grpc 1.28.0.pre2 → 1.31.0.pre1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (660) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +8313 -11862
  3. data/include/grpc/grpc.h +2 -2
  4. data/include/grpc/grpc_security.h +30 -9
  5. data/include/grpc/grpc_security_constants.h +4 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +23 -23
  7. data/include/grpc/impl/codegen/port_platform.h +6 -34
  8. data/include/grpc/module.modulemap +24 -39
  9. data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
  10. data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
  11. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  12. data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
  13. data/src/core/ext/filters/client_channel/config_selector.h +93 -0
  14. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
  15. data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
  16. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  17. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
  18. data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
  19. data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
  20. data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
  21. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  22. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  23. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
  24. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
  25. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
  26. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  27. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  30. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
  32. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
  33. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  38. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
  39. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
  40. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  41. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  42. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  43. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
  45. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  53. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
  54. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
  55. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  56. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
  57. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
  58. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  59. data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
  60. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  61. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
  62. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
  63. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
  64. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
  65. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  66. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  67. data/src/core/ext/filters/client_channel/service_config.cc +104 -144
  68. data/src/core/ext/filters/client_channel/service_config.h +28 -98
  69. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  70. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
  71. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  72. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  73. data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
  74. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  75. data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
  76. data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
  77. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
  78. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
  79. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
  80. data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
  81. data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
  82. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
  83. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
  84. data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
  85. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  86. data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
  87. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  88. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
  89. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
  90. data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
  91. data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
  92. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
  93. data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
  94. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
  95. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
  96. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
  97. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  98. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
  99. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  100. data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
  101. data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
  102. data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
  103. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
  104. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  105. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
  106. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  107. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
  108. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  109. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
  110. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  111. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
  112. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  113. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  114. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  115. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
  116. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  117. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
  118. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  119. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  120. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  121. data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
  122. data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
  123. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  124. data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
  125. data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
  126. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
  127. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
  128. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
  129. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
  130. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  131. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  133. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
  134. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
  137. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
  138. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
  139. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
  140. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
  141. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
  142. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
  144. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
  145. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
  146. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
  147. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
  148. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
  151. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
  152. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
  153. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
  154. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
  156. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
  157. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
  158. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
  159. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
  160. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
  161. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
  162. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
  163. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
  164. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  165. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
  166. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
  167. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
  168. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
  169. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
  170. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
  171. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
  172. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
  173. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
  174. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
  175. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
  176. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
  177. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
  178. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
  179. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
  180. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
  181. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
  182. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
  183. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
  184. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
  185. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
  186. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
  187. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
  188. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
  189. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
  190. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
  191. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
  192. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
  193. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
  194. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
  195. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
  196. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
  197. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
  198. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
  199. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
  200. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
  201. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
  202. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
  203. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
  204. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
  205. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
  206. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  207. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  208. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  209. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
  210. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  211. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
  212. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  213. data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
  214. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
  215. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
  216. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
  217. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
  218. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
  219. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
  220. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  221. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
  222. data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
  223. data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
  224. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
  225. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
  226. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
  227. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
  228. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
  229. data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
  230. data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
  231. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
