cert_compression_output.empty()) {
|
|
876
|
+
if (!CBB_add_asn1(&seq, &child, kCompressCertificateTag) ||
|
|
877
|
+
!CBB_add_asn1_uint64(&child, hints->cert_compression_alg_id) ||
|
|
878
|
+
!CBB_add_asn1_octet_string(&child, hints->cert_compression_input.data(),
|
|
879
|
+
hints->cert_compression_input.size()) ||
|
|
880
|
+
!CBB_add_asn1_octet_string(&child,
|
|
881
|
+
hints->cert_compression_output.data(),
|
|
882
|
+
hints->cert_compression_output.size())) {
|
|
883
|
+
return 0;
|
|
884
|
+
}
|
|
885
|
+
}
|
|
886
|
+
|
|
887
|
+
return CBB_flush(out);
|
|
888
|
+
}
|
|
889
|
+
|
|
890
|
+
int SSL_set_handshake_hints(SSL *ssl, const uint8_t *hints, size_t hints_len) {
|
|
891
|
+
if (SSL_is_dtls(ssl)) {
|
|
892
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
|
893
|
+
return 0;
|
|
894
|
+
}
|
|
895
|
+
|
|
896
|
+
UniquePtr<SSL_HANDSHAKE_HINTS> hints_obj = MakeUnique<SSL_HANDSHAKE_HINTS>();
|
|
897
|
+
if (hints_obj == nullptr) {
|
|
898
|
+
return 0;
|
|
899
|
+
}
|
|
900
|
+
|
|
901
|
+
CBS cbs, seq, server_random, key_share, signature_hint, ticket, ignore_psk,
|
|
902
|
+
cert_compression;
|
|
903
|
+
int has_server_random, has_key_share, has_signature_hint, has_ticket,
|
|
904
|
+
has_ignore_psk, has_cert_compression;
|
|
905
|
+
CBS_init(&cbs, hints, hints_len);
|
|
906
|
+
if (!CBS_get_asn1(&cbs, &seq, CBS_ASN1_SEQUENCE) ||
|
|
907
|
+
!CBS_get_optional_asn1(&seq, &server_random, &has_server_random,
|
|
908
|
+
kServerRandomTag) ||
|
|
909
|
+
!CBS_get_optional_asn1(&seq, &key_share, &has_key_share,
|
|
910
|
+
kKeyShareHintTag) ||
|
|
911
|
+
!CBS_get_optional_asn1(&seq, &signature_hint, &has_signature_hint,
|
|
912
|
+
kSignatureHintTag) ||
|
|
913
|
+
!CBS_get_optional_asn1(&seq, &ticket, &has_ticket, kDecryptedPSKTag) ||
|
|
914
|
+
!CBS_get_optional_asn1(&seq, &ignore_psk, &has_ignore_psk,
|
|
915
|
+
kIgnorePSKTag) ||
|
|
916
|
+
!CBS_get_optional_asn1(&seq, &cert_compression, &has_cert_compression,
|
|
917
|
+
kCompressCertificateTag)) {
|
|
918
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
|
|
919
|
+
return 0;
|
|
920
|
+
}
|
|
921
|
+
|
|
922
|
+
if (has_server_random && !hints_obj->server_random.CopyFrom(server_random)) {
|
|
923
|
+
return 0;
|
|
924
|
+
}
|
|
925
|
+
|
|
926
|
+
if (has_key_share) {
|
|
927
|
+
uint64_t group_id;
|
|
928
|
+
CBS public_key, secret;
|
|
929
|
+
if (!CBS_get_asn1_uint64(&key_share, &group_id) || //
|
|
930
|
+
group_id == 0 || group_id > 0xffff ||
|
|
931
|
+
!CBS_get_asn1(&key_share, &public_key, CBS_ASN1_OCTETSTRING) ||
|
|
932
|
+
!hints_obj->key_share_public_key.CopyFrom(public_key) ||
|
|
933
|
+
!CBS_get_asn1(&key_share, &secret, CBS_ASN1_OCTETSTRING) ||
|
|
934
|
+
!hints_obj->key_share_secret.CopyFrom(secret)) {
|
|
935
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
|
|
936
|
+
return 0;
|
|
937
|
+
}
|
|
938
|
+
hints_obj->key_share_group_id = static_cast<uint16_t>(group_id);
|
|
939
|
+
}
|
|
940
|
+
|
|
941
|
+
if (has_signature_hint) {
|
|
942
|
+
uint64_t sig_alg;
|
|
943
|
+
CBS input, spki, signature;
|
