grpc 1.4.5 → 1.6.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +1235 -1100
- data/etc/roots.pem +0 -412
- data/include/grpc/byte_buffer.h +10 -25
- data/include/grpc/byte_buffer_reader.h +10 -25
- data/include/grpc/census.h +10 -25
- data/include/grpc/compression.h +10 -25
- data/include/grpc/grpc.h +15 -26
- data/include/grpc/grpc_cronet.h +10 -25
- data/include/grpc/grpc_posix.h +10 -25
- data/include/grpc/grpc_security.h +10 -25
- data/include/grpc/grpc_security_constants.h +10 -25
- data/include/grpc/impl/codegen/atm.h +11 -25
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +10 -25
- data/include/grpc/impl/codegen/atm_gcc_sync.h +10 -25
- data/include/grpc/impl/codegen/atm_windows.h +10 -25
- data/include/grpc/impl/codegen/byte_buffer_reader.h +11 -26
- data/include/grpc/impl/codegen/compression_types.h +12 -27
- data/include/grpc/impl/codegen/connectivity_state.h +10 -25
- data/include/grpc/impl/codegen/exec_ctx_fwd.h +10 -25
- data/include/grpc/impl/codegen/gpr_slice.h +10 -25
- data/include/grpc/impl/codegen/gpr_types.h +10 -25
- data/include/grpc/impl/codegen/grpc_types.h +42 -43
- data/include/grpc/impl/codegen/port_platform.h +10 -25
- data/include/grpc/impl/codegen/propagation_bits.h +10 -25
- data/include/grpc/impl/codegen/slice.h +13 -28
- data/include/grpc/impl/codegen/status.h +10 -25
- data/include/grpc/impl/codegen/sync.h +10 -25
- data/include/grpc/impl/codegen/sync_generic.h +10 -25
- data/include/grpc/impl/codegen/sync_posix.h +10 -25
- data/include/grpc/impl/codegen/sync_windows.h +10 -25
- data/include/grpc/load_reporting.h +10 -25
- data/include/grpc/slice.h +10 -25
- data/include/grpc/slice_buffer.h +10 -25
- data/include/grpc/status.h +10 -25
- data/include/grpc/support/alloc.h +10 -25
- data/include/grpc/support/atm.h +10 -25
- data/include/grpc/support/atm_gcc_atomic.h +10 -25
- data/include/grpc/support/atm_gcc_sync.h +10 -25
- data/include/grpc/support/atm_windows.h +10 -25
- data/include/grpc/support/avl.h +46 -49
- data/include/grpc/support/cmdline.h +10 -25
- data/include/grpc/support/cpu.h +10 -25
- data/include/grpc/support/histogram.h +10 -25
- data/include/grpc/support/host_port.h +10 -25
- data/include/grpc/support/log.h +10 -25
- data/include/grpc/support/log_windows.h +10 -25
- data/include/grpc/support/port_platform.h +10 -25
- data/include/grpc/support/string_util.h +10 -25
- data/include/grpc/support/subprocess.h +10 -25
- data/include/grpc/support/sync.h +10 -25
- data/include/grpc/support/sync_generic.h +10 -25
- data/include/grpc/support/sync_posix.h +10 -25
- data/include/grpc/support/sync_windows.h +10 -25
- data/include/grpc/support/thd.h +10 -25
- data/include/grpc/support/time.h +10 -25
- data/include/grpc/support/tls.h +10 -25
- data/include/grpc/support/tls_gcc.h +10 -25
- data/include/grpc/support/tls_msvc.h +10 -25
- data/include/grpc/support/tls_pthread.h +10 -25
- data/include/grpc/support/useful.h +10 -25
- data/include/grpc/support/workaround_list.h +11 -26
- data/src/boringssl/err_data.c +277 -259
- data/src/core/ext/census/aggregation.h +10 -25
- data/src/core/ext/census/base_resources.c +10 -25
- data/src/core/ext/census/base_resources.h +10 -25
- data/src/core/ext/census/census_interface.h +10 -25
- data/src/core/ext/census/census_rpc_stats.h +10 -25
- data/src/core/ext/census/context.c +10 -25
- data/src/core/ext/census/gen/census.pb.c +10 -25
- data/src/core/ext/census/gen/census.pb.h +10 -25
- data/src/core/ext/census/gen/trace_context.pb.c +10 -25
- data/src/core/ext/census/gen/trace_context.pb.h +10 -25
- data/src/core/ext/census/grpc_context.c +10 -25
- data/src/core/ext/census/grpc_filter.c +11 -26
- data/src/core/ext/census/grpc_filter.h +10 -25
- data/src/core/ext/census/grpc_plugin.c +10 -25
- data/src/core/ext/census/initialize.c +10 -25
- data/src/core/ext/census/intrusive_hash_map.c +10 -25
- data/src/core/ext/census/intrusive_hash_map.h +10 -25
- data/src/core/ext/census/intrusive_hash_map_internal.h +10 -25
- data/src/core/ext/census/mlog.c +10 -25
- data/src/core/ext/census/mlog.h +10 -25
- data/src/core/ext/census/operation.c +10 -25
- data/src/core/ext/census/placeholders.c +10 -25
- data/src/core/ext/census/resource.c +10 -25
- data/src/core/ext/census/resource.h +10 -25
- data/src/core/ext/census/rpc_metric_id.h +10 -25
- data/src/core/ext/census/trace_context.c +10 -25
- data/src/core/ext/census/trace_context.h +10 -25
- data/src/core/ext/census/trace_label.h +10 -25
- data/src/core/ext/census/trace_propagation.h +10 -25
- data/src/core/ext/census/trace_status.h +10 -25
- data/src/core/ext/census/trace_string.h +10 -25
- data/src/core/ext/census/tracing.c +10 -26
- data/src/core/ext/census/tracing.h +10 -25
- data/src/core/ext/filters/client_channel/channel_connectivity.c +20 -33
- data/src/core/ext/filters/client_channel/client_channel.c +617 -520
- data/src/core/ext/filters/client_channel/client_channel.h +15 -28
- data/src/core/ext/filters/client_channel/client_channel_factory.c +13 -31
- data/src/core/ext/filters/client_channel/client_channel_factory.h +10 -25
- data/src/core/ext/filters/client_channel/client_channel_plugin.c +16 -29
- data/src/core/ext/filters/client_channel/connector.c +10 -25
- data/src/core/ext/filters/client_channel/connector.h +10 -25
- data/src/core/ext/filters/client_channel/http_connect_handshaker.c +15 -30
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -25
- data/src/core/ext/filters/client_channel/http_proxy.c +112 -38
- data/src/core/ext/filters/client_channel/http_proxy.h +10 -25
- data/src/core/ext/filters/client_channel/lb_policy.c +32 -36
- data/src/core/ext/filters/client_channel/lb_policy.h +24 -27
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.c +14 -30
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +10 -25
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.c +464 -279
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +10 -25
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +15 -28
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.c +40 -48
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.c +65 -49
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +31 -31
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.c +47 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +11 -26
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +13 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +27 -21
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +373 -136
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +504 -279
- data/src/core/ext/filters/client_channel/lb_policy_factory.c +12 -31
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +12 -27
- data/src/core/ext/filters/client_channel/lb_policy_registry.c +10 -25
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +10 -25
- data/src/core/ext/filters/client_channel/parse_address.c +10 -25
- data/src/core/ext/filters/client_channel/parse_address.h +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper.c +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper.h +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.c +10 -25
- data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +10 -25
- data/src/core/ext/filters/client_channel/resolver.c +33 -38
- data/src/core/ext/filters/client_channel/resolver.h +19 -30
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.c +153 -50
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +14 -27
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.c +33 -30
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.c +326 -116
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +35 -36
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.c +60 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.c +19 -34
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.c +254 -0
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +60 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.c +16 -28
- data/src/core/ext/filters/client_channel/resolver_factory.c +10 -25
- data/src/core/ext/filters/client_channel/resolver_factory.h +10 -25
- data/src/core/ext/filters/client_channel/resolver_registry.c +10 -25
- data/src/core/ext/filters/client_channel/resolver_registry.h +10 -25
- data/src/core/ext/filters/client_channel/retry_throttle.c +23 -34
- data/src/core/ext/filters/client_channel/retry_throttle.h +10 -25
- data/src/core/ext/filters/client_channel/subchannel.c +33 -55
- data/src/core/ext/filters/client_channel/subchannel.h +16 -26
- data/src/core/ext/filters/client_channel/subchannel_index.c +55 -92
- data/src/core/ext/filters/client_channel/subchannel_index.h +26 -29
- data/src/core/ext/filters/client_channel/uri_parser.c +10 -25
- data/src/core/ext/filters/client_channel/uri_parser.h +10 -25
- data/src/core/ext/filters/deadline/deadline_filter.c +30 -45
- data/src/core/ext/filters/deadline/deadline_filter.h +10 -25
- data/src/core/ext/filters/http/client/http_client_filter.c +255 -294
- data/src/core/ext/filters/http/client/http_client_filter.h +10 -25
- data/src/core/ext/filters/http/http_filters_plugin.c +11 -26
- data/src/core/ext/filters/http/message_compress/message_compress_filter.c +133 -105
- data/src/core/ext/filters/http/message_compress/message_compress_filter.h +10 -25
- data/src/core/ext/filters/http/server/http_server_filter.c +17 -32
- data/src/core/ext/filters/http/server/http_server_filter.h +10 -25
- data/src/core/ext/filters/load_reporting/load_reporting.c +11 -30
- data/src/core/ext/filters/load_reporting/load_reporting.h +10 -25
- data/src/core/ext/filters/load_reporting/load_reporting_filter.c +11 -26
- data/src/core/ext/filters/load_reporting/load_reporting_filter.h +10 -25
- data/src/core/ext/filters/max_age/max_age_filter.c +28 -43
- data/src/core/ext/filters/max_age/max_age_filter.h +10 -25
- data/src/core/ext/filters/message_size/message_size_filter.c +24 -37
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -25
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.c +16 -31
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +10 -25
- data/src/core/ext/filters/workarounds/workaround_utils.c +12 -26
- data/src/core/ext/filters/workarounds/workaround_utils.h +11 -26
- data/src/core/ext/transport/chttp2/alpn/alpn.c +10 -25
- data/src/core/ext/transport/chttp2/alpn/alpn.h +10 -25
- data/src/core/ext/transport/chttp2/client/chttp2_connector.c +13 -28
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +10 -25
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +13 -30
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c +12 -29
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.c +13 -30
- data/src/core/ext/transport/chttp2/server/chttp2_server.c +11 -26
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +10 -25
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.c +10 -25