  232. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
  233. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
  234. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
  235. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
  236. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
  237. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
  238. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
  239. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
  240. data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
  241. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
  242. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
  243. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
  244. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
  245. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
  246. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
  247. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
  248. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
  249. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
  250. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  251. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
  252. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
  253. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
  254. data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
  255. data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
  256. data/src/core/lib/channel/channel_args.cc +15 -14
  257. data/src/core/lib/channel/channel_args.h +3 -1
  258. data/src/core/lib/channel/channel_stack.h +20 -13
  259. data/src/core/lib/channel/channel_trace.cc +2 -6
  260. data/src/core/lib/channel/channelz.cc +10 -21
  261. data/src/core/lib/channel/channelz.h +3 -2
  262. data/src/core/lib/channel/channelz_registry.cc +5 -3
  263. data/src/core/lib/channel/connected_channel.cc +7 -5
  264. data/src/core/lib/channel/context.h +1 -1
  265. data/src/core/lib/channel/handshaker.cc +11 -13
  266. data/src/core/lib/channel/handshaker.h +4 -2
  267. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  268. data/src/core/lib/channel/status_util.cc +2 -3
  269. data/src/core/lib/compression/message_compress.cc +5 -1
  270. data/src/core/lib/debug/stats.cc +21 -27
  271. data/src/core/lib/debug/stats.h +3 -1
  272. data/src/core/lib/gpr/log_linux.cc +6 -8
  273. data/src/core/lib/gpr/log_posix.cc +6 -8
  274. data/src/core/lib/gpr/spinlock.h +2 -3
  275. data/src/core/lib/gpr/string.cc +10 -33
  276. data/src/core/lib/gpr/string.h +4 -18
  277. data/src/core/lib/gpr/sync_abseil.cc +2 -0
  278. data/src/core/lib/gpr/time.cc +4 -0
  279. data/src/core/lib/gpr/time_posix.cc +1 -1
  280. data/src/core/lib/gprpp/atomic.h +6 -6
  281. data/src/core/lib/gprpp/fork.cc +1 -1
  282. data/src/core/lib/gprpp/global_config_env.cc +8 -6
  283. data/src/core/lib/gprpp/host_port.cc +29 -35
  284. data/src/core/lib/gprpp/host_port.h +14 -17
  285. data/src/core/lib/gprpp/map.h +5 -11
  286. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  287. data/src/core/lib/gprpp/sync.h +9 -0
  288. data/src/core/lib/http/format_request.cc +46 -65
  289. data/src/core/lib/http/httpcli.cc +15 -13
  290. data/src/core/lib/http/httpcli.h +2 -3
  291. data/src/core/lib/http/httpcli_security_connector.cc +10 -10
  292. data/src/core/lib/http/parser.h +2 -3
  293. data/src/core/lib/iomgr/buffer_list.h +22 -21
  294. data/src/core/lib/iomgr/call_combiner.h +3 -2
  295. data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
  296. data/src/core/lib/iomgr/closure.h +2 -3
  297. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  298. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  299. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  300. data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
  301. data/src/core/lib/iomgr/error.cc +6 -9
  302. data/src/core/lib/iomgr/error.h +0 -1
  303. data/src/core/lib/iomgr/error_cfstream.cc +9 -8
  304. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  305. data/src/core/lib/iomgr/ev_apple.h +43 -0
  306. data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
  307. data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
  308. data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
  309. data/src/core/lib/iomgr/ev_posix.cc +4 -3
  310. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  311. data/src/core/lib/iomgr/iomgr.cc +10 -0
  312. data/src/core/lib/iomgr/iomgr.h +10 -0
  313. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  314. data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
  315. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  316. data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
  317. data/src/core/lib/iomgr/port.h +2 -21
  318. data/src/core/lib/iomgr/python_util.h +46 -0
  319. data/src/core/lib/iomgr/resolve_address.h +4 -6
  320. data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
  321. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  322. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  323. data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
  324. data/src/core/lib/iomgr/resource_quota.cc +38 -37
  325. data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
  326. data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
  327. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  328. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  329. data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
  330. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  331. data/src/core/lib/iomgr/socket_windows.cc +4 -5
  332. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
  333. data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
  334. data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
  335. data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
  336. data/src/core/lib/iomgr/tcp_custom.cc +3 -4
  337. data/src/core/lib/iomgr/tcp_custom.h +1 -1
  338. data/src/core/lib/iomgr/tcp_server.cc +3 -4
  339. data/src/core/lib/iomgr/tcp_server.h +7 -5
  340. data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
  341. data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
  342. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
  343. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
  344. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
  345. data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
  346. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  347. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  348. data/src/core/lib/iomgr/timer_generic.cc +15 -15
  349. data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
  350. data/src/core/lib/iomgr/timer_heap.h +2 -3
  351. data/src/core/lib/iomgr/udp_server.cc +32 -36
  352. data/src/core/lib/iomgr/udp_server.h +5 -2
  353. data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
  354. data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
  355. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
  356. data/src/core/lib/json/json.h +3 -2
  357. data/src/core/lib/json/json_reader.cc +25 -26
  358. data/src/core/lib/json/json_writer.cc +13 -12
  359. data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
  360. data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
  361. data/src/core/lib/security/credentials/credentials.cc +0 -84
  362. data/src/core/lib/security/credentials/credentials.h +13 -62
  363. data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
  364. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
  365. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
  366. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  367. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  368. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  369. data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
  370. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
  371. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  372. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
  373. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
  374. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
  375. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
  376. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
  377. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  378. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
  379. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
  380. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
  381. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
  382. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
  383. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
  384. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
  385. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  386. data/src/core/lib/security/security_connector/security_connector.cc +2 -0
  387. data/src/core/lib/security/security_connector/security_connector.h +2 -2
  388. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
  389. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
  390. data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
  391. data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
  392. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
  393. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
  394. data/src/core/lib/security/transport/auth_filters.h +0 -5
  395. data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
  396. data/src/core/lib/security/util/json_util.cc +12 -13
  397. data/src/core/lib/slice/slice.cc +38 -1
  398. data/src/core/lib/slice/slice_intern.cc +2 -3
  399. data/src/core/lib/slice/slice_internal.h +15 -0
  400. data/src/core/lib/slice/slice_utils.h +9 -0
  401. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  402. data/src/core/lib/surface/call.cc +42 -44
  403. data/src/core/lib/surface/call_log_batch.cc +50 -58
  404. data/src/core/lib/surface/channel.cc +53 -31
  405. data/src/core/lib/surface/channel.h +35 -4
  406. data/src/core/lib/surface/channel_ping.cc +2 -3
  407. data/src/core/lib/surface/completion_queue.cc +304 -47
  408. data/src/core/lib/surface/completion_queue.h +8 -0
  409. data/src/core/lib/surface/event_string.cc +18 -25
  410. data/src/core/lib/surface/event_string.h +3 -1
  411. data/src/core/lib/surface/init.cc +2 -0
  412. data/src/core/lib/surface/init_secure.cc +1 -4
  413. data/src/core/lib/surface/server.cc +971 -837
  414. data/src/core/lib/surface/server.h +66 -12
  415. data/src/core/lib/surface/version.cc +2 -2
  416. data/src/core/lib/transport/byte_stream.h +7 -2
  417. data/src/core/lib/transport/connectivity_state.cc +7 -6
  418. data/src/core/lib/transport/connectivity_state.h +5 -3
  419. data/src/core/lib/transport/metadata.cc +3 -3
  420. data/src/core/lib/transport/metadata_batch.h +2 -3
  421. data/src/core/lib/transport/static_metadata.h +1 -1
  422. data/src/core/lib/transport/status_conversion.cc +6 -14
  423. data/src/core/lib/transport/transport.cc +2 -3
  424. data/src/core/lib/transport/transport.h +9 -2
  425. data/src/core/lib/transport/transport_op_string.cc +61 -102
  426. data/src/core/lib/uri/uri_parser.cc +8 -15
  427. data/src/core/lib/uri/uri_parser.h +2 -3
  428. data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
  429. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  430. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
  431. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  432. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
  433. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
  434. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
  435. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  436. data/src/core/tsi/fake_transport_security.cc +10 -15
  437. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  438. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  439. data/src/core/tsi/ssl_transport_security.cc +154 -50
  440. data/src/core/tsi/ssl_transport_security.h +22 -10
  441. data/src/core/tsi/ssl_types.h +0 -2
  442. data/src/core/tsi/transport_security.h +6 -9
  443. data/src/core/tsi/transport_security_grpc.h +2 -3
  444. data/src/core/tsi/transport_security_interface.h +8 -3
  445. data/src/ruby/ext/grpc/extconf.rb +5 -2
  446. data/src/ruby/ext/grpc/rb_call.c +12 -3
  447. data/src/ruby/ext/grpc/rb_call.h +4 -0
  448. data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
  449. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
  450. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
  451. data/src/ruby/lib/grpc/errors.rb +103 -42