|
944
|
+
if (!CBS_get_asn1_uint64(&signature_hint, &sig_alg) || //
|
|
945
|
+
sig_alg == 0 || sig_alg > 0xffff ||
|
|
946
|
+
!CBS_get_asn1(&signature_hint, &input, CBS_ASN1_OCTETSTRING) ||
|
|
947
|
+
!hints_obj->signature_input.CopyFrom(input) ||
|
|
948
|
+
!CBS_get_asn1(&signature_hint, &spki, CBS_ASN1_OCTETSTRING) ||
|
|
949
|
+
!hints_obj->signature_spki.CopyFrom(spki) ||
|
|
950
|
+
!CBS_get_asn1(&signature_hint, &signature, CBS_ASN1_OCTETSTRING) ||
|
|
951
|
+
!hints_obj->signature.CopyFrom(signature)) {
|
|
952
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
|
|
953
|
+
return 0;
|
|
954
|
+
}
|
|
955
|
+
hints_obj->signature_algorithm = static_cast<uint16_t>(sig_alg);
|
|
956
|
+
}
|
|
957
|
+
|
|
958
|
+
if (has_ticket && !hints_obj->decrypted_psk.CopyFrom(ticket)) {
|
|
959
|
+
return 0;
|
|
960
|
+
}
|
|
961
|
+
|
|
962
|
+
if (has_ignore_psk) {
|
|
963
|
+
if (CBS_len(&ignore_psk) != 0) {
|
|
964
|
+
return 0;
|
|
965
|
+
}
|
|
966
|
+
hints_obj->ignore_psk = true;
|
|
967
|
+
}
|
|
968
|
+
|
|
969
|
+
if (has_cert_compression) {
|
|
970
|
+
uint64_t alg;
|
|
971
|
+
CBS input, output;
|
|
972
|
+
if (!CBS_get_asn1_uint64(&cert_compression, &alg) || //
|
|
973
|
+
alg == 0 || alg > 0xffff ||
|
|
974
|
+
!CBS_get_asn1(&cert_compression, &input, CBS_ASN1_OCTETSTRING) ||
|
|
975
|
+
!hints_obj->cert_compression_input.CopyFrom(input) ||
|
|
976
|
+
!CBS_get_asn1(&cert_compression, &output, CBS_ASN1_OCTETSTRING) ||
|
|
977
|
+
!hints_obj->cert_compression_output.CopyFrom(output)) {
|
|
978
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
|
|
979
|
+
return 0;
|
|
980
|
+
}
|
|
981
|
+
hints_obj->cert_compression_alg_id = static_cast<uint16_t>(alg);
|
|
982
|
+
}
|
|
983
|
+
|
|
984
|
+
ssl->s3->hs->hints = std::move(hints_obj);
|
|
985
|
+
return 1;
|
|
986
|
+
}
|
|
@@ -129,7 +129,6 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
|
|
|
129
129
|
ech_present(false),
|
|
130
130
|
ech_is_inner_present(false),
|
|
131
131
|
scts_requested(false),
|
|
132
|
-
needs_psk_binder(false),
|
|
133
132
|
handshake_finalized(false),
|
|
134
133
|
accept_psk_mode(false),
|
|
135
134
|
cert_request(false),
|
|
@@ -146,11 +145,19 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
|
|
|
146
145
|
ticket_expected(false),
|
|
147
146
|
extended_master_secret(false),
|
|
148
147
|
pending_private_key_op(false),
|
|
149
|
-
grease_seeded(false),
|
|
150
148
|
handback(false),
|
|
149
|
+
hints_requested(false),
|
|
151
150
|
cert_compression_negotiated(false),
|
|
152
|
-
apply_jdk11_workaround(false)
|
|
151
|
+
apply_jdk11_workaround(false),
|
|
152
|
+
can_release_private_key(false),
|
|
153
|
+
channel_id_negotiated(false) {
|
|
153
154
|
assert(ssl);
|
|
155
|
+
|
|
156
|
+
// Draw entropy for all GREASE values at once. This avoids calling
|
|
157
|
+
// |RAND_bytes| repeatedly and makes the values consistent within a
|
|
158
|
+
// connection. The latter is so the second ClientHello matches after
|
|
159
|
+
// HelloRetryRequest and so supported_groups and key_shares are consistent.