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.c +10 -25
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c +10 -25
- data/src/core/ext/transport/chttp2/transport/bin_decoder.c +11 -25
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +10 -25
- data/src/core/ext/transport/chttp2/transport/bin_encoder.c +10 -25
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +10 -25
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +15 -27
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +421 -443
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +14 -25
- data/src/core/ext/transport/chttp2/transport/flow_control.c +500 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_data.c +20 -28
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_goaway.c +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_ping.c +11 -26
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +11 -26
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_settings.c +16 -29
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +10 -25
- data/src/core/ext/transport/chttp2/transport/frame_window_update.c +17 -33
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +10 -25
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +18 -31
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +12 -25
- data/src/core/ext/transport/chttp2/transport/hpack_parser.c +15 -30
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -25
- data/src/core/ext/transport/chttp2/transport/hpack_table.c +10 -25
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +10 -25
- data/src/core/ext/transport/chttp2/transport/http2_settings.c +10 -25
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +10 -25
- data/src/core/ext/transport/chttp2/transport/huffsyms.c +10 -25
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +10 -25
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.c +10 -25
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +10 -25
- data/src/core/ext/transport/chttp2/transport/internal.h +191 -179
- data/src/core/ext/transport/chttp2/transport/parsing.c +33 -102
- data/src/core/ext/transport/chttp2/transport/stream_lists.c +26 -28
- data/src/core/ext/transport/chttp2/transport/stream_map.c +10 -25
- data/src/core/ext/transport/chttp2/transport/stream_map.h +10 -25
- data/src/core/ext/transport/chttp2/transport/varint.c +14 -25
- data/src/core/ext/transport/chttp2/transport/varint.h +10 -25
- data/src/core/ext/transport/chttp2/transport/writing.c +164 -106
- data/src/core/ext/transport/inproc/inproc_plugin.c +29 -0
- data/src/core/ext/transport/inproc/inproc_transport.c +1303 -0
- data/src/core/ext/transport/inproc/inproc_transport.h +41 -0
- data/src/core/lib/channel/channel_args.c +52 -27
- data/src/core/lib/channel/channel_args.h +18 -27
- data/src/core/lib/channel/channel_stack.c +11 -26
- data/src/core/lib/channel/channel_stack.h +12 -27
- data/src/core/lib/channel/channel_stack_builder.c +11 -26
- data/src/core/lib/channel/channel_stack_builder.h +10 -25
- data/src/core/lib/channel/connected_channel.c +10 -25
- data/src/core/lib/channel/connected_channel.h +10 -25
- data/src/core/lib/channel/context.h +10 -25
- data/src/core/lib/channel/handshaker.c +14 -29
- data/src/core/lib/channel/handshaker.h +10 -25
- data/src/core/lib/channel/handshaker_factory.c +10 -25
- data/src/core/lib/channel/handshaker_factory.h +10 -25
- data/src/core/lib/channel/handshaker_registry.c +10 -25
- data/src/core/lib/channel/handshaker_registry.h +10 -25
- data/src/core/lib/compression/algorithm_metadata.h +10 -25
- data/src/core/lib/compression/compression.c +10 -25
- data/src/core/lib/compression/message_compress.c +10 -25
- data/src/core/lib/compression/message_compress.h +10 -25
- data/src/core/lib/compression/stream_compression.c +191 -0
- data/src/core/lib/compression/stream_compression.h +90 -0
- data/src/core/lib/debug/trace.c +28 -29
- data/src/core/lib/debug/trace.h +16 -30
- data/src/core/lib/http/format_request.c +10 -25
- data/src/core/lib/http/format_request.h +10 -25
- data/src/core/lib/http/httpcli.c +19 -35
- data/src/core/lib/http/httpcli.h +10 -25
- data/src/core/lib/http/httpcli_security_connector.c +17 -30
- data/src/core/lib/http/parser.c +11 -26
- data/src/core/lib/http/parser.h +10 -25
- data/src/core/lib/iomgr/closure.c +62 -25
- data/src/core/lib/iomgr/closure.h +81 -26
- data/src/core/lib/iomgr/combiner.c +103 -200
- data/src/core/lib/iomgr/combiner.h +14 -32
- data/src/core/lib/iomgr/endpoint.c +10 -29
- data/src/core/lib/iomgr/endpoint.h +10 -29
- data/src/core/lib/iomgr/endpoint_pair.h +10 -25
- data/src/core/lib/iomgr/endpoint_pair_posix.c +10 -25
- data/src/core/lib/iomgr/endpoint_pair_uv.c +10 -25
- data/src/core/lib/iomgr/endpoint_pair_windows.c +10 -25
- data/src/core/lib/iomgr/error.c +45 -46
- data/src/core/lib/iomgr/error.h +21 -34
- data/src/core/lib/iomgr/error_internal.h +10 -25
- data/src/core/lib/iomgr/ev_epoll1_linux.c +279 -179
- data/src/core/lib/iomgr/ev_epoll1_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.c +75 -264
- data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.c +44 -199
- data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epollex_linux.c +184 -247
- data/src/core/lib/iomgr/ev_epollex_linux.h +10 -25
- data/src/core/lib/iomgr/ev_epollsig_linux.c +116 -323
- data/src/core/lib/iomgr/ev_epollsig_linux.h +10 -25
- data/src/core/lib/iomgr/ev_poll_posix.c +328 -184
- data/src/core/lib/iomgr/ev_poll_posix.h +10 -25
- data/src/core/lib/iomgr/ev_posix.c +25 -56
- data/src/core/lib/iomgr/ev_posix.h +15 -44
- data/src/core/lib/iomgr/ev_windows.c +11 -26
- data/src/core/lib/iomgr/exec_ctx.c +36 -45
- data/src/core/lib/iomgr/exec_ctx.h +10 -25
- data/src/core/lib/iomgr/executor.c +152 -127
- data/src/core/lib/iomgr/executor.h +18 -26
- data/src/core/lib/iomgr/gethostname.h +26 -0
- data/src/core/lib/iomgr/gethostname_fallback.c +27 -0
- data/src/core/lib/iomgr/gethostname_host_name_max.c +37 -0
- data/src/core/lib/iomgr/gethostname_sysconf.c +37 -0
- data/src/core/lib/iomgr/iocp_windows.c +10 -25
- data/src/core/lib/iomgr/iocp_windows.h +10 -25
- data/src/core/lib/iomgr/iomgr.c +17 -28
- data/src/core/lib/iomgr/iomgr.h +12 -27
- data/src/core/lib/iomgr/iomgr_internal.h +10 -25
- data/src/core/lib/iomgr/iomgr_posix.c +11 -26
- data/src/core/lib/iomgr/iomgr_posix.h +10 -25
- data/src/core/lib/iomgr/iomgr_uv.c +19 -26
- data/src/core/lib/iomgr/iomgr_uv.h +37 -0
- data/src/core/lib/iomgr/iomgr_windows.c +10 -25
- data/src/core/lib/iomgr/is_epollexclusive_available.c +10 -25
- data/src/core/lib/iomgr/is_epollexclusive_available.h +10 -25
- data/src/core/lib/iomgr/load_file.c +10 -25
- data/src/core/lib/iomgr/load_file.h +10 -25
- data/src/core/lib/iomgr/lockfree_event.c +22 -35
- data/src/core/lib/iomgr/lockfree_event.h +13 -27
- data/src/core/lib/iomgr/nameser.h +104 -0
- data/src/core/lib/iomgr/network_status_tracker.c +10 -25
- data/src/core/lib/iomgr/network_status_tracker.h +10 -25
- data/src/core/lib/iomgr/polling_entity.c +10 -25
- data/src/core/lib/iomgr/polling_entity.h +14 -34
- data/src/core/lib/iomgr/pollset.h +14 -25
- data/src/core/lib/iomgr/pollset_set.h +10 -25
- data/src/core/lib/iomgr/pollset_set_uv.c +10 -25
- data/src/core/lib/iomgr/pollset_set_windows.c +10 -25
- data/src/core/lib/iomgr/pollset_set_windows.h +10 -25
- data/src/core/lib/iomgr/pollset_uv.c +25 -26
- data/src/core/lib/iomgr/pollset_uv.h +10 -25
- data/src/core/lib/iomgr/pollset_windows.c +17 -27
- data/src/core/lib/iomgr/pollset_windows.h +10 -25
- data/src/core/lib/iomgr/port.h +24 -25
- data/src/core/lib/iomgr/resolve_address.h +10 -25
- data/src/core/lib/iomgr/resolve_address_posix.c +13 -28
- data/src/core/lib/iomgr/resolve_address_uv.c +31 -35
- data/src/core/lib/iomgr/resolve_address_windows.c +13 -28
- data/src/core/lib/iomgr/resource_quota.c +52 -67
- data/src/core/lib/iomgr/resource_quota.h +10 -25
- data/src/core/lib/iomgr/sockaddr.h +10 -25
- data/src/core/lib/iomgr/sockaddr_posix.h +10 -25
- data/src/core/lib/iomgr/sockaddr_utils.c +15 -25
- data/src/core/lib/iomgr/sockaddr_utils.h +12 -25
- data/src/core/lib/iomgr/sockaddr_windows.h +10 -25
- data/src/core/lib/iomgr/socket_factory_posix.c +13 -31
- data/src/core/lib/iomgr/socket_factory_posix.h +10 -25
- data/src/core/lib/iomgr/socket_mutator.c +14 -31
- data/src/core/lib/iomgr/socket_mutator.h +10 -25
- data/src/core/lib/iomgr/socket_utils.h +10 -25
- data/src/core/lib/iomgr/socket_utils_common_posix.c +10 -25
- data/src/core/lib/iomgr/socket_utils_linux.c +10 -25
- data/src/core/lib/iomgr/socket_utils_posix.c +10 -25
- data/src/core/lib/iomgr/socket_utils_posix.h +10 -25
- data/src/core/lib/iomgr/socket_utils_uv.c +10 -25
- data/src/core/lib/iomgr/socket_utils_windows.c +10 -25
- data/src/core/lib/iomgr/socket_windows.c +12 -27
- data/src/core/lib/iomgr/socket_windows.h +10 -25
- data/src/core/lib/iomgr/sys_epoll_wrapper.h +10 -25
- data/src/core/lib/iomgr/tcp_client.h +10 -25
- data/src/core/lib/iomgr/tcp_client_posix.c +21 -34
- data/src/core/lib/iomgr/tcp_client_posix.h +10 -25
- data/src/core/lib/iomgr/tcp_client_uv.c +18 -27
- data/src/core/lib/iomgr/tcp_client_windows.c +14 -29
- data/src/core/lib/iomgr/tcp_posix.c +36 -55
- data/src/core/lib/iomgr/tcp_posix.h +10 -25
- data/src/core/lib/iomgr/tcp_server.h +10 -25
- data/src/core/lib/iomgr/tcp_server_posix.c +16 -31
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +10 -25
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.c +11 -26
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.c +10 -25
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.c +10 -25
- data/src/core/lib/iomgr/tcp_server_uv.c +103 -64
- data/src/core/lib/iomgr/tcp_server_windows.c +14 -29
- data/src/core/lib/iomgr/tcp_uv.c +41 -45
- data/src/core/lib/iomgr/tcp_uv.h +10 -25
- data/src/core/lib/iomgr/tcp_windows.c +39 -53
- data/src/core/lib/iomgr/tcp_windows.h +10 -25
- data/src/core/lib/iomgr/time_averaged_stats.c +10 -25
- data/src/core/lib/iomgr/time_averaged_stats.h +10 -25
- data/src/core/lib/iomgr/timer.h +18 -27
- data/src/core/lib/iomgr/timer_generic.c +91 -87
- data/src/core/lib/iomgr/timer_generic.h +10 -25
- data/src/core/lib/iomgr/timer_heap.c +10 -25
- data/src/core/lib/iomgr/timer_heap.h +10 -25
- data/src/core/lib/iomgr/timer_manager.c +178 -100
- data/src/core/lib/iomgr/timer_manager.h +10 -25
- data/src/core/lib/iomgr/timer_uv.c +23 -33
- data/src/core/lib/iomgr/timer_uv.h +10 -25
- data/src/core/lib/iomgr/udp_server.c +17 -32
- data/src/core/lib/iomgr/udp_server.h +10 -25
- data/src/core/lib/iomgr/unix_sockets_posix.c +10 -25
- data/src/core/lib/iomgr/unix_sockets_posix.h +10 -25
- data/src/core/lib/iomgr/unix_sockets_posix_noop.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_cv.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_cv.h +13 -28