  452. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  453. data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
  454. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  455. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  456. data/src/ruby/lib/grpc/structs.rb +1 -1
  457. data/src/ruby/lib/grpc/version.rb +1 -1
  458. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  459. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
  460. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  461. data/src/ruby/spec/debug_message_spec.rb +134 -0
  462. data/src/ruby/spec/generic/service_spec.rb +2 -0
  463. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  464. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
  465. data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
  466. data/src/ruby/spec/support/services.rb +10 -4
  467. data/src/ruby/spec/testdata/ca.pem +18 -13
  468. data/src/ruby/spec/testdata/client.key +26 -14
  469. data/src/ruby/spec/testdata/client.pem +18 -12
  470. data/src/ruby/spec/testdata/server1.key +26 -14
  471. data/src/ruby/spec/testdata/server1.pem +20 -14
  472. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  473. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  474. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  475. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  476. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  477. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  478. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  479. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  480. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  481. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  482. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  483. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  484. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  485. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  486. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  487. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  488. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  489. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  490. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  491. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  492. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  493. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  494. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  495. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  496. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  497. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  498. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  499. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  500. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  501. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  502. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  503. data/third_party/boringssl-with-bazel/err_data.c +335 -297
  504. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  505. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
  506. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
  507. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
  508. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
  509. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
  510. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
  511. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
  512. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
  513. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
  514. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
  515. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
  516. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
  517. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
  518. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
  519. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  520. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
  521. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
  522. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
  523. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
  524. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
  525. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
  526. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
  527. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
  528. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
  529. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
  530. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
  531. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
  532. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
  533. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
  534. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
  535. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
  536. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
  537. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
  538. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
  539. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
  540. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
  541. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
  542. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
  543. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
  544. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
  545. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
  546. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
  547. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
  548. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
  549. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  550. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
  551. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
  552. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
  553. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
  554. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
  555. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
  556. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
  557. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  558. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  559. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  560. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
  561. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
  562. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
  563. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
  564. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
  565. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
  566. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
  567. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
  568. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
  569. data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
  570. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
  571. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
  572. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
  573. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
  574. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
  575. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
  576. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
  577. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
  578. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
  579. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
  580. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
  581. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
  582. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
  583. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
  584. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
  585. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
  586. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
  587. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
  588. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
  589. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
  590. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
  591. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
  592. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
  593. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
  594. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
  595. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
  596. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
  597. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
  598. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
  599. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
  600. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
  601. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  602. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
  603. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
  604. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
  605. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
  606. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
  607. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
  608. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
  609. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
  610. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
  611. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
  612. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
  613. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
  614. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
  615. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
  616. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
  617. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
  618. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
  619. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
  620. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
  621. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
  622. data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
  623. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
  624. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  625. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
  630. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
  631. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
  632. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
  633. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
  634. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
  635. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
  636. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
  637. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
  638. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
  639. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
  640. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
  641. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
  642. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
  643. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
  644. data/third_party/upb/upb/decode.c +467 -504
  645. data/third_party/upb/upb/encode.c +163 -121
  646. data/third_party/upb/upb/msg.c +130 -64
  647. data/third_party/upb/upb/msg.h +418 -14
  648. data/third_party/upb/upb/port_def.inc +35 -6
  649. data/third_party/upb/upb/port_undef.inc +8 -1
  650. data/third_party/upb/upb/table.c +53 -75
  651. data/third_party/upb/upb/table.int.h +11 -43
  652. data/third_party/upb/upb/upb.c +148 -124
  653. data/third_party/upb/upb/upb.h +65 -147
  654. data/third_party/upb/upb/upb.hpp +86 -0
  655. metadata +122 -41
  656. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
  657. data/src/core/lib/gprpp/string_view.h +0 -60
  658. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
  659. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
  660. data/third_party/upb/upb/generated_util.h +0 -105
@@ -578,6 +578,7 @@ OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
578
578
  OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
579
579
  OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
580
580
  OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
581
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
581
582
  OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
582
583
  OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
583
584
  OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
@@ -437,10 +437,6 @@ void dtls1_next_message(SSL *ssl) {
437
437
  }
438
438
 