|
|
160
|
+
RAND_bytes(grease_seed, sizeof(grease_seed));
|
|
154
161
|
}
|
|
155
162
|
|
|
156
163
|
SSL_HANDSHAKE::~SSL_HANDSHAKE() {
|
|
@@ -164,6 +171,28 @@ void SSL_HANDSHAKE::ResizeSecrets(size_t hash_len) {
|
|
|
164
171
|
hash_len_ = hash_len;
|
|
165
172
|
}
|
|
166
173
|
|
|
174
|
+
bool SSL_HANDSHAKE::GetClientHello(SSLMessage *out_msg,
|
|
175
|
+
SSL_CLIENT_HELLO *out_client_hello) {
|
|
176
|
+
if (!ech_client_hello_buf.empty()) {
|
|
177
|
+
// If the backing buffer is non-empty, the ClientHelloInner has been set.
|
|
178
|
+
out_msg->is_v2_hello = false;
|
|
179
|
+
out_msg->type = SSL3_MT_CLIENT_HELLO;
|
|
180
|
+
out_msg->raw = CBS(ech_client_hello_buf);
|
|
181
|
+
out_msg->body = MakeConstSpan(ech_client_hello_buf).subspan(4);
|
|
182
|
+
} else if (!ssl->method->get_message(ssl, out_msg)) {
|
|
183
|
+
// The message has already been read, so this cannot fail.
|
|
184
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
185
|
+
return false;
|
|
186
|
+
}
|
|
187
|
+
|
|
188
|
+
if (!ssl_client_hello_init(ssl, out_client_hello, out_msg->body)) {
|
|
189
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
|
|
190
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
|
191
|
+
return false;
|
|
192
|
+
}
|
|
193
|
+
return true;
|
|
194
|
+
}
|
|
195
|
+
|
|
167
196
|
UniquePtr<SSL_HANDSHAKE> ssl_handshake_new(SSL *ssl) {
|
|
168
197
|
UniquePtr<SSL_HANDSHAKE> hs = MakeUnique<SSL_HANDSHAKE>(ssl);
|
|
169
198
|
if (!hs || !hs->transcript.Init()) {
|
|
@@ -410,17 +439,8 @@ enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs,
|
|
|
410
439
|
return ret;
|
|
411
440
|
}
|
|
412
441
|
|
|
413
|
-
uint16_t
|
|
414
|
-
|
|
415
|
-
// Draw entropy for all GREASE values at once. This avoids calling
|
|
416
|
-
// |RAND_bytes| repeatedly and makes the values consistent within a
|
|
417
|
-
// connection. The latter is so the second ClientHello matches after
|
|
418
|
-
// HelloRetryRequest and so supported_groups and key_shares are consistent.
|
|
419
|
-
if (!hs->grease_seeded) {
|
|
420
|
-
RAND_bytes(hs->grease_seed, sizeof(hs->grease_seed));
|
|
421
|
-
hs->grease_seeded = true;
|
|
422
|
-
}
|
|
423
|
-
|
|
442
|
+
static uint16_t grease_index_to_value(const SSL_HANDSHAKE *hs,
|
|
443
|
+
enum ssl_grease_index_t index) {
|
|
424
444
|
// This generates a random value of the form 0xωaωa, for all 0 ≤ ω < 16.
|
|
425
445
|
uint16_t ret = hs->grease_seed[index];
|
|
426
446
|
ret = (ret & 0xf0) | 0x0a;
|
|
@@ -428,6 +448,19 @@ uint16_t ssl_get_grease_value(SSL_HANDSHAKE *hs,
|
|
|
428
448
|
return ret;
|
|
429
449
|
}
|
|
430
450
|
|
|
451
|
+
uint16_t ssl_get_grease_value(const SSL_HANDSHAKE *hs,
|
|
452
|
+
enum ssl_grease_index_t index) {
|
|
453
|
+
uint16_t ret = grease_index_to_value(hs, index);
|
|
454
|
+
if (index == ssl_grease_extension2 &&
|
|
455
|
+
ret == grease_index_to_value(hs, ssl_grease_extension1)) {
|
|
456
|
+
// The two fake extensions must not have the same value. GREASE values are
|
|
457
|
+
// of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
|
|
458
|
+
// one.
|
|
459
|
+
ret ^= 0x1010;
|
|
460
|
+
}
|
|
461
|
+
return ret;
|
|
462
|
+
}
|
|
463
|
+
|
|
431
464
|
enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
432
465
|
SSL *const ssl = hs->ssl;
|
|
433
466
|
SSLMessage msg;
|
|
@@ -552,7 +585,11 @@ const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs) {
|
|
|
552
585
|
int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
553
586
|
SSL *const ssl = hs->ssl;
|
|
554
587
|
for (;;) {
|
|
555
|
-
// Resolve the operation the handshake was waiting on.