- data/src/core/lib/iomgr/wakeup_fd_eventfd.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_nospecial.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_pipe.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_pipe.h +10 -25
- data/src/core/lib/iomgr/wakeup_fd_posix.c +10 -25
- data/src/core/lib/iomgr/wakeup_fd_posix.h +10 -25
- data/src/core/lib/json/json.c +10 -25
- data/src/core/lib/json/json.h +10 -25
- data/src/core/lib/json/json_common.h +10 -25
- data/src/core/lib/json/json_reader.c +11 -25
- data/src/core/lib/json/json_reader.h +10 -25
- data/src/core/lib/json/json_string.c +10 -25
- data/src/core/lib/json/json_writer.c +10 -25
- data/src/core/lib/json/json_writer.h +10 -25
- data/src/core/lib/profiling/basic_timers.c +10 -25
- data/src/core/lib/profiling/stap_timers.c +10 -25
- data/src/core/lib/profiling/timers.h +10 -25
- data/src/core/lib/security/context/security_context.c +32 -40
- data/src/core/lib/security/context/security_context.h +15 -26
- data/src/core/lib/security/credentials/composite/composite_credentials.c +76 -81
- data/src/core/lib/security/credentials/composite/composite_credentials.h +10 -25
- data/src/core/lib/security/credentials/credentials.c +29 -49
- data/src/core/lib/security/credentials/credentials.h +48 -61
- data/src/core/lib/security/credentials/credentials_metadata.c +34 -78
- data/src/core/lib/security/credentials/fake/fake_credentials.c +33 -56
- data/src/core/lib/security/credentials/fake/fake_credentials.h +12 -27
- data/src/core/lib/security/credentials/google_default/credentials_generic.c +10 -25
- data/src/core/lib/security/credentials/google_default/google_default_credentials.c +12 -27
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +10 -25
- data/src/core/lib/security/credentials/iam/iam_credentials.c +40 -40
- data/src/core/lib/security/credentials/iam/iam_credentials.h +11 -26
- data/src/core/lib/security/credentials/jwt/json_token.c +10 -25
- data/src/core/lib/security/credentials/jwt/json_token.h +10 -25
- data/src/core/lib/security/credentials/jwt/jwt_credentials.c +45 -48
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -26
- data/src/core/lib/security/credentials/jwt/jwt_verifier.c +53 -33
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +10 -25
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +155 -87
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -28
- data/src/core/lib/security/credentials/plugin/plugin_credentials.c +118 -82
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +24 -27
- data/src/core/lib/security/credentials/ssl/ssl_credentials.c +13 -32
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -25
- data/src/core/lib/security/transport/auth_filters.h +10 -25
- data/src/core/lib/security/transport/client_auth_filter.c +217 -112
- data/src/core/lib/security/transport/lb_targets_info.c +16 -32
- data/src/core/lib/security/transport/lb_targets_info.h +10 -25
- data/src/core/lib/security/transport/secure_endpoint.c +29 -43
- data/src/core/lib/security/transport/secure_endpoint.h +10 -25
- data/src/core/lib/security/transport/security_connector.c +80 -61
- data/src/core/lib/security/transport/security_connector.h +35 -35
- data/src/core/lib/security/transport/security_handshaker.c +18 -33
- data/src/core/lib/security/transport/security_handshaker.h +10 -25
- data/src/core/lib/security/transport/server_auth_filter.c +62 -116
- data/src/core/lib/security/transport/tsi_error.c +10 -25
- data/src/core/lib/security/transport/tsi_error.h +10 -25
- data/src/core/lib/security/util/json_util.c +10 -25
- data/src/core/lib/security/util/json_util.h +10 -25
- data/src/core/lib/slice/b64.c +10 -25
- data/src/core/lib/slice/b64.h +10 -25
- data/src/core/lib/slice/percent_encoding.c +10 -25
- data/src/core/lib/slice/percent_encoding.h +10 -25
- data/src/core/lib/slice/slice.c +10 -25
- data/src/core/lib/slice/slice_buffer.c +10 -25
- data/src/core/lib/slice/slice_hash_table.c +48 -26
- data/src/core/lib/slice/slice_hash_table.h +26 -28
- data/src/core/lib/slice/slice_intern.c +10 -25
- data/src/core/lib/slice/slice_internal.h +10 -25
- data/src/core/lib/slice/slice_string_helpers.c +10 -25
- data/src/core/lib/slice/slice_string_helpers.h +10 -25
- data/src/core/lib/support/alloc.c +10 -25
- data/src/core/lib/support/arena.c +12 -27
- data/src/core/lib/support/arena.h +10 -25
- data/src/core/lib/support/atm.c +17 -32
- data/src/core/lib/support/atomic.h +10 -25
- data/src/core/lib/support/atomic_with_atm.h +10 -25
- data/src/core/lib/support/atomic_with_std.h +10 -25
- data/src/core/lib/support/avl.c +101 -101
- data/src/core/lib/support/backoff.c +10 -25
- data/src/core/lib/support/backoff.h +10 -25
- data/src/core/lib/support/block_annotate.h +10 -25
- data/src/core/lib/support/cmdline.c +10 -25
- data/src/core/lib/support/cpu_iphone.c +10 -25
- data/src/core/lib/support/cpu_linux.c +10 -25
- data/src/core/lib/support/cpu_posix.c +10 -25
- data/src/core/lib/support/cpu_windows.c +10 -25
- data/src/core/lib/support/env.h +16 -25
- data/src/core/lib/support/env_linux.c +30 -37
- data/src/core/lib/support/env_posix.c +15 -25
- data/src/core/lib/support/env_windows.c +15 -25
- data/src/core/lib/support/histogram.c +10 -25
- data/src/core/lib/support/host_port.c +10 -25
- data/src/core/lib/support/log.c +20 -29
- data/src/core/lib/support/log_android.c +10 -25
- data/src/core/lib/support/log_linux.c +13 -26
- data/src/core/lib/support/log_posix.c +10 -25
- data/src/core/lib/support/log_windows.c +10 -25
- data/src/core/lib/support/memory.h +10 -25
- data/src/core/lib/support/mpscq.c +11 -49
- data/src/core/lib/support/mpscq.h +11 -50
- data/src/core/lib/support/murmur_hash.c +12 -25
- data/src/core/lib/support/murmur_hash.h +10 -25
- data/src/core/lib/support/spinlock.h +10 -25
- data/src/core/lib/support/stack_lockfree.c +10 -25
- data/src/core/lib/support/stack_lockfree.h +10 -25
- data/src/core/lib/support/string.c +10 -25
- data/src/core/lib/support/string.h +10 -25
- data/src/core/lib/support/string_posix.c +10 -25
- data/src/core/lib/support/string_util_windows.c +10 -25
- data/src/core/lib/support/string_windows.c +10 -25
- data/src/core/lib/support/string_windows.h +10 -25
- data/src/core/lib/support/subprocess_posix.c +10 -25
- data/src/core/lib/support/subprocess_windows.c +10 -25
- data/src/core/lib/support/sync.c +10 -25
- data/src/core/lib/support/sync_posix.c +10 -25
- data/src/core/lib/support/sync_windows.c +10 -25
- data/src/core/lib/support/thd.c +10 -25
- data/src/core/lib/support/thd_internal.h +10 -25
- data/src/core/lib/support/thd_posix.c +10 -25
- data/src/core/lib/support/thd_windows.c +10 -25
- data/src/core/lib/support/time.c +10 -25
- data/src/core/lib/support/time_posix.c +10 -25
- data/src/core/lib/support/time_precise.c +18 -33
- data/src/core/lib/support/time_precise.h +10 -25
- data/src/core/lib/support/time_windows.c +10 -25
- data/src/core/lib/support/tls_pthread.c +10 -25
- data/src/core/lib/support/tmpfile.h +10 -25
- data/src/core/lib/support/tmpfile_msys.c +10 -25
- data/src/core/lib/support/tmpfile_posix.c +10 -25
- data/src/core/lib/support/tmpfile_windows.c +10 -25
- data/src/core/lib/support/wrap_memcpy.c +10 -25
- data/src/core/lib/surface/alarm.c +78 -35
- data/src/core/lib/surface/alarm_internal.h +40 -0
- data/src/core/lib/surface/api_trace.c +11 -26
- data/src/core/lib/surface/api_trace.h +10 -25
- data/src/core/lib/surface/byte_buffer.c +10 -25
- data/src/core/lib/surface/byte_buffer_reader.c +10 -25
- data/src/core/lib/surface/call.c +64 -84
- data/src/core/lib/surface/call.h +11 -26
- data/src/core/lib/surface/call_details.c +10 -25
- data/src/core/lib/surface/call_log_batch.c +10 -25
- data/src/core/lib/surface/call_test_only.h +10 -25
- data/src/core/lib/surface/channel.c +11 -26
- data/src/core/lib/surface/channel.h +11 -26
- data/src/core/lib/surface/channel_init.c +10 -25
- data/src/core/lib/surface/channel_init.h +10 -25
- data/src/core/lib/surface/channel_ping.c +12 -27
- data/src/core/lib/surface/channel_stack_type.c +10 -25
- data/src/core/lib/surface/channel_stack_type.h +10 -25
- data/src/core/lib/surface/completion_queue.c +442 -331
- data/src/core/lib/surface/completion_queue.h +16 -33
- data/src/core/lib/surface/completion_queue_factory.c +10 -25
- data/src/core/lib/surface/completion_queue_factory.h +10 -25
- data/src/core/lib/surface/event_string.c +10 -25
- data/src/core/lib/surface/event_string.h +10 -25
- data/src/core/lib/surface/init.c +38 -47
- data/src/core/lib/surface/init.h +10 -25
- data/src/core/lib/surface/init_secure.c +20 -27
- data/src/core/lib/surface/lame_client.cc +14 -29
- data/src/core/lib/surface/lame_client.h +10 -25
- data/src/core/lib/surface/metadata_array.c +10 -25
- data/src/core/lib/surface/server.c +128 -81
- data/src/core/lib/surface/server.h +10 -25
- data/src/core/lib/surface/validate_metadata.c +10 -25
- data/src/core/lib/surface/validate_metadata.h +10 -25
- data/src/core/lib/surface/version.c +11 -26
- data/src/core/lib/transport/bdp_estimator.c +19 -29
- data/src/core/lib/transport/bdp_estimator.h +16 -29
- data/src/core/lib/transport/byte_stream.c +127 -36
- data/src/core/lib/transport/byte_stream.h +88 -46
- data/src/core/lib/transport/connectivity_state.c +17 -31
- data/src/core/lib/transport/connectivity_state.h +10 -25
- data/src/core/lib/transport/error_utils.c +10 -25
- data/src/core/lib/transport/error_utils.h +10 -25
- data/src/core/lib/transport/http2_errors.h +10 -25
- data/src/core/lib/transport/metadata.c +87 -85
- data/src/core/lib/transport/metadata.h +15 -28
- data/src/core/lib/transport/metadata_batch.c +10 -25
- data/src/core/lib/transport/metadata_batch.h +10 -25
- data/src/core/lib/transport/pid_controller.c +10 -25
- data/src/core/lib/transport/pid_controller.h +10 -25
- data/src/core/lib/transport/service_config.c +11 -26
- data/src/core/lib/transport/service_config.h +10 -25
- data/src/core/lib/transport/static_metadata.c +12 -26
- data/src/core/lib/transport/static_metadata.h +10 -25
- data/src/core/lib/transport/status_conversion.c +10 -25
- data/src/core/lib/transport/status_conversion.h +10 -25
- data/src/core/lib/transport/timeout_encoding.c +10 -25
- data/src/core/lib/transport/timeout_encoding.h +10 -25
- data/src/core/lib/transport/transport.c +60 -53
- data/src/core/lib/transport/transport.h +36 -34
- data/src/core/lib/transport/transport_impl.h +10 -25
- data/src/core/lib/transport/transport_op_string.c +10 -28
- data/src/core/plugin_registry/grpc_plugin_registry.c +22 -25
- data/src/core/tsi/fake_transport_security.c +199 -94
- data/src/core/tsi/fake_transport_security.h +11 -26
- data/src/core/tsi/gts_transport_security.c +40 -0
- data/src/core/tsi/gts_transport_security.h +37 -0