439
439
  bool dtls_has_unprocessed_handshake_data(const SSL *ssl) {
440
- if (ssl->d1->has_change_cipher_spec) {
441
- return true;
442
- }
443
-
444
440
  size_t current = ssl->d1->handshake_read_seq % SSL_MAX_HANDSHAKE_FLIGHT;
445
441
  for (size_t i = 0; i < SSL_MAX_HANDSHAKE_FLIGHT; i++) {
446
442
  // Skip the current message.
@@ -86,12 +86,12 @@ DTLS1_STATE::DTLS1_STATE()
86
86
  DTLS1_STATE::~DTLS1_STATE() {}
87
87
 
88
88
  bool dtls1_new(SSL *ssl) {
89
- if (!ssl3_new(ssl)) {
89
+ if (!tls_new(ssl)) {
90
90
  return false;
91
91
  }
92
92
  UniquePtr<DTLS1_STATE> d1 = MakeUnique<DTLS1_STATE>();
93
93
  if (!d1) {
94
- ssl3_free(ssl);
94
+ tls_free(ssl);
95
95
  return false;
96
96
  }
97
97
 
@@ -107,7 +107,7 @@ bool dtls1_new(SSL *ssl) {
107
107
  }
108
108
 
109
109
  void dtls1_free(SSL *ssl) {
110
- ssl3_free(ssl);
110
+ tls_free(ssl);
111
111
 
112
112
  if (ssl == NULL) {
113
113
  return;
@@ -77,10 +77,13 @@ static void dtls1_on_handshake_complete(SSL *ssl) {
77
77
  }
78
78
  }
79
79
 
80
- static bool dtls1_set_read_state(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx) {
80
+ static bool dtls1_set_read_state(SSL *ssl, ssl_encryption_level_t level,
81
+ UniquePtr<SSLAEADContext> aead_ctx,
82
+ Span<const uint8_t> secret_for_quic) {
83
+ assert(secret_for_quic.empty()); // QUIC does not use DTLS.
81
84
  // Cipher changes are forbidden if the current epoch has leftover data.
82
85
  if (dtls_has_unprocessed_handshake_data(ssl)) {
83
- OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFERED_MESSAGES_ON_CIPHER_CHANGE);
86
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
84
87
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
85
88
  return false;
86
89
  }
@@ -90,11 +93,15 @@ static bool dtls1_set_read_state(SSL *ssl, UniquePtr aead_ctx) {
90
93
  OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
91
94
 
92
95
  ssl->s3->aead_read_ctx = std::move(aead_ctx);
96
+ ssl->s3->read_level = level;
97
+ ssl->d1->has_change_cipher_spec = 0;
93
98
  return true;
94
99
  }
95
100
 
96
- static bool dtls1_set_write_state(SSL *ssl,
97
- UniquePtr<SSLAEADContext> aead_ctx) {
101
+ static bool dtls1_set_write_state(SSL *ssl, ssl_encryption_level_t level,
102
+ UniquePtr<SSLAEADContext> aead_ctx,
103
+ Span<const uint8_t> secret_for_quic) {
104
+ assert(secret_for_quic.empty()); // QUIC does not use DTLS.
98
105
  ssl->d1->w_epoch++;
99
106
  OPENSSL_memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,
100
107
  sizeof(ssl->s3->write_sequence));
@@ -102,6 +109,7 @@ static bool dtls1_set_write_state(SSL *ssl,
102
109
 