|
|
588
|
+
// Resolve the operation the handshake was waiting on. Each condition may
|
|
589
|
+
// halt the handshake by returning, or continue executing if the handshake
|
|
590
|
+
// may immediately proceed. Cases which halt the handshake can clear
|
|
591
|
+
// |hs->wait| to re-enter the state machine on the next iteration, or leave
|
|
592
|
+
// it set to keep the condition sticky.
|
|
556
593
|
switch (hs->wait) {
|
|
557
594
|
case ssl_hs_error:
|
|
558
595
|
ERR_restore_state(hs->error.get());
|
|
@@ -570,13 +607,13 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
|
570
607
|
case ssl_hs_read_message:
|
|
571
608
|
case ssl_hs_read_change_cipher_spec: {
|
|
572
609
|
if (ssl->quic_method) {
|
|
610
|
+
// QUIC has no ChangeCipherSpec messages.
|
|
611
|
+
assert(hs->wait != ssl_hs_read_change_cipher_spec);
|
|
612
|
+
// The caller should call |SSL_provide_quic_data|. Clear |hs->wait| so
|
|
613
|
+
// the handshake can check if there is sufficient data next iteration.
|
|
614
|
+
ssl->s3->rwstate = SSL_ERROR_WANT_READ;
|
|
573
615
|
hs->wait = ssl_hs_ok;
|
|
574
|
-
|
|
575
|
-
if (hs->wait != ssl_hs_read_change_cipher_spec) {
|
|
576
|
-
ssl->s3->rwstate = SSL_ERROR_WANT_READ;
|
|
577
|
-
return -1;
|
|
578
|
-
}
|
|
579
|
-
break;
|
|
616
|
+
return -1;
|
|
580
617
|
}
|
|
581
618
|
|
|
582
619
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
|
@@ -646,31 +683,26 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
|
646
683
|
return -1;
|
|
647
684
|
}
|
|
648
685
|
|
|
686
|
+
// The following cases are associated with callback APIs which expect to
|
|
687
|
+
// be called each time the state machine runs. Thus they set |hs->wait|
|
|
688
|
+
// to |ssl_hs_ok| so that, next time, we re-enter the state machine and
|
|
689
|
+
// call the callback again.
|
|
649
690
|
case ssl_hs_x509_lookup:
|
|
650
691
|
ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
|
|
651
692
|
hs->wait = ssl_hs_ok;
|
|
652
693
|
return -1;
|
|
653
|
-
|
|
654
|
-
case ssl_hs_channel_id_lookup:
|
|
655
|
-
ssl->s3->rwstate = SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
|
|
656
|
-
hs->wait = ssl_hs_ok;
|
|
657
|
-
return -1;
|
|
658
|
-
|
|
659
694
|
case ssl_hs_private_key_operation:
|
|
660
695
|
ssl->s3->rwstate = SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
|
|
661
696
|
hs->wait = ssl_hs_ok;
|
|
662
697
|
return -1;
|
|
663
|
-
|
|
664
698
|
case ssl_hs_pending_session:
|
|
665
699
|
ssl->s3->rwstate = SSL_ERROR_PENDING_SESSION;
|
|
666
700
|
hs->wait = ssl_hs_ok;
|
|
667
701
|
return -1;
|
|
668
|
-
|
|
669
702
|
case ssl_hs_pending_ticket:
|
|
670
703
|
ssl->s3->rwstate = SSL_ERROR_PENDING_TICKET;
|
|
671
704
|
hs->wait = ssl_hs_ok;
|
|
672
705
|
return -1;
|
|
673
|
-
|
|
674
706
|
case ssl_hs_certificate_verify:
|
|
675
707
|
ssl->s3->rwstate = SSL_ERROR_WANT_CERTIFICATE_VERIFY;
|
|
676
708
|
hs->wait = ssl_hs_ok;
|
|
@@ -687,6 +719,10 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
|
|
687
719
|
hs->wait = ssl_hs_ok;
|
|
688
720
|
return 1;
|
|
689
721
|
|
|
722
|
+
case ssl_hs_hints_ready:
|
|
723
|
+
ssl->s3->rwstate = SSL_ERROR_HANDSHAKE_HINTS_READY;
|
|
724
|
+
return -1;
|
|
725
|
+
|
|
690
726
|
case ssl_hs_ok:
|
|
691
727
|
break;
|
|
692
728
|
}
|