- data/src/core/tsi/ssl_transport_security.c +13 -32
- data/src/core/tsi/ssl_transport_security.h +10 -25
- data/src/core/tsi/ssl_types.h +10 -25
- data/src/core/tsi/transport_security.c +48 -78
- data/src/core/tsi/transport_security.h +18 -27
- data/src/core/tsi/transport_security_adapter.c +17 -29
- data/src/core/tsi/transport_security_adapter.h +10 -25
- data/src/core/tsi/transport_security_grpc.c +64 -0
- data/src/core/tsi/transport_security_grpc.h +80 -0
- data/src/core/tsi/transport_security_interface.h +21 -27
- data/src/ruby/bin/apis/google/protobuf/empty.rb +10 -25
- data/src/ruby/bin/apis/pubsub_demo.rb +10 -25
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +10 -25
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +10 -25
- data/src/ruby/bin/math_client.rb +10 -25
- data/src/ruby/bin/math_server.rb +10 -25
- data/src/ruby/bin/math_services_pb.rb +10 -25
- data/src/ruby/bin/noproto_client.rb +10 -25
- data/src/ruby/bin/noproto_server.rb +10 -25
- data/src/ruby/ext/grpc/extconf.rb +10 -25
- data/src/ruby/ext/grpc/rb_byte_buffer.c +10 -25
- data/src/ruby/ext/grpc/rb_byte_buffer.h +10 -25
- data/src/ruby/ext/grpc/rb_call.c +44 -25
- data/src/ruby/ext/grpc/rb_call.h +10 -25
- data/src/ruby/ext/grpc/rb_call_credentials.c +10 -25
- data/src/ruby/ext/grpc/rb_call_credentials.h +10 -25
- data/src/ruby/ext/grpc/rb_channel.c +10 -25
- data/src/ruby/ext/grpc/rb_channel.h +10 -25
- data/src/ruby/ext/grpc/rb_channel_args.c +10 -25
- data/src/ruby/ext/grpc/rb_channel_args.h +10 -25
- data/src/ruby/ext/grpc/rb_channel_credentials.c +10 -25
- data/src/ruby/ext/grpc/rb_channel_credentials.h +10 -25
- data/src/ruby/ext/grpc/rb_completion_queue.c +10 -25
- data/src/ruby/ext/grpc/rb_completion_queue.h +10 -25
- data/src/ruby/ext/grpc/rb_compression_options.c +10 -25
- data/src/ruby/ext/grpc/rb_compression_options.h +10 -25
- data/src/ruby/ext/grpc/rb_event_thread.c +10 -25
- data/src/ruby/ext/grpc/rb_event_thread.h +10 -25
- data/src/ruby/ext/grpc/rb_grpc.c +10 -25
- data/src/ruby/ext/grpc/rb_grpc.h +10 -25
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +10 -25
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +16 -31
- data/src/ruby/ext/grpc/rb_loader.c +10 -25
- data/src/ruby/ext/grpc/rb_loader.h +10 -25
- data/src/ruby/ext/grpc/rb_server.c +10 -25
- data/src/ruby/ext/grpc/rb_server.h +10 -25
- data/src/ruby/ext/grpc/rb_server_credentials.c +10 -25
- data/src/ruby/ext/grpc/rb_server_credentials.h +10 -25
- data/src/ruby/lib/grpc.rb +10 -25
- data/src/ruby/lib/grpc/core/time_consts.rb +10 -25
- data/src/ruby/lib/grpc/errors.rb +16 -30
- data/src/ruby/lib/grpc/generic/active_call.rb +25 -27
- data/src/ruby/lib/grpc/generic/bidi_call.rb +17 -27
- data/src/ruby/lib/grpc/generic/client_stub.rb +10 -25
- data/src/ruby/lib/grpc/generic/rpc_desc.rb +10 -25
- data/src/ruby/lib/grpc/generic/rpc_server.rb +10 -25
- data/src/ruby/lib/grpc/generic/service.rb +10 -25
- data/src/ruby/lib/grpc/grpc.rb +10 -25
- data/src/ruby/lib/grpc/logconfig.rb +10 -25
- data/src/ruby/lib/grpc/notifier.rb +10 -25
- data/src/ruby/lib/grpc/version.rb +11 -26
- data/src/ruby/pb/generate_proto_ruby.sh +10 -25
- data/src/ruby/pb/grpc/health/checker.rb +10 -25
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +10 -25
- data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +10 -25
- data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +10 -25
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +10 -25
- data/src/ruby/pb/test/client.rb +10 -25
- data/src/ruby/pb/test/server.rb +10 -25
- data/src/ruby/spec/call_credentials_spec.rb +10 -25
- data/src/ruby/spec/call_spec.rb +43 -25
- data/src/ruby/spec/channel_connection_spec.rb +10 -25
- data/src/ruby/spec/channel_credentials_spec.rb +11 -26
- data/src/ruby/spec/channel_spec.rb +10 -25
- data/src/ruby/spec/client_auth_spec.rb +10 -25
- data/src/ruby/spec/client_server_spec.rb +66 -25
- data/src/ruby/spec/compression_options_spec.rb +10 -25
- data/src/ruby/spec/error_sanity_spec.rb +10 -25
- data/src/ruby/spec/generic/active_call_spec.rb +10 -25
- data/src/ruby/spec/generic/client_stub_spec.rb +146 -35
- data/src/ruby/spec/generic/rpc_desc_spec.rb +10 -25
- data/src/ruby/spec/generic/rpc_server_pool_spec.rb +10 -25
- data/src/ruby/spec/generic/rpc_server_spec.rb +124 -34
- data/src/ruby/spec/generic/service_spec.rb +10 -25
- data/src/ruby/spec/pb/duplicate/codegen_spec.rb +10 -25
- data/src/ruby/spec/pb/health/checker_spec.rb +10 -25
- data/src/ruby/spec/server_credentials_spec.rb +10 -25
- data/src/ruby/spec/server_spec.rb +10 -25
- data/src/ruby/spec/spec_helper.rb +10 -25
- data/src/ruby/spec/time_consts_spec.rb +10 -25
- data/third_party/boringssl/crypto/aes/key_wrap.c +138 -0
- data/third_party/boringssl/crypto/asn1/a_bitstr.c +6 -3
- data/third_party/boringssl/crypto/asn1/a_enum.c +4 -1
- data/third_party/boringssl/crypto/asn1/a_gentm.c +20 -15
- data/third_party/boringssl/crypto/asn1/a_int.c +7 -4
- data/third_party/boringssl/crypto/asn1/a_object.c +5 -2
- data/third_party/boringssl/crypto/asn1/a_time.c +0 -1
- data/third_party/boringssl/crypto/asn1/a_utctm.c +1 -2
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -2
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +35 -0
- data/third_party/boringssl/crypto/asn1/tasn_dec.c +3 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +6 -3
- data/third_party/boringssl/crypto/asn1/tasn_new.c +12 -7
- data/third_party/boringssl/crypto/asn1/tasn_utl.c +22 -8
- data/third_party/boringssl/crypto/{time_support.c → asn1/time_support.c} +1 -1
- data/third_party/boringssl/crypto/asn1/x_long.c +5 -2
- data/third_party/boringssl/crypto/base64/base64.c +7 -5
- data/third_party/boringssl/crypto/bio/bio.c +24 -10
- data/third_party/boringssl/crypto/bio/bio_mem.c +12 -10
- data/third_party/boringssl/crypto/bio/connect.c +7 -18
- data/third_party/boringssl/crypto/bio/fd.c +3 -6
- data/third_party/boringssl/crypto/bio/file.c +6 -6
- data/third_party/boringssl/crypto/bio/hexdump.c +4 -2
- data/third_party/boringssl/crypto/bio/pair.c +30 -344
- data/third_party/boringssl/crypto/bio/socket.c +6 -7
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -3
- data/third_party/boringssl/crypto/bn/add.c +1 -1
- data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +11 -10
- data/third_party/boringssl/crypto/bn/bn.c +6 -20
- data/third_party/boringssl/crypto/bn/cmp.c +14 -0
- data/third_party/boringssl/crypto/bn/convert.c +73 -2
- data/third_party/boringssl/crypto/bn/ctx.c +3 -1
- data/third_party/boringssl/crypto/bn/div.c +108 -51
- data/third_party/boringssl/crypto/bn/exponentiation.c +15 -33
- data/third_party/boringssl/crypto/bn/gcd.c +29 -22
- data/third_party/boringssl/crypto/bn/generic.c +71 -67
- data/third_party/boringssl/crypto/bn/internal.h +19 -6
- data/third_party/boringssl/crypto/bn/kronecker.c +1 -0
- data/third_party/boringssl/crypto/bn/montgomery.c +9 -10
- data/third_party/boringssl/crypto/bn/montgomery_inv.c +47 -0
- data/third_party/boringssl/crypto/bn/mul.c +11 -9
- data/third_party/boringssl/crypto/bn/random.c +6 -3
- data/third_party/boringssl/crypto/bn/rsaz_exp.c +0 -65
- data/third_party/boringssl/crypto/bn/rsaz_exp.h +0 -3
- data/third_party/boringssl/crypto/bn/shift.c +9 -1
- data/third_party/boringssl/crypto/bn/sqrt.c +3 -1
- data/third_party/boringssl/crypto/buf/buf.c +6 -4
- data/third_party/boringssl/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl/crypto/bytestring/ber.c +2 -1
- data/third_party/boringssl/crypto/bytestring/cbb.c +9 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +54 -2
- data/third_party/boringssl/crypto/chacha/chacha.c +1 -1
- data/third_party/boringssl/crypto/cipher/aead.c +3 -3
- data/third_party/boringssl/crypto/cipher/cipher.c +18 -13
- data/third_party/boringssl/crypto/cipher/e_aes.c +335 -281
- data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +113 -137
- data/third_party/boringssl/crypto/cipher/e_null.c +2 -1
- data/third_party/boringssl/crypto/cipher/e_rc2.c +54 -49
- data/third_party/boringssl/crypto/cipher/e_ssl3.c +4 -3
- data/third_party/boringssl/crypto/cipher/e_tls.c +5 -5
- data/third_party/boringssl/crypto/cipher/tls_cbc.c +41 -112
- data/third_party/boringssl/crypto/cmac/cmac.c +6 -4
- data/third_party/boringssl/crypto/conf/conf.c +6 -3
- data/third_party/boringssl/crypto/cpu-arm-linux.c +2 -2
- data/third_party/boringssl/crypto/curve25519/curve25519.c +28 -34
- data/third_party/boringssl/crypto/curve25519/spake25519.c +7 -6
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +2 -1
- data/third_party/boringssl/crypto/des/des.c +1 -1
- data/third_party/boringssl/crypto/des/internal.h +58 -46
- data/third_party/boringssl/crypto/dh/dh.c +4 -8
- data/third_party/boringssl/crypto/digest/digest.c +5 -2
- data/third_party/boringssl/crypto/digest/digests.c +70 -33
- data/third_party/boringssl/crypto/digest/md32_common.h +39 -27
- data/third_party/boringssl/crypto/dsa/dsa.c +11 -19
- data/third_party/boringssl/crypto/ec/ec.c +1 -1
- data/third_party/boringssl/crypto/ec/ec_asn1.c +3 -2
- data/third_party/boringssl/crypto/ec/ec_key.c +1 -1
- data/third_party/boringssl/crypto/ec/ec_montgomery.c +6 -11
- data/third_party/boringssl/crypto/ec/oct.c +2 -14
- data/third_party/boringssl/crypto/ec/p224-64.c +78 -122
- data/third_party/boringssl/crypto/ec/p256-64.c +93 -133
- data/third_party/boringssl/crypto/ec/p256-x86_64.c +48 -61
- data/third_party/boringssl/crypto/ec/p256-x86_64.h +113 -0
- data/third_party/boringssl/crypto/ec/simple.c +2 -1
- data/third_party/boringssl/crypto/ec/wnaf.c +52 -43
- data/third_party/boringssl/crypto/ecdh/ecdh.c +4 -2
- data/third_party/boringssl/crypto/ecdsa/ecdsa.c +17 -16
- data/third_party/boringssl/crypto/engine/engine.c +3 -1
- data/third_party/boringssl/crypto/err/err.c +5 -5
- data/third_party/boringssl/crypto/evp/evp.c +1 -1
- data/third_party/boringssl/crypto/evp/evp_asn1.c +1 -1
- data/third_party/boringssl/crypto/evp/evp_ctx.c +23 -29
- data/third_party/boringssl/crypto/evp/p_ec.c +2 -1
- data/third_party/boringssl/crypto/evp/p_rsa.c +9 -3
- data/third_party/boringssl/crypto/evp/pbkdf.c +3 -1
- data/third_party/boringssl/crypto/hkdf/hkdf.c +3 -1
- data/third_party/boringssl/crypto/hmac/hmac.c +4 -2
- data/third_party/boringssl/crypto/internal.h +81 -0
- data/third_party/boringssl/crypto/lhash/lhash.c +7 -13
- data/third_party/boringssl/crypto/md4/md4.c +20 -18
- data/third_party/boringssl/crypto/md5/md5.c +31 -21
- data/third_party/boringssl/crypto/mem.c +4 -10
- data/third_party/boringssl/crypto/modes/cbc.c +2 -6
- data/third_party/boringssl/crypto/modes/cfb.c +2 -2
- data/third_party/boringssl/crypto/modes/ctr.c +1 -1
- data/third_party/boringssl/crypto/modes/gcm.c +117 -334
- data/third_party/boringssl/crypto/modes/internal.h +107 -84