103
110
  ssl->d1->last_aead_write_ctx = std::move(ssl->s3->aead_write_ctx);
104
111
  ssl->s3->aead_write_ctx = std::move(aead_ctx);
112
+ ssl->s3->write_level = level;
105
113
  return true;
106
114
  }
107
115
 
@@ -111,6 +119,7 @@ static const SSL_PROTOCOL_METHOD kDTLSProtocolMethod = {
111
119
  dtls1_free,
112
120
  dtls1_get_message,
113
121
  dtls1_next_message,
122
+ dtls_has_unprocessed_handshake_data,
114
123
  dtls1_open_handshake,
115
124
  dtls1_open_change_cipher_spec,
116
125
  dtls1_open_app_data,
@@ -24,6 +24,17 @@ BSSL_NAMESPACE_BEGIN
24
24
  constexpr int kHandoffVersion = 0;
25
25
  constexpr int kHandbackVersion = 0;
26
26
 
27
+ // early_data_t represents the state of early data in a more compact way than
28
+ // the 3 bits used by the implementation.
29
+ enum early_data_t {
30
+ early_data_not_offered = 0,
31
+ early_data_accepted = 1,
32
+ early_data_rejected_hrr = 2,
33
+ early_data_skipped = 3,
34
+
35
+ early_data_max_value = early_data_skipped,
36
+ };
37
+
27
38
  // serialize_features adds a description of features supported by this binary to
28
39
  // |out|. Returns true on success and false on error.
29
40
  static bool serialize_features(CBB *out) {
@@ -246,9 +257,10 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
246
257
  case state12_finish_server_handshake:
247
258
  type = handback_after_handshake;
248
259
  break;
249
- // The outer state machine is always in |state12_tls13| for a TLS 1.3
250
- // handshake as TLS 1.3 uses |tls13_state|.
251
260
  case state12_tls13:
261
+ if (hs->tls13_state != state13_send_half_rtt_ticket) {
262
+ return false;
263
+ }
252
264
  type = handback_tls13;
253
265
  break;
254
266
  default:
@@ -261,8 +273,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
261
273
  }
262
274
 
263
275
  Span<const uint8_t> transcript;
264
- if (type == handback_after_ecdhe ||
265
- type == handback_after_session_resumption || type == handback_tls13) {
276
+ if (type != handback_after_handshake) {
266
277
  transcript = s3->hs->transcript.buffer();
267
278
  }
268
279
  size_t write_iv_len = 0;
@@ -332,6 +343,27 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
332
343
  return false;
333
344
  }
334
345
  if (type == handback_tls13) {
346
+ early_data_t early_data;
347
+ // Check early data invariants.
348
+ if (ssl->enable_early_data ==
349
+ (s3->early_data_reason == ssl_early_data_disabled)) {
350
+ return false;
351
+ }
352
+ if (hs->early_data_offered) {
353
+ if (s3->early_data_accepted && !s3->skip_early_data) {
354
+ early_data = early_data_accepted;
355
+ } else if (!s3->early_data_accepted && !s3->skip_early_data) {
356
+ early_data = early_data_rejected_hrr;
357
+ } else if (!s3->early_data_accepted && s3->skip_early_data) {
358
+ early_data = early_data_skipped;
359
+ } else {
360
+ return false;
361
+ }
362
+ } else if (!s3->early_data_accepted && !s3->skip_early_data) {
363
+ early_data = early_data_not_offered;
364
+ } else {
365
+ return false;
366
+ }
335
367
  if (!CBB_add_asn1_octet_string(&seq, hs->client_traffic_secret_0().data(),
336
368
  hs->client_traffic_secret_0().size()) ||
337
369
  !CBB_add_asn1_octet_string(&seq, hs->server_traffic_secret_0().data(),
@@ -346,13 +378,28 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
346
378
  s3->exporter_secret_len) ||
347
379
  !CBB_add_asn1_bool(&seq, s3->used_hello_retry_request) ||
348
380
  !CBB_add_asn1_bool(&seq, hs->accept_psk_mode) ||
349
- !CBB_add_asn1_int64(&seq, s3->ticket_age_skew)) {
381
+ !CBB_add_asn1_int64(&seq, s3->ticket_age_skew) ||
382
+ !CBB_add_asn1_uint64(&seq, s3->early_data_reason) ||
383
+ !CBB_add_asn1_uint64(&seq, early_data)) {
384
+ return false;
385
+ }
386
+ if (early_data == early_data_accepted &&
387
+ !CBB_add_asn1_octet_string(&seq, hs->early_traffic_secret().data(),
388
+ hs->early_traffic_secret().size())) {
350
389
  return false;
351
390
  }
352
391
  }
353
392
  return CBB_flush(out);
354
393
  }
355
394
 
395
+ static bool CopyExact(Span<uint8_t> out, const CBS *in) {
396
+ if (CBS_len(in) != out.size()) {
397
+ return false;
398
+ }
399
+ OPENSSL_memcpy(out.data(), CBS_data(in), out.size());
400
+ return true;
401
+ }
402
+
356
403
  bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
357
404
  if (ssl->do_handshake != nullptr ||
358
405
  ssl->method->is_dtls) {
@@ -360,7 +407,7 @@ bool SSL_apply_handback(SSL *ssl, Span handback) {
360
407
  }
361
408
 
362
409
  SSL3_STATE *const s3 = ssl->s3;
363
- uint64_t handback_version, negotiated_token_binding_param, cipher, type;
410
+ uint64_t handback_version, negotiated_token_binding_param, cipher, type_u64;
364
411
 
365
412
  CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
366
413
  next_proto, alpn, hostname, channel_id, transcript, key_share;
@@ -372,10 +419,12 @@ bool SSL_apply_handback(SSL *ssl, Span handback) {
372
419
  if (!CBS_get_asn1(&handback_cbs, &seq, CBS_ASN1_SEQUENCE) ||
373
420
  !CBS_get_asn1_uint64(&seq, &handback_version) ||
374
421
  handback_version != kHandbackVersion ||
375
- !CBS_get_asn1_uint64(&seq, &type)) {
422
+ !CBS_get_asn1_uint64(&seq, &type_u64) ||
423
+ type_u64 > handback_max_value) {
376
424
  return false;
377
425
  }
378
426
 
427
+ handback_t type = static_cast<handback_t>(type_u64);
379
428
  if (!CBS_get_asn1(&seq, &read_seq, CBS_ASN1_OCTETSTRING) ||
380
429
  CBS_len(&read_seq) != sizeof(s3->read_sequence) ||
381
430
  !CBS_get_asn1(&seq, &write_seq, CBS_ASN1_OCTETSTRING) ||
@@ -432,9 +481,10 @@ bool SSL_apply_handback(SSL *ssl, Span handback) {
432
481
  return false;
433
482
  }
434
483
  CBS client_handshake_secret, server_handshake_secret, client_traffic_secret_0,
435
- server_traffic_secret_0, secret, exporter_secret;
484
+ server_traffic_secret_0, secret, exporter_secret, early_traffic_secret;
436
485
  if (type == handback_tls13) {
437
486
  int used_hello_retry_request, accept_psk_mode;
487
+ uint64_t early_data, early_data_reason;
438
488
  int64_t ticket_age_skew;
439
489
  if (!CBS_get_asn1(&seq, &client_traffic_secret_0, CBS_ASN1_OCTETSTRING) ||
440
490
  !CBS_get_asn1(&seq, &server_traffic_secret_0, CBS_ASN1_OCTETSTRING) ||
@@ -444,7 +494,16 @@ bool SSL_apply_handback(SSL *ssl, Span handback) {
444
494
  !CBS_get_asn1(&seq, &exporter_secret, CBS_ASN1_OCTETSTRING) ||
445
495
  !CBS_get_asn1_bool(&seq, &used_hello_retry_request) ||
446
496
  !CBS_get_asn1_bool(&seq, &accept_psk_mode) ||
447
- !CBS_get_asn1_int64(&seq, &ticket_age_skew)) {
497
+ !CBS_get_asn1_int64(&seq, &ticket_age_skew) ||
498
+ !CBS_get_asn1_uint64(&seq, &early_data_reason) ||
499
+ early_data_reason > ssl_early_data_reason_max_value ||
500
+ !CBS_get_asn1_uint64(&seq, &early_data) ||
501
+ early_data > early_data_max_value) {
502
+ return false;
503
+ }
504
+ early_data_t early_data_type = static_cast<early_data_t>(early_data);
505
+ if (early_data_type == early_data_accepted &&
506
+ !CBS_get_asn1(&seq, &early_traffic_secret, CBS_ASN1_OCTETSTRING)) {
448
507
  return false;
449
508
  }
450
509
  if (ticket_age_skew > std::numeric_limits<int32_t>::max() ||
@@ -454,6 +513,35 @@ bool SSL_apply_handback(SSL *ssl, Span handback) {
454
513
  s3->ticket_age_skew = static_cast<int32_t>(ticket_age_skew);
455
514
  s3->used_hello_retry_request = used_hello_retry_request;
456
515
  hs->accept_psk_mode = accept_psk_mode;
516
+
517
+ s3->early_data_reason =
518
+ static_cast<ssl_early_data_reason_t>(early_data_reason);
519
+ ssl->enable_early_data = s3->early_data_reason != ssl_early_data_disabled;
520
+ s3->skip_early_data = false;
521
+ s3->early_data_accepted = false;
522
+ hs->early_data_offered = false;
523
+ switch (early_data_type) {
524
+ case early_data_not_offered:
525
+ break;
526
+ case early_data_accepted:
527
+ s3->early_data_accepted = true;
528
+ hs->early_data_offered = true;
529
+ hs->can_early_write = true;
530
+ hs->can_early_read = true;
531
+ hs->in_early_data = true;
532
+ break;
533
+ case early_data_rejected_hrr:
534
+ hs->early_data_offered = true;
535
+ break;
536
+ case early_data_skipped:
537
+ s3->skip_early_data = true;
538
+ hs->early_data_offered = true;
539
+ break;
540
+ default:
541
+ return false;
542
+ }
543
+ } else {
544
+ s3->early_data_reason = ssl_early_data_protocol_version;
457
545
  }
458
546
 