- data/third_party/boringssl/crypto/modes/ofb.c +3 -3
- data/third_party/boringssl/crypto/modes/polyval.c +94 -0
- data/third_party/boringssl/crypto/obj/obj.c +13 -8
- data/third_party/boringssl/crypto/obj/obj_dat.h +6109 -5187
- data/third_party/boringssl/crypto/obj/obj_xref.c +55 -57
- data/third_party/boringssl/crypto/pem/pem_lib.c +6 -3
- data/third_party/boringssl/crypto/pkcs8/internal.h +27 -8
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +137 -352
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +371 -364
- data/third_party/boringssl/crypto/poly1305/poly1305.c +12 -18
- data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +2 -2
- data/third_party/boringssl/crypto/{newhope/reduce.c → pool/internal.h} +24 -21
- data/third_party/boringssl/crypto/pool/pool.c +200 -0
- data/third_party/boringssl/crypto/rand/deterministic.c +6 -5
- data/third_party/boringssl/crypto/rand/fuchsia.c +43 -0
- data/third_party/boringssl/crypto/rand/rand.c +7 -7
- data/third_party/boringssl/crypto/rand/urandom.c +136 -22
- data/third_party/boringssl/crypto/rand/windows.c +2 -2
- data/third_party/boringssl/crypto/rsa/blinding.c +2 -1
- data/third_party/boringssl/crypto/rsa/padding.c +11 -11
- data/third_party/boringssl/crypto/rsa/rsa.c +4 -4
- data/third_party/boringssl/crypto/rsa/rsa_asn1.c +7 -1
- data/third_party/boringssl/crypto/rsa/rsa_impl.c +41 -80
- data/third_party/boringssl/crypto/sha/sha1-altivec.c +346 -0
- data/third_party/boringssl/crypto/sha/sha1.c +60 -42
- data/third_party/boringssl/crypto/sha/sha256.c +4 -2
- data/third_party/boringssl/crypto/sha/sha512.c +9 -7
- data/third_party/boringssl/crypto/stack/stack.c +10 -7
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +2 -2
- data/third_party/boringssl/crypto/x509/a_verify.c +1 -1
- data/third_party/boringssl/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +1 -1
- data/third_party/boringssl/crypto/x509/t_x509.c +78 -38
- data/third_party/boringssl/crypto/x509/x509_cmp.c +8 -5
- data/third_party/boringssl/crypto/x509/x509_lu.c +6 -1
- data/third_party/boringssl/crypto/x509/x509_obj.c +4 -1
- data/third_party/boringssl/crypto/x509/x509_vfy.c +42 -8
- data/third_party/boringssl/crypto/x509/x509_vpm.c +8 -6
- data/third_party/boringssl/crypto/x509/x509name.c +4 -1
- data/third_party/boringssl/crypto/x509/x_crl.c +4 -2
- data/third_party/boringssl/crypto/x509/x_name.c +23 -13
- data/third_party/boringssl/crypto/x509/x_pkey.c +4 -1
- data/third_party/boringssl/crypto/x509/x_x509.c +42 -3
- data/third_party/boringssl/crypto/x509v3/pcy_int.h +2 -2
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +1 -1
- data/third_party/boringssl/crypto/x509v3/v3_ia5.c +4 -1
- data/third_party/boringssl/crypto/x509v3/v3_ncons.c +4 -1
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +6 -3
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +13 -21
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +19 -33
- data/third_party/boringssl/include/openssl/aead.h +9 -20
- data/third_party/boringssl/include/openssl/aes.h +21 -9
- data/third_party/boringssl/include/openssl/asn1.h +9 -1
- data/third_party/boringssl/include/openssl/base.h +33 -6
- data/third_party/boringssl/include/openssl/bio.h +10 -103
- data/third_party/boringssl/include/openssl/bn.h +58 -42
- data/third_party/boringssl/include/openssl/bytestring.h +17 -0
- data/third_party/boringssl/include/openssl/cipher.h +4 -3
- data/third_party/boringssl/include/openssl/conf.h +4 -1
- data/third_party/boringssl/include/openssl/curve25519.h +13 -0
- data/third_party/boringssl/include/openssl/digest.h +5 -3
- data/third_party/boringssl/include/openssl/dsa.h +5 -5
- data/third_party/boringssl/include/openssl/ec.h +2 -2
- data/third_party/boringssl/include/openssl/ecdh.h +3 -4
- data/third_party/boringssl/include/openssl/ecdsa.h +10 -10
- data/third_party/boringssl/include/openssl/err.h +5 -5
- data/third_party/boringssl/include/openssl/evp.h +11 -7
- data/third_party/boringssl/include/openssl/lhash.h +2 -3
- data/third_party/boringssl/include/openssl/lhash_macros.h +56 -14
- data/third_party/boringssl/include/openssl/nid.h +2949 -2916
- data/third_party/boringssl/include/openssl/obj.h +1 -1
- data/third_party/boringssl/include/openssl/pkcs8.h +21 -42
- data/third_party/boringssl/include/openssl/pool.h +87 -0
- data/third_party/boringssl/include/openssl/rand.h +1 -1
- data/third_party/boringssl/include/openssl/rsa.h +4 -2
- data/third_party/boringssl/include/openssl/sha.h +0 -4
- data/third_party/boringssl/include/openssl/ssl.h +327 -662
- data/third_party/boringssl/include/openssl/ssl3.h +1 -21
- data/third_party/boringssl/include/openssl/stack.h +1 -0
- data/third_party/boringssl/include/openssl/stack_macros.h +85 -0
- data/third_party/boringssl/include/openssl/tls1.h +23 -52
- data/third_party/boringssl/include/openssl/type_check.h +4 -0
- data/third_party/boringssl/include/openssl/x509.h +10 -59
- data/third_party/boringssl/include/openssl/x509_vfy.h +7 -1
- data/third_party/boringssl/include/openssl/x509v3.h +4 -4
- data/third_party/boringssl/ssl/bio_ssl.c +175 -0
- data/third_party/boringssl/ssl/custom_extensions.c +24 -21
- data/third_party/boringssl/ssl/d1_both.c +259 -289
- data/third_party/boringssl/ssl/d1_lib.c +8 -20
- data/third_party/boringssl/ssl/d1_pkt.c +6 -15
- data/third_party/boringssl/ssl/dtls_method.c +22 -8
- data/third_party/boringssl/ssl/dtls_record.c +27 -2
- data/third_party/boringssl/ssl/handshake_client.c +460 -579
- data/third_party/boringssl/ssl/handshake_server.c +662 -644
- data/third_party/boringssl/ssl/internal.h +1009 -375
- data/third_party/boringssl/ssl/s3_both.c +312 -162
- data/third_party/boringssl/ssl/s3_lib.c +12 -128
- data/third_party/boringssl/ssl/s3_pkt.c +22 -30
- data/third_party/boringssl/ssl/ssl_aead_ctx.c +28 -22
- data/third_party/boringssl/ssl/ssl_asn1.c +210 -114
- data/third_party/boringssl/ssl/ssl_buffer.c +2 -1
- data/third_party/boringssl/ssl/ssl_cert.c +417 -219
- data/third_party/boringssl/ssl/ssl_cipher.c +191 -393
- data/third_party/boringssl/ssl/ssl_ecdh.c +19 -164
- data/third_party/boringssl/ssl/ssl_file.c +0 -11
- data/third_party/boringssl/ssl/ssl_lib.c +325 -652
- data/third_party/boringssl/ssl/{ssl_rsa.c → ssl_privkey.c} +21 -131
- data/third_party/boringssl/ssl/ssl_privkey_cc.cc +76 -0
- data/third_party/boringssl/ssl/ssl_session.c +206 -95
- data/third_party/boringssl/ssl/ssl_stat.c +18 -84
- data/third_party/boringssl/ssl/{s3_enc.c → ssl_transcript.c} +150 -157
- data/third_party/boringssl/ssl/ssl_x509.c +815 -0
- data/third_party/boringssl/ssl/t1_enc.c +188 -174
- data/third_party/boringssl/ssl/t1_lib.c +1064 -764
- data/third_party/boringssl/ssl/tls13_both.c +290 -96
- data/third_party/boringssl/ssl/tls13_client.c +344 -314
- data/third_party/boringssl/ssl/tls13_enc.c +239 -200
- data/third_party/boringssl/ssl/tls13_server.c +374 -366
- data/third_party/boringssl/ssl/tls_method.c +40 -5
- data/third_party/boringssl/ssl/tls_record.c +166 -71
- metadata +39 -25
- data/src/core/lib/iomgr/workqueue.h +0 -87
- data/src/core/lib/iomgr/workqueue_uv.c +0 -65
- data/src/core/lib/iomgr/workqueue_uv.h +0 -37
- data/src/core/lib/iomgr/workqueue_windows.c +0 -63
- data/src/core/lib/iomgr/workqueue_windows.h +0 -37
- data/third_party/boringssl/crypto/bio/buffer.c +0 -496
- data/third_party/boringssl/crypto/newhope/error_correction.c +0 -131
- data/third_party/boringssl/crypto/newhope/internal.h +0 -71
- data/third_party/boringssl/crypto/newhope/newhope.c +0 -174
- data/third_party/boringssl/crypto/newhope/ntt.c +0 -148
- data/third_party/boringssl/crypto/newhope/poly.c +0 -183
- data/third_party/boringssl/crypto/newhope/precomp.c +0 -306
- data/third_party/boringssl/crypto/obj/obj_xref.h +0 -96
- data/third_party/boringssl/crypto/pkcs8/p5_pbe.c +0 -151
- data/third_party/boringssl/include/openssl/newhope.h +0 -158
- data/third_party/boringssl/include/openssl/time_support.h +0 -91
@@ -15,6 +15,7 @@
|
|
15
15
|
#include <openssl/ssl.h>
|
16
16
|
|
17
17
|
#include <assert.h>
|
18
|
+
#include <limits.h>
|
18
19
|
#include <string.h>
|
19
20
|
|
20
21
|
#include <openssl/bytestring.h>
|
@@ -24,104 +25,137 @@
|
|
24
25
|
#include <openssl/stack.h>
|
25
26
|
#include <openssl/x509.h>
|
26
27
|
|
28
|
+
#include "../crypto/internal.h"
|
27
29
|
#include "internal.h"
|
28
30
|
|
29
31
|
|
30
32
|
enum client_hs_state_t {
|
31
33
|
state_process_hello_retry_request = 0,
|
32
34
|
state_send_second_client_hello,
|
33
|
-
state_flush_second_client_hello,
|
34
35
|
state_process_server_hello,
|
35
36
|
state_process_encrypted_extensions,
|
36
37
|
state_process_certificate_request,
|
37
38
|
state_process_server_certificate,
|
38
39
|
state_process_server_certificate_verify,
|
39
40
|
state_process_server_finished,
|
40
|
-
state_certificate_callback,
|
41
41
|
state_send_client_certificate,
|
42
42
|
state_send_client_certificate_verify,
|
43
43
|
state_complete_client_certificate_verify,
|
44
|
-
|
45
|
-
state_flush,
|
44
|
+
state_complete_second_flight,
|
46
45
|
state_done,
|
47
46
|
};
|
48
47
|
|
49
|
-
static
|
50
|
-
|
48
|
+
static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
|
49
|
+
|
50
|
+
static enum ssl_hs_wait_t do_process_hello_retry_request(SSL_HANDSHAKE *hs) {
|
51
|
+
SSL *const ssl = hs->ssl;
|
51
52
|
if (ssl->s3->tmp.message_type != SSL3_MT_HELLO_RETRY_REQUEST) {
|
52
|
-
hs->
|
53
|
+
hs->tls13_state = state_process_server_hello;
|
53
54
|
return ssl_hs_ok;
|
54
55
|
}
|
55
56
|
|
56
57
|
CBS cbs, extensions;
|
57
|
-
uint16_t server_wire_version
|
58
|
+
uint16_t server_wire_version;
|
58
59
|
CBS_init(&cbs, ssl->init_msg, ssl->init_num);
|
59
60
|
if (!CBS_get_u16(&cbs, &server_wire_version) ||
|
60
|
-
!CBS_get_u16(&cbs, &cipher_suite) ||
|
61
|
-
!CBS_get_u16(&cbs, &group_id) ||
|
62
|
-
/* We do not currently parse any HelloRetryRequest extensions. */
|
63
61
|
!CBS_get_u16_length_prefixed(&cbs, &extensions) ||
|
62
|
+
/* HelloRetryRequest may not be empty. */
|
63
|
+
CBS_len(&extensions) == 0 ||
|
64
64
|
CBS_len(&cbs) != 0) {
|
65
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
65
66
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
66
67
|
return ssl_hs_error;
|
67
68
|
}
|
68
69
|
|
69
|
-
|
70
|
+
int have_cookie, have_key_share;
|
71
|
+
CBS cookie, key_share;
|
72
|
+
const SSL_EXTENSION_TYPE ext_types[] = {
|
73
|
+
{TLSEXT_TYPE_key_share, &have_key_share, &key_share},
|
74
|
+
{TLSEXT_TYPE_cookie, &have_cookie, &cookie},
|
75
|
+
};
|
70
76
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
77
|
+
uint8_t alert = SSL_AD_DECODE_ERROR;
|
78
|
+
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
79
|
+
OPENSSL_ARRAY_SIZE(ext_types),
|
80
|
+
0 /* reject unknown */)) {
|
81
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
82
|
+
return ssl_hs_error;
|
83
|
+
}
|
84
|
+
|
85
|
+
if (have_cookie) {
|
86
|
+
CBS cookie_value;
|
87
|
+
if (!CBS_get_u16_length_prefixed(&cookie, &cookie_value) ||
|
88
|
+
CBS_len(&cookie_value) == 0 ||
|
89
|
+
CBS_len(&cookie) != 0) {
|
90
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
91
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
92
|
+
return ssl_hs_error;
|
93
|
+
}
|
94
|
+
|
95
|
+
if (!CBS_stow(&cookie_value, &hs->cookie, &hs->cookie_len)) {
|
96
|
+
return ssl_hs_error;
|
79
97
|
}
|
80
98
|
}
|
81
99
|
|
82
|
-
if (
|
83
|
-
|
84
|
-
|
85
|
-
|
100
|
+
if (have_key_share) {
|
101
|
+
uint16_t group_id;
|
102
|
+
if (!CBS_get_u16(&key_share, &group_id) || CBS_len(&key_share) != 0) {
|
103
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
104
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
105
|
+
return ssl_hs_error;
|
106
|
+
}
|
107
|
+
|
108
|
+
/* The group must be supported. */
|
109
|
+
const uint16_t *groups;
|
110
|
+
size_t groups_len;
|
111
|
+
tls1_get_grouplist(ssl, &groups, &groups_len);
|
112
|
+
int found = 0;
|
113
|
+
for (size_t i = 0; i < groups_len; i++) {
|
114
|
+
if (groups[i] == group_id) {
|
115
|
+
found = 1;
|
116
|
+
break;
|
117
|
+
}
|
118
|
+
}
|
119
|
+
|
120
|
+
if (!found) {
|
121
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
122
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
123
|
+
return ssl_hs_error;
|
124
|
+
}
|
125
|
+
|
126
|
+
/* Check that the HelloRetryRequest does not request the key share that
|
127
|
+
* was provided in the initial ClientHello. */
|
128
|
+
if (SSL_ECDH_CTX_get_id(&hs->ecdh_ctx) == group_id) {
|
129
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
130
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
131
|
+
return ssl_hs_error;
|
132
|
+
}
|
133
|
+
|
134
|
+
SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
|
135
|
+
hs->retry_group = group_id;
|
86
136
|
}
|
87
137
|
|
88
|
-
|
89
|
-
* provided in the initial ClientHello. */
|
90
|
-
if (SSL_ECDH_CTX_get_id(&ssl->s3->hs->ecdh_ctx) == group_id) {
|
91
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
92
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
|
138
|
+
if (!ssl_hash_current_message(hs)) {
|
93
139
|
return ssl_hs_error;
|
94
140
|
}
|
95
141
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
hs->state = state_send_second_client_hello;
|
142
|
+
hs->received_hello_retry_request = 1;
|
143
|
+
hs->tls13_state = state_send_second_client_hello;
|
100
144
|
return ssl_hs_ok;
|
101
145
|
}
|
102
146
|
|
103
|
-
static enum ssl_hs_wait_t do_send_second_client_hello(
|
104
|
-
|
105
|
-
CBB cbb, body;
|
106
|
-
if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CLIENT_HELLO) ||
|
107
|
-
!ssl_add_client_hello_body(ssl, &body) ||
|
108
|
-
!ssl->method->finish_message(ssl, &cbb)) {
|
109
|
-
CBB_cleanup(&cbb);
|
147
|
+
static enum ssl_hs_wait_t do_send_second_client_hello(SSL_HANDSHAKE *hs) {
|
148
|
+
if (!ssl_write_client_hello(hs)) {
|
110
149
|
return ssl_hs_error;
|
111
150
|
}
|
112
151
|
|
113
|
-
hs->
|
114
|
-
return ssl_hs_write_message;
|
115
|
-
}
|
116
|
-
|
117
|
-
static enum ssl_hs_wait_t do_flush_second_client_hello(SSL *ssl,
|
118
|
-
SSL_HANDSHAKE *hs) {
|
119
|
-
hs->state = state_process_server_hello;
|
152
|
+
hs->tls13_state = state_process_server_hello;
|
120
153
|
return ssl_hs_flush_and_read_message;
|
121
154
|
}
|
122
155
|
|
123
|
-
static enum ssl_hs_wait_t do_process_server_hello(
|
124
|
-
|
156
|
+
static enum ssl_hs_wait_t do_process_server_hello(SSL_HANDSHAKE *hs) {
|
157
|
+
SSL *const ssl = hs->ssl;
|
158
|
+
if (!ssl_check_message_type(ssl, SSL3_MT_SERVER_HELLO)) {
|
125
159
|
return ssl_hs_error;
|
126
160
|
}
|
127
161
|
|
@@ -145,49 +179,43 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
|
|
145
179
|
return ssl_hs_error;
|
146
180
|
}
|
147
181
|
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
while (CBS_len(&extensions) != 0) {
|
152
|
-
uint16_t type;
|
153
|
-
CBS extension;
|
154
|
-
if (!CBS_get_u16(&extensions, &type) ||
|
155
|
-
!CBS_get_u16_length_prefixed(&extensions, &extension)) {
|
156
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
157
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
158
|
-
return ssl_hs_error;
|
159
|
-
}
|
182
|
+
assert(ssl->s3->have_version);
|
183
|
+
OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
|
184
|
+
SSL3_RANDOM_SIZE);
|
160
185
|
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
return ssl_hs_error;
|
167
|
-
}
|
168
|
-
key_share = extension;
|
169
|
-
have_key_share = 1;
|
170
|
-
break;
|
171
|
-
case TLSEXT_TYPE_pre_shared_key:
|
172
|
-
if (have_pre_shared_key) {
|
173
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_EXTENSION);
|
174
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
175
|
-
return ssl_hs_error;
|
176
|
-
}
|
177
|
-
pre_shared_key = extension;
|
178
|
-
have_pre_shared_key = 1;
|
179
|
-
break;
|
180
|
-
default:
|
181
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
182
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
183
|
-
return ssl_hs_error;
|
184
|
-
}
|
186
|
+
const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
|
187
|
+
if (cipher == NULL) {
|
188
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
|
189
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
190
|
+
return ssl_hs_error;
|
185
191
|
}
|
186
192
|
|
187
|
-
|
188
|
-
|
193
|
+
/* Check if the cipher is a TLS 1.3 cipher. */
|
194
|
+
if (SSL_CIPHER_get_min_version(cipher) > ssl3_protocol_version(ssl) ||
|
195
|
+
SSL_CIPHER_get_max_version(cipher) < ssl3_protocol_version(ssl)) {
|
196
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
|
197
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
198
|
+
return ssl_hs_error;
|
199
|
+
}
|
200
|
+
|
201
|
+
/* Parse out the extensions. */
|
202
|
+
int have_key_share = 0, have_pre_shared_key = 0, have_short_header = 0;
|
203
|
+
CBS key_share, pre_shared_key, short_header;
|
204
|
+
const SSL_EXTENSION_TYPE ext_types[] = {
|
205
|
+
{TLSEXT_TYPE_key_share, &have_key_share, &key_share},
|
206
|
+
{TLSEXT_TYPE_pre_shared_key, &have_pre_shared_key, &pre_shared_key},
|
207
|
+
{TLSEXT_TYPE_short_header, &have_short_header, &short_header},
|
208
|
+
};
|
189
209
|
|
190
210
|
uint8_t alert = SSL_AD_DECODE_ERROR;
|
211
|
+
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
212
|
+
OPENSSL_ARRAY_SIZE(ext_types),
|
213
|
+
0 /* reject unknown */)) {
|
214
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
215
|
+
return ssl_hs_error;
|
216
|
+
}
|
217
|
+
|
218
|
+
alert = SSL_AD_DECODE_ERROR;
|
191
219
|
if (have_pre_shared_key) {
|
192
220
|
if (ssl->session == NULL) {
|
193
221
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
@@ -195,7 +223,7 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
|
|
195
223
|
return ssl_hs_error;
|
196
224
|
}
|
197
225
|
|
198
|
-
if (!ssl_ext_pre_shared_key_parse_serverhello(
|
226
|
+
if (!ssl_ext_pre_shared_key_parse_serverhello(hs, &alert,
|
199
227
|
&pre_shared_key)) {
|
200
228
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
201
229
|
return ssl_hs_error;
|
@@ -207,6 +235,12 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
|
|
207
235
|
return ssl_hs_error;
|
208
236
|
}
|
209
237
|
|
238
|
+
if (ssl->session->cipher->algorithm_prf != cipher->algorithm_prf) {
|
239
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_PRF_HASH_MISMATCH);
|
240
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
241
|
+
return ssl_hs_error;
|
242
|
+
}
|
243
|
+
|
210
244
|
if (!ssl_session_is_context_valid(ssl, ssl->session)) {
|
211
245
|
/* This is actually a client application bug. */
|
212
246
|
OPENSSL_PUT_ERROR(SSL,
|
@@ -217,142 +251,112 @@ static enum ssl_hs_wait_t do_process_server_hello(SSL *ssl, SSL_HANDSHAKE *hs) {
|
|
217
251
|
|
218
252
|
ssl->s3->session_reused = 1;
|
219
253
|
/* Only authentication information carries over in TLS 1.3. */
|
220
|
-
|
221
|
-
|
222
|
-
if (ssl->s3->new_session == NULL) {
|
254
|
+
hs->new_session = SSL_SESSION_dup(ssl->session, SSL_SESSION_DUP_AUTH_ONLY);
|
255
|
+
if (hs->new_session == NULL) {
|
223
256
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
224
257
|
return ssl_hs_error;
|
225
258
|
}
|
226
259
|
ssl_set_session(ssl, NULL);
|
227
|
-
} else {
|
228
|
-
if (!ssl_get_new_session(ssl, 0)) {
|
229
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
230
|
-
return ssl_hs_error;
|
231
|
-
}
|
232
|
-
}
|
233
260
|
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
261
|
+
/* Resumption incorporates fresh key material, so refresh the timeout. */
|
262
|
+
ssl_session_renew_timeout(ssl, hs->new_session,
|
263
|
+
ssl->initial_ctx->session_psk_dhe_timeout);
|
264
|
+
} else if (!ssl_get_new_session(hs, 0)) {
|
265
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
238
266
|
return ssl_hs_error;
|
239
267
|
}
|
240
268
|
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL,
|
250
|
-
return ssl_hs_error;
|
251
|
-
}
|
252
|
-
} else {
|
253
|
-
uint16_t resumption_cipher;
|
254
|
-
if (!ssl_cipher_get_ecdhe_psk_cipher(ssl->s3->new_session->cipher,
|
255
|
-
&resumption_cipher) ||
|
256
|
-
resumption_cipher != ssl_cipher_get_value(cipher)) {
|
257
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
|
258
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
269
|
+
hs->new_session->cipher = cipher;
|
270
|
+
hs->new_cipher = cipher;
|
271
|
+
|
272
|
+
/* Store the initial negotiated ALPN in the session. */
|
273
|
+
if (ssl->s3->alpn_selected != NULL) {
|
274
|
+
hs->new_session->early_alpn =
|
275
|
+
BUF_memdup(ssl->s3->alpn_selected, ssl->s3->alpn_selected_len);
|
276
|
+
if (hs->new_session->early_alpn == NULL) {
|
277
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
259
278
|
return ssl_hs_error;
|
260
279
|
}
|
280
|
+
hs->new_session->early_alpn_len = ssl->s3->alpn_selected_len;
|
261
281
|
}
|
262
282
|
|
263
|
-
ssl->s3->new_session->cipher = cipher;
|
264
|
-
ssl->s3->tmp.new_cipher = cipher;
|
265
|
-
|
266
283
|
/* The PRF hash is now known. Set up the key schedule. */
|
267
|
-
|
268
|
-
size_t resumption_ctx_len =
|
269
|
-
EVP_MD_size(ssl_get_handshake_digest(ssl_get_algorithm_prf(ssl)));
|
270
|
-
if (ssl->s3->session_reused) {
|
271
|
-
uint8_t resumption_ctx[EVP_MAX_MD_SIZE];
|
272
|
-
if (!tls13_resumption_context(ssl, resumption_ctx, resumption_ctx_len,
|
273
|
-
ssl->s3->new_session) ||
|
274
|
-
!tls13_init_key_schedule(ssl, resumption_ctx, resumption_ctx_len)) {
|
275
|
-
return ssl_hs_error;
|
276
|
-
}
|
277
|
-
} else if (!tls13_init_key_schedule(ssl, kZeroes, resumption_ctx_len)) {
|
284
|
+
if (!tls13_init_key_schedule(hs)) {
|
278
285
|
return ssl_hs_error;
|
279
286
|
}
|
280
287
|
|
281
|
-
/*
|
282
|
-
if (
|
283
|
-
if (!
|
284
|
-
|
288
|
+
/* Incorporate the PSK into the running secret. */
|
289
|
+
if (ssl->s3->session_reused) {
|
290
|
+
if (!tls13_advance_key_schedule(hs, hs->new_session->master_key,
|
291
|
+
hs->new_session->master_key_length)) {
|
285
292
|
return ssl_hs_error;
|
286
293
|
}
|
294
|
+
} else if (!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len)) {
|
295
|
+
return ssl_hs_error;
|
296
|
+
}
|
287
297
|
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
293
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
294
|
-
return ssl_hs_error;
|
295
|
-
}
|
296
|
-
} else if (!tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len)) {
|
298
|
+
if (!have_key_share) {
|
299
|
+
/* We do not support psk_ke and thus always require a key share. */
|
300
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
|
301
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
|
297
302
|
return ssl_hs_error;
|
298
303
|
}
|
299
304
|
|
300
305
|
/* Resolve ECDHE and incorporate it into the secret. */
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
|
309
|
-
size_t dhe_secret_len;
|
310
|
-
if (!ssl_ext_key_share_parse_serverhello(ssl, &dhe_secret, &dhe_secret_len,
|
311
|
-
&alert, &key_share)) {
|
312
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
313
|
-
return ssl_hs_error;
|
314
|
-
}
|
306
|
+
uint8_t *dhe_secret;
|
307
|
+
size_t dhe_secret_len;
|
308
|
+
alert = SSL_AD_DECODE_ERROR;
|
309
|
+
if (!ssl_ext_key_share_parse_serverhello(hs, &dhe_secret, &dhe_secret_len,
|
310
|
+
&alert, &key_share)) {
|
311
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
312
|
+
return ssl_hs_error;
|
313
|
+
}
|
315
314
|
|
316
|
-
|
315
|
+
if (!tls13_advance_key_schedule(hs, dhe_secret, dhe_secret_len)) {
|
317
316
|
OPENSSL_free(dhe_secret);
|
318
|
-
|
317
|
+
return ssl_hs_error;
|
318
|
+
}
|
319
|
+
OPENSSL_free(dhe_secret);
|
320
|
+
|
321
|
+
/* Negotiate short record headers. */
|
322
|
+
if (have_short_header) {
|
323
|
+
if (CBS_len(&short_header) != 0) {
|
324
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
325
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
319
326
|
return ssl_hs_error;
|
320
327
|
}
|
321
|
-
|
322
|
-
if (
|
328
|
+
|
329
|
+
if (!ssl->ctx->short_header_enabled) {
|
323
330
|
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
324
331
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
325
332
|
return ssl_hs_error;
|
326
333
|
}
|
327
|
-
if (!tls13_advance_key_schedule(ssl, kZeroes, hs->hash_len)) {
|
328
|
-
return ssl_hs_error;
|
329
|
-
}
|
330
|
-
}
|
331
334
|
|
332
|
-
|
333
|
-
* already hashed the message. */
|
334
|
-
if (ssl->s3->hs->retry_group != 0 &&
|
335
|
-
!ssl->method->hash_current_message(ssl)) {
|
336
|
-
return ssl_hs_error;
|
335
|
+
ssl->s3->short_header = 1;
|
337
336
|
}
|
338
337
|
|
339
|
-
if (!
|
338
|
+
if (!ssl_hash_current_message(hs) ||
|
339
|
+
!tls13_derive_handshake_secrets(hs) ||
|
340
|
+
!tls13_set_traffic_key(ssl, evp_aead_open, hs->server_handshake_secret,
|
341
|
+
hs->hash_len) ||
|
342
|
+
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_handshake_secret,
|
343
|
+
hs->hash_len)) {
|
340
344
|
return ssl_hs_error;
|
341
345
|
}
|
342
346
|
|
343
|
-
hs->
|
347
|
+
hs->tls13_state = state_process_encrypted_extensions;
|
344
348
|
return ssl_hs_read_message;
|
345
349
|
}
|
346
350
|
|
347
|
-
static enum ssl_hs_wait_t do_process_encrypted_extensions(
|
348
|
-
|
349
|
-
if (!
|
351
|
+
static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL_HANDSHAKE *hs) {
|
352
|
+
SSL *const ssl = hs->ssl;
|
353
|
+
if (!ssl_check_message_type(ssl, SSL3_MT_ENCRYPTED_EXTENSIONS)) {
|
350
354
|
return ssl_hs_error;
|
351
355
|
}
|
352
356
|
|
353
357
|
CBS cbs;
|
354
358
|
CBS_init(&cbs, ssl->init_msg, ssl->init_num);
|
355
|
-
if (!ssl_parse_serverhello_tlsext(
|
359
|
+
if (!ssl_parse_serverhello_tlsext(hs, &cbs)) {
|
356
360
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
357
361
|
return ssl_hs_error;
|
358
362
|
}
|
@@ -362,27 +366,25 @@ static enum ssl_hs_wait_t do_process_encrypted_extensions(SSL *ssl,
|
|
362
366
|
return ssl_hs_error;
|
363
367
|
}
|
364
368
|
|
365
|
-
if (!
|
369
|
+
if (!ssl_hash_current_message(hs)) {
|
366
370
|
return ssl_hs_error;
|
367
371
|
}
|
368
372
|
|
369
|
-
hs->
|
373
|
+
hs->tls13_state = state_process_certificate_request;
|
370
374
|
return ssl_hs_read_message;
|
371
375
|
}
|
372
376
|
|
373
|
-
static enum ssl_hs_wait_t do_process_certificate_request(
|
374
|
-
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
if (!ssl_cipher_uses_certificate_auth(ssl->s3->tmp.new_cipher)) {
|
379
|
-
hs->state = state_process_server_finished;
|
377
|
+
static enum ssl_hs_wait_t do_process_certificate_request(SSL_HANDSHAKE *hs) {
|
378
|
+
SSL *const ssl = hs->ssl;
|
379
|
+
/* CertificateRequest may only be sent in non-resumption handshakes. */
|
380
|
+
if (ssl->s3->session_reused) {
|
381
|
+
hs->tls13_state = state_process_server_finished;
|
380
382
|
return ssl_hs_ok;
|
381
383
|
}
|
382
384
|
|
383
385
|
/* CertificateRequest is optional. */
|
384
386
|
if (ssl->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
|
385
|
-
hs->
|
387
|
+
hs->tls13_state = state_process_server_certificate;
|
386
388
|
return ssl_hs_ok;
|
387
389
|
}
|
388
390
|
|
@@ -393,13 +395,13 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl,
|
|
393
395
|
CBS_len(&context) != 0 ||
|
394
396
|
!CBS_get_u16_length_prefixed(&cbs, &supported_signature_algorithms) ||
|
395
397
|
CBS_len(&supported_signature_algorithms) == 0 ||
|
396
|
-
!tls1_parse_peer_sigalgs(
|
398
|
+
!tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
|
397
399
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
398
400
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
399
401
|
return ssl_hs_error;
|
400
402
|
}
|
401
403
|
|
402
|
-
uint8_t alert;
|
404
|
+
uint8_t alert = SSL_AD_DECODE_ERROR;
|
403
405
|
STACK_OF(X509_NAME) *ca_sk = ssl_parse_client_CA_list(ssl, &alert, &cbs);
|
404
406
|
if (ca_sk == NULL) {
|
405
407
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
@@ -416,73 +418,64 @@ static enum ssl_hs_wait_t do_process_certificate_request(SSL *ssl,
|
|
416
418
|
return ssl_hs_error;
|
417
419
|
}
|
418
420
|
|
419
|
-
|
420
|
-
sk_X509_NAME_pop_free(
|
421
|
-
|
421
|
+
hs->cert_request = 1;
|
422
|
+
sk_X509_NAME_pop_free(hs->ca_names, X509_NAME_free);
|
423
|
+
hs->ca_names = ca_sk;
|
422
424
|
|
423
|
-
if (!
|
425
|
+
if (!ssl_hash_current_message(hs)) {
|
424
426
|
return ssl_hs_error;
|
425
427
|
}
|
426
428
|
|
427
|
-
hs->
|
429
|
+
hs->tls13_state = state_process_server_certificate;
|
428
430
|
return ssl_hs_read_message;
|
429
431
|
}
|
430
432
|
|
431
|
-
static enum ssl_hs_wait_t do_process_server_certificate(
|
432
|
-
|
433
|
-
if (!
|
434
|
-
!tls13_process_certificate(
|
435
|
-
!
|
436
|
-
return ssl_hs_error;
|
437
|
-
}
|
438
|
-
|
439
|
-
/* Check the certificate matches the cipher suite.
|
440
|
-
*
|
441
|
-
* TODO(davidben): Remove this check when switching to the new TLS 1.3 cipher
|
442
|
-
* suite negotiation. */
|
443
|
-
if (!ssl_check_leaf_certificate(ssl, ssl->s3->new_session->peer)) {
|
444
|
-
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
433
|
+
static enum ssl_hs_wait_t do_process_server_certificate(SSL_HANDSHAKE *hs) {
|
434
|
+
SSL *const ssl = hs->ssl;
|
435
|
+
if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE) ||
|
436
|
+
!tls13_process_certificate(hs, 0 /* certificate required */) ||
|
437
|
+
!ssl_hash_current_message(hs)) {
|
445
438
|
return ssl_hs_error;
|
446
439
|
}
|
447
440
|
|
448
|
-
hs->
|
441
|
+
hs->tls13_state = state_process_server_certificate_verify;
|
449
442
|
return ssl_hs_read_message;
|
450
443
|
}
|
451
444
|
|
452
445
|
static enum ssl_hs_wait_t do_process_server_certificate_verify(
|
453
|
-
|
454
|
-
|
455
|
-
|
456
|
-
!
|
457
|
-
|
446
|
+
SSL_HANDSHAKE *hs) {
|
447
|
+
SSL *const ssl = hs->ssl;
|
448
|
+
if (!ssl_check_message_type(ssl, SSL3_MT_CERTIFICATE_VERIFY) ||
|
449
|
+
!tls13_process_certificate_verify(hs) ||
|
450
|
+
!ssl_hash_current_message(hs)) {
|
451
|
+
return ssl_hs_error;
|
458
452
|
}
|
459
453
|
|
460
|
-
hs->
|
454
|
+
hs->tls13_state = state_process_server_finished;
|
461
455
|
return ssl_hs_read_message;
|
462
456
|
}
|
463
457
|
|
464
|
-
static enum ssl_hs_wait_t do_process_server_finished(
|
465
|
-
|
466
|
-
|
467
|
-
|
468
|
-
|
469
|
-
!tls13_process_finished(ssl) ||
|
470
|
-
!ssl->method->hash_current_message(ssl) ||
|
458
|
+
static enum ssl_hs_wait_t do_process_server_finished(SSL_HANDSHAKE *hs) {
|
459
|
+
SSL *const ssl = hs->ssl;
|
460
|
+
if (!ssl_check_message_type(ssl, SSL3_MT_FINISHED) ||
|
461
|
+
!tls13_process_finished(hs) ||
|
462
|
+
!ssl_hash_current_message(hs) ||
|
471
463
|
/* Update the secret to the master secret and derive traffic keys. */
|
472
|
-
!tls13_advance_key_schedule(
|
473
|
-
!
|
464
|
+
!tls13_advance_key_schedule(hs, kZeroes, hs->hash_len) ||
|
465
|
+
!tls13_derive_application_secrets(hs)) {
|
474
466
|
return ssl_hs_error;
|
475
467
|
}
|
476
468
|
|
477
469
|
ssl->method->received_flight(ssl);
|
478
|
-
hs->
|
470
|
+
hs->tls13_state = state_send_client_certificate;
|
479
471
|
return ssl_hs_ok;
|
480
472
|
}
|
481
473
|
|
482
|
-
static enum ssl_hs_wait_t
|
474
|
+
static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
|
475
|
+
SSL *const ssl = hs->ssl;
|
483
476
|
/* The peer didn't request a certificate. */
|
484
|
-
if (!
|
485
|
-
hs->
|
477
|
+
if (!hs->cert_request) {
|
478
|
+
hs->tls13_state = state_complete_second_flight;
|
486
479
|
return ssl_hs_ok;
|
487
480
|
}
|
488
481
|
|
@@ -495,51 +488,36 @@ static enum ssl_hs_wait_t do_certificate_callback(SSL *ssl, SSL_HANDSHAKE *hs) {
|
|
495
488
|
return ssl_hs_error;
|
496
489
|
}
|
497
490
|
if (rv < 0) {
|
498
|
-
hs->
|
499
|
-
return ssl_hs_x509_lookup;
|
500
|
-
}
|
501
|
-
}
|
502
|
-
|
503
|
-
hs->state = state_send_client_certificate;
|
504
|
-
return ssl_hs_ok;
|
505
|
-
}
|
506
|
-
|
507
|
-
static enum ssl_hs_wait_t do_send_client_certificate(SSL *ssl,
|
508
|
-
SSL_HANDSHAKE *hs) {
|
509
|
-
/* Call client_cert_cb to update the certificate. */
|
510
|
-
int should_retry;
|
511
|
-
if (!ssl_do_client_cert_cb(ssl, &should_retry)) {
|
512
|
-
if (should_retry) {
|
513
|
-
hs->state = state_send_client_certificate;
|
491
|
+
hs->tls13_state = state_send_client_certificate;
|
514
492
|
return ssl_hs_x509_lookup;
|
515
493
|
}
|
516
|
-
return ssl_hs_error;
|
517
494
|
}
|
518
495
|
|
519
|
-
if (!
|
496
|
+
if (!ssl_auto_chain_if_needed(ssl) ||
|
497
|
+
!tls13_add_certificate(hs)) {
|
520
498
|
return ssl_hs_error;
|
521
499
|
}
|
522
500
|
|
523
|
-
hs->
|
524
|
-
return
|
501
|
+
hs->tls13_state = state_send_client_certificate_verify;
|
502
|
+
return ssl_hs_ok;
|
525
503
|
}
|
526
504
|
|
527
|
-
static enum ssl_hs_wait_t do_send_client_certificate_verify(
|
528
|
-
SSL_HANDSHAKE *hs,
|
505
|
+
static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL_HANDSHAKE *hs,
|
529
506
|
int is_first_run) {
|
507
|
+
SSL *const ssl = hs->ssl;
|
530
508
|
/* Don't send CertificateVerify if there is no certificate. */
|
531
509
|
if (!ssl_has_certificate(ssl)) {
|
532
|
-
hs->
|
510
|
+
hs->tls13_state = state_complete_second_flight;
|
533
511
|
return ssl_hs_ok;
|
534
512
|
}
|
535
513
|
|
536
|
-
switch (
|
514
|
+
switch (tls13_add_certificate_verify(hs, is_first_run)) {
|
537
515
|
case ssl_private_key_success:
|
538
|
-
hs->
|
539
|
-
return
|
516
|
+
hs->tls13_state = state_complete_second_flight;
|
517
|
+
return ssl_hs_ok;
|
540
518
|
|
541
519
|
case ssl_private_key_retry:
|
542
|
-
hs->
|
520
|
+
hs->tls13_state = state_complete_client_certificate_verify;
|
543
521
|
return ssl_hs_private_key_operation;
|
544
522
|
|
545
523
|
case ssl_private_key_failure:
|
@@ -550,79 +528,87 @@ static enum ssl_hs_wait_t do_send_client_certificate_verify(SSL *ssl,
|
|
550
528
|
return ssl_hs_error;
|
551
529
|
}
|
552
530
|
|
553
|
-
static enum ssl_hs_wait_t
|
554
|
-
|
555
|
-
|
531
|
+
static enum ssl_hs_wait_t do_complete_second_flight(SSL_HANDSHAKE *hs) {
|
532
|
+
SSL *const ssl = hs->ssl;
|
533
|
+
|
534
|
+
/* Send a Channel ID assertion if necessary. */
|
535
|
+
if (ssl->s3->tlsext_channel_id_valid) {
|
536
|
+
if (!ssl_do_channel_id_callback(ssl)) {
|
537
|
+
hs->tls13_state = state_complete_second_flight;
|
538
|
+
return ssl_hs_error;
|
539
|
+
}
|
540
|
+
|
541
|
+
if (ssl->tlsext_channel_id_private == NULL) {
|
542
|
+
return ssl_hs_channel_id_lookup;
|
543
|
+
}
|
544
|
+
|
545
|
+
CBB cbb, body;
|
546
|
+
if (!ssl->method->init_message(ssl, &cbb, &body, SSL3_MT_CHANNEL_ID) ||
|
547
|
+
!tls1_write_channel_id(hs, &body) ||
|
548
|
+
!ssl_add_message_cbb(ssl, &cbb)) {
|
549
|
+
CBB_cleanup(&cbb);
|
550
|
+
return ssl_hs_error;
|
551
|
+
}
|
556
552
|
}
|
557
553
|
|
558
|
-
|
559
|
-
|
560
|
-
|
554
|
+
/* Send a Finished message. */
|
555
|
+
if (!tls13_add_finished(hs)) {
|
556
|
+
return ssl_hs_error;
|
557
|
+
}
|
561
558
|
|
562
|
-
|
563
|
-
if (!tls13_set_traffic_key(ssl,
|
564
|
-
hs->
|
565
|
-
!tls13_set_traffic_key(ssl,
|
566
|
-
hs->
|
567
|
-
!
|
559
|
+
/* Derive the final keys and enable them. */
|
560
|
+
if (!tls13_set_traffic_key(ssl, evp_aead_open, hs->server_traffic_secret_0,
|
561
|
+
hs->hash_len) ||
|
562
|
+
!tls13_set_traffic_key(ssl, evp_aead_seal, hs->client_traffic_secret_0,
|
563
|
+
hs->hash_len) ||
|
564
|
+
!tls13_derive_resumption_secret(hs)) {
|
568
565
|
return ssl_hs_error;
|
569
566
|
}
|
570
567
|
|
571
|
-
hs->
|
568
|
+
hs->tls13_state = state_done;
|
572
569
|
return ssl_hs_flush;
|
573
570
|
}
|
574
571
|
|
575
|
-
enum ssl_hs_wait_t tls13_client_handshake(
|
576
|
-
|
577
|
-
|
578
|
-
while (hs->state != state_done) {
|
572
|
+
enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs) {
|
573
|
+
while (hs->tls13_state != state_done) {
|
579
574
|
enum ssl_hs_wait_t ret = ssl_hs_error;
|
580
|
-
enum client_hs_state_t state = hs->
|
575
|
+
enum client_hs_state_t state = hs->tls13_state;
|
581
576
|
switch (state) {
|
582
577
|
case state_process_hello_retry_request:
|
583
|
-
ret = do_process_hello_retry_request(
|
578
|
+
ret = do_process_hello_retry_request(hs);
|
584
579
|
break;
|
585
580
|
case state_send_second_client_hello:
|
586
|
-
ret = do_send_second_client_hello(
|
587
|
-
break;
|
588
|
-
case state_flush_second_client_hello:
|
589
|
-
ret = do_flush_second_client_hello(ssl, hs);
|
581
|
+
ret = do_send_second_client_hello(hs);
|
590
582
|
break;
|
591
583
|
case state_process_server_hello:
|
592
|
-
ret = do_process_server_hello(
|
584
|
+
ret = do_process_server_hello(hs);
|
593
585
|
break;
|
594
586
|
case state_process_encrypted_extensions:
|
595
|
-
ret = do_process_encrypted_extensions(
|
587
|
+
ret = do_process_encrypted_extensions(hs);
|
596
588
|
break;
|
597
589
|
case state_process_certificate_request:
|
598
|
-
ret = do_process_certificate_request(
|
590
|
+
ret = do_process_certificate_request(hs);
|
599
591
|
break;
|
600
592
|
case state_process_server_certificate:
|
601
|
-
ret = do_process_server_certificate(
|
593
|
+
ret = do_process_server_certificate(hs);
|
602
594
|
break;
|
603
595
|
case state_process_server_certificate_verify:
|
604
|
-
ret = do_process_server_certificate_verify(
|
596
|
+
ret = do_process_server_certificate_verify(hs);
|
605
597
|
break;
|
606
598
|
case state_process_server_finished:
|
607
|
-
ret = do_process_server_finished(
|
608
|
-
break;
|
609
|
-
case state_certificate_callback:
|
610
|
-
ret = do_certificate_callback(ssl, hs);
|
599
|
+
ret = do_process_server_finished(hs);
|
611
600
|
break;
|
612
601
|
case state_send_client_certificate:
|
613
|
-
ret = do_send_client_certificate(
|
602
|
+
ret = do_send_client_certificate(hs);
|
614
603
|
break;
|
615
604
|
case state_send_client_certificate_verify:
|
616
|
-
ret = do_send_client_certificate_verify(
|
617
|
-
|
605
|
+
ret = do_send_client_certificate_verify(hs, 1 /* first run */);
|
606
|
+
break;
|
618
607
|
case state_complete_client_certificate_verify:
|
619
|
-
ret = do_send_client_certificate_verify(
|
620
|
-
break;
|
621
|
-
case state_send_client_finished:
|
622
|
-
ret = do_send_client_finished(ssl, hs);
|
608
|
+
ret = do_send_client_certificate_verify(hs, 0 /* complete */);
|
623
609
|
break;
|
624
|
-
case
|
625
|
-
ret =
|
610
|
+
case state_complete_second_flight:
|
611
|
+
ret = do_complete_second_flight(hs);
|
626
612
|
break;
|
627
613
|
case state_done:
|
628
614
|
ret = ssl_hs_ok;
|
@@ -638,26 +624,67 @@ enum ssl_hs_wait_t tls13_client_handshake(SSL *ssl) {
|
|
638
624
|
}
|
639
625
|
|
640
626
|
int tls13_process_new_session_ticket(SSL *ssl) {
|
641
|
-
|
642
|
-
|
643
|
-
|
627
|
+
int ret = 0;
|
628
|
+
SSL_SESSION *session = SSL_SESSION_dup(ssl->s3->established_session,
|
629
|
+
SSL_SESSION_INCLUDE_NONAUTH);
|
644
630
|
if (session == NULL) {
|
645
631
|
return 0;
|
646
632
|
}
|
647
633
|
|
648
|
-
|
634
|
+
ssl_session_rebase_time(ssl, session);
|
635
|
+
|
636
|
+
uint32_t server_timeout;
|
637
|
+
CBS cbs, ticket, extensions;
|
649
638
|
CBS_init(&cbs, ssl->init_msg, ssl->init_num);
|
650
|
-
if (!CBS_get_u32(&cbs, &
|
651
|
-
!CBS_get_u32(&cbs, &session->ticket_flags) ||
|
639
|
+
if (!CBS_get_u32(&cbs, &server_timeout) ||
|
652
640
|
!CBS_get_u32(&cbs, &session->ticket_age_add) ||
|
653
|
-
!CBS_get_u16_length_prefixed(&cbs, &extensions) ||
|
654
641
|
!CBS_get_u16_length_prefixed(&cbs, &ticket) ||
|
655
642
|
!CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) ||
|
643
|
+
!CBS_get_u16_length_prefixed(&cbs, &extensions) ||
|
656
644
|
CBS_len(&cbs) != 0) {
|
657
|
-
SSL_SESSION_free(session);
|
658
645
|
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
659
646
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
660
|
-
|
647
|
+
goto err;
|
648
|
+
}
|
649
|
+
|
650
|
+
/* Cap the renewable lifetime by the server advertised value. This avoids
|
651
|
+
* wasting bandwidth on 0-RTT when we know the server will reject it.
|
652
|
+
*
|
653
|
+
* TODO(davidben): This dance where we're not sure if long or uint32_t is
|
654
|
+
* bigger is silly. session->timeout should not be a long to begin with.
|
655
|
+
* https://crbug.com/boringssl/155. */
|
656
|
+
#if LONG_MAX < 0xffffffff
|
657
|
+
if (server_timeout > LONG_MAX) {
|
658
|
+
server_timeout = LONG_MAX;
|
659
|
+
}
|
660
|
+
#endif
|
661
|
+
if (session->timeout > (long)server_timeout) {
|
662
|
+
session->timeout = (long)server_timeout;
|
663
|
+
}
|
664
|
+
|
665
|
+
/* Parse out the extensions. */
|
666
|
+
int have_early_data_info = 0;
|
667
|
+
CBS early_data_info;
|
668
|
+
const SSL_EXTENSION_TYPE ext_types[] = {
|
669
|
+
{TLSEXT_TYPE_ticket_early_data_info, &have_early_data_info,
|
670
|
+
&early_data_info},
|
671
|
+
};
|
672
|
+
|
673
|
+
uint8_t alert = SSL_AD_DECODE_ERROR;
|
674
|
+
if (!ssl_parse_extensions(&extensions, &alert, ext_types,
|
675
|
+
OPENSSL_ARRAY_SIZE(ext_types),
|
676
|
+
1 /* ignore unknown */)) {
|
677
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, alert);
|
678
|
+
goto err;
|
679
|
+
}
|
680
|
+
|
681
|
+
if (have_early_data_info && ssl->ctx->enable_early_data) {
|
682
|
+
if (!CBS_get_u32(&early_data_info, &session->ticket_max_early_data) ||
|
683
|
+
CBS_len(&early_data_info) != 0) {
|
684
|
+
ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
|
685
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
686
|
+
goto err;
|
687
|
+
}
|
661
688
|
}
|
662
689
|
|
663
690
|
session->ticket_age_add_valid = 1;
|
@@ -666,17 +693,20 @@ int tls13_process_new_session_ticket(SSL *ssl) {
|
|
666
693
|
if (ssl->ctx->new_session_cb != NULL &&
|
667
694
|
ssl->ctx->new_session_cb(ssl, session)) {
|
668
695
|
/* |new_session_cb|'s return value signals that it took ownership. */
|
669
|
-
|
696
|
+
session = NULL;
|
670
697
|
}
|
671
698
|
|
699
|
+
ret = 1;
|
700
|
+
|
701
|
+
err:
|
672
702
|
SSL_SESSION_free(session);
|
673
|
-
return
|
703
|
+
return ret;
|
674
704
|
}
|
675
705
|
|
676
|
-
void ssl_clear_tls13_state(
|
677
|
-
SSL_ECDH_CTX_cleanup(&
|
706
|
+
void ssl_clear_tls13_state(SSL_HANDSHAKE *hs) {
|
707
|
+
SSL_ECDH_CTX_cleanup(&hs->ecdh_ctx);
|
678
708
|
|
679
|
-
OPENSSL_free(
|
680
|
-
|
681
|
-
|
709
|
+
OPENSSL_free(hs->key_share_bytes);
|
710
|
+
hs->key_share_bytes = NULL;
|
711
|
+
hs->key_share_bytes_len = 0;
|
682
712
|
}
|