459
547
  ssl->version = session->ssl_version;
@@ -484,7 +572,7 @@ bool SSL_apply_handback(SSL *ssl, Span handback) {
484
572
  break;
485
573
  case handback_tls13:
486
574
  hs->state = state12_tls13;
487
- hs->tls13_state = state13_read_client_certificate;
575
+ hs->tls13_state = state13_send_half_rtt_ticket;
488
576
  break;
489
577
  default:
490
578
  return false;
@@ -515,72 +603,73 @@ bool SSL_apply_handback(SSL *ssl, Span handback) {
515
603
  s3->aead_write_ctx->SetVersionIfNullCipher(ssl->version);
516
604
  hs->cert_request = cert_request;
517
605
 
518
- // TODO(davidben): When handoff for TLS 1.3 is added, serialize
519
- // |early_data_reason| and stabilize the constants.
520
- s3->early_data_reason = ssl_early_data_protocol_version;
521
-
522
- if ((type == handback_after_ecdhe ||
523
- type == handback_after_session_resumption || type == handback_tls13) &&
606
+ if (type != handback_after_handshake &&
524
607
  (!hs->transcript.Init() ||
525
608
  !hs->transcript.InitHash(ssl_protocol_version(ssl), hs->new_cipher) ||
526
609
  !hs->transcript.Update(transcript))) {
527
610
  return false;
528
611
  }
529
612
  if (type == handback_tls13) {
530
- const size_t digest_len = hs->transcript.DigestLen();
531
- if (digest_len != CBS_len(&client_traffic_secret_0) ||
532
- digest_len != CBS_len(&server_traffic_secret_0) ||
533
- digest_len != CBS_len(&client_handshake_secret) ||
534
- digest_len != CBS_len(&server_handshake_secret) ||
535
- digest_len != CBS_len(&secret)) {
613
+ hs->ResizeSecrets(hs->transcript.DigestLen());
614
+ if (!CopyExact(hs->client_traffic_secret_0(), &client_traffic_secret_0) ||
615
+ !CopyExact(hs->server_traffic_secret_0(), &server_traffic_secret_0) ||
616
+ !CopyExact(hs->client_handshake_secret(), &client_handshake_secret) ||
617
+ !CopyExact(hs->server_handshake_secret(), &server_handshake_secret) ||
618
+ !CopyExact(hs->secret(), &secret) ||
619
+ !CopyExact({s3->exporter_secret, hs->transcript.DigestLen()},
620
+ &exporter_secret)) {
536
621
  return false;
537
622
  }
538
- hs->ResizeSecrets(digest_len);
539
- memcpy(hs->client_traffic_secret_0().data(),
540
- CBS_data(&client_traffic_secret_0), digest_len);
541
- memcpy(hs->server_traffic_secret_0().data(),
542
- CBS_data(&server_traffic_secret_0), digest_len);
543
- memcpy(hs->client_handshake_secret().data(),
544
- CBS_data(&client_handshake_secret), digest_len);
545
- memcpy(hs->server_handshake_secret().data(),
546
- CBS_data(&server_handshake_secret), digest_len);
547
- memcpy(hs->secret().data(), CBS_data(&secret), digest_len);
548
-
549
- if (digest_len != CBS_len(&exporter_secret)) {
623
+ s3->exporter_secret_len = CBS_len(&exporter_secret);
624
+
625
+ if (s3->early_data_accepted &&
626
+ !CopyExact(hs->early_traffic_secret(), &early_traffic_secret)) {
550
627
  return false;
551
628
  }
552
- memcpy(s3->exporter_secret, CBS_data(&exporter_secret), digest_len);
553
- s3->exporter_secret_len = digest_len;
554
629
  }
555
630
  Array<uint8_t> key_block;
556
- if ((type == handback_after_session_resumption ||
557
- type == handback_after_handshake) &&
558
- (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session->cipher,
559
- write_iv) ||
560
- !CBS_copy_bytes(&write_seq, s3->write_sequence,
561
- sizeof(s3->write_sequence)))) {
562
- return false;
563
- }
564
- if (type == handback_after_handshake &&
565
- (!tls1_configure_aead(ssl, evp_aead_open, &key_block, session->cipher,
566
- read_iv) ||
567
- !CBS_copy_bytes(&read_seq, s3->read_sequence,
568
- sizeof(s3->read_sequence)))) {
569
- return false;
631
+ switch (type) {
632
+ case handback_after_session_resumption:
633
+ // The write keys are installed after server Finished, but the client
634
+ // keys must wait for ChangeCipherSpec.
635
+ if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session,
636
+ write_iv)) {
637
+ return false;
638
+ }
639
+ break;
640
+ case handback_after_ecdhe:
641
+ // The premaster secret is not yet computed, so install no keys.
642
+ break;
643
+ case handback_after_handshake:
644
+ // The handshake is complete, so both keys are installed.
645
+ if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session,
646
+ write_iv) ||
647
+ !tls1_configure_aead(ssl, evp_aead_open, &key_block, session,
648
+ read_iv)) {
649
+ return false;
650
+ }
651
+ break;
652
+ case handback_tls13:
653
+ // After server Finished, the application write keys are installed, but
654
+ // none of the read keys. The read keys are installed in the state machine
655
+ // immediately after processing handback.
656
+ if (!tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
657
+ hs->new_session.get(),
658
+ hs->server_traffic_secret_0())) {
659
+ return false;
660
+ }
661
+ break;
570
662
  }
571
- if (type == handback_tls13 &&
572
- (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
573
- hs->client_handshake_secret()) ||
574
- !tls13_set_traffic_key(ssl, ssl_encryption_application, evp_aead_seal,
575
- hs->server_traffic_secret_0()))) {
663
+ if (!CopyExact({s3->read_sequence, sizeof(s3->read_sequence)}, &read_seq) ||
664
+ !CopyExact({s3->write_sequence, sizeof(s3->write_sequence)},
665
+ &write_seq)) {
576
666
  return false;
577
667
  }
578
668
  if (type == handback_after_ecdhe &&
579
669
  (hs->key_shares[0] = SSLKeyShare::Create(&key_share)) == nullptr) {
580
670
  return false;
581
671
  }
582
-
583
- return CBS_len(&seq) == 0;
672
+ return true; // Trailing data allowed for extensibility.
584
673
  }
585
674
 
586
675
  BSSL_NAMESPACE_END
@@ -441,7 +441,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
441
441
  uint8_t finished[EVP_MAX_MD_SIZE];
442
442
  size_t finished_len;
443
443
  if (!hs->transcript.GetFinishedMAC(finished, &finished_len,
444
- SSL_get_session(ssl), !ssl->server) ||
444
+ ssl_handshake_session(hs), !ssl->server) ||
445
445
  !ssl_hash_message(hs, msg)) {
446
446
  return ssl_hs_error;
447
447
  }
@@ -471,13 +471,20 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
471
471
  ssl->s3->previous_server_finished_len = finished_len;
472
472
  }
473
473
 
474
+ // The Finished message should be the end of a flight.
475
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
476
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
477
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
478
+ return ssl_hs_error;
479
+ }
480
+
474
481
  ssl->method->next_message(ssl);
475
482
  return ssl_hs_ok;
476
483
  }
477
484
 
478
485
  bool ssl_send_finished(SSL_HANDSHAKE *hs) {
479
486
  SSL *const ssl = hs->ssl;
480
- const SSL_SESSION *session = SSL_get_session(ssl);
487
+ const SSL_SESSION *session = ssl_handshake_session(hs);
481
488
 
482
489
  uint8_t finished[EVP_MAX_MD_SIZE];
483
490
  size_t finished_len;
@@ -534,6 +541,13 @@ bool ssl_output_cert_chain(SSL_HANDSHAKE *hs) {
534
541
  return true;
535
542
  }
536
543
 
544
+ const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs) {
545
+ if (hs->new_session) {
546
+ return hs->new_session.get();
547
+ }
548
+ return hs->ssl->session.get();
549
+ }
550
+
537
551
  int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
538
552
  SSL *const ssl = hs->ssl;
539
553
  for (;;) {
@@ -621,10 +635,15 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
621
635
  hs->wait = ssl_hs_ok;
622
636
  return -1;
623
637
 
624
- case ssl_hs_handback:
638
+ case ssl_hs_handback: {
639
+ int ret = ssl->method->flush_flight(ssl);
640
+ if (ret <= 0) {
641
+ return ret;
642
+ }
625
643
  ssl->s3->rwstate = SSL_ERROR_HANDBACK;
626
644
  hs->wait = ssl_hs_handback;
627
645
  return -1;
646
+ }
628
647
 
629
648
  case ssl_hs_x509_lookup:
630
649
  ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
@@ -658,9 +677,8 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
658
677
 
659
678
  case ssl_hs_early_data_rejected:
660
679
  assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
680
+ assert(!hs->can_early_write);
661
681
  ssl->s3->rwstate = SSL_ERROR_EARLY_DATA_REJECTED;
662
- // Cause |SSL_write| to start failing immediately.
663
- hs->can_early_write = false;
664
682
  return -1;
665
683
 
666
684
  case ssl_hs_early_return: