grpc 1.28.0.pre2 → 1.31.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (660) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +8313 -11862
  3. data/include/grpc/grpc.h +2 -2
  4. data/include/grpc/grpc_security.h +30 -9
  5. data/include/grpc/grpc_security_constants.h +4 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +23 -23
  7. data/include/grpc/impl/codegen/port_platform.h +6 -34
  8. data/include/grpc/module.modulemap +24 -39
  9. data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
  10. data/src/core/ext/filters/client_channel/client_channel.cc +618 -482
  11. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
  12. data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
  13. data/src/core/ext/filters/client_channel/config_selector.h +93 -0
  14. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
  15. data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
  16. data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
  17. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
  18. data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
  19. data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
  20. data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
  21. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  22. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  23. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
  24. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
  25. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +311 -497
  26. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  27. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  30. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  31. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
  32. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
  33. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +117 -41
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
  38. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1142 -0
  39. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
  40. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  41. data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
  42. data/src/core/ext/filters/client_channel/resolver.cc +5 -8
  43. data/src/core/ext/filters/client_channel/resolver.h +12 -14
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
  45. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
  53. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
  54. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
  55. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
  56. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
  57. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +64 -12
  58. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
  59. data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
  60. data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
  61. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
  62. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
  63. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +73 -217
  64. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +45 -27
  65. data/src/core/ext/filters/client_channel/server_address.cc +6 -9
  66. data/src/core/ext/filters/client_channel/server_address.h +6 -12
  67. data/src/core/ext/filters/client_channel/service_config.cc +104 -144
  68. data/src/core/ext/filters/client_channel/service_config.h +28 -98
  69. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  70. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
  71. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  72. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  73. data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
  74. data/src/core/ext/filters/client_channel/subchannel.h +35 -11
  75. data/src/core/ext/filters/client_channel/xds/xds_api.cc +1200 -246
  76. data/src/core/ext/filters/client_channel/xds/xds_api.h +130 -44
  77. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +90 -29
  78. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +9 -4
  79. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
  80. data/src/core/ext/filters/client_channel/xds/xds_client.cc +839 -431
  81. data/src/core/ext/filters/client_channel/xds/xds_client.h +84 -33
  82. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
  83. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
  84. data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
  85. data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
  86. data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
  87. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  88. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
  89. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
  90. data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
  91. data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
  92. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
  93. data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
  94. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
  95. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
  96. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
  97. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  98. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
  99. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
  100. data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
  101. data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
  102. data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
  103. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
  104. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  105. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
  106. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  107. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
  108. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  109. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
  110. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  111. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
  112. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  113. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
  114. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  115. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
  116. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  117. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
  118. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  119. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  120. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  121. data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
  122. data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
  123. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  124. data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
  125. data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
  126. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
  127. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
  128. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
  129. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
  130. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  131. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
  132. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  133. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
  134. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  135. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
  136. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
  137. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
  138. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
  139. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
  140. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
  141. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
  142. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
  143. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
  144. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
  145. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
  146. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
  147. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
  148. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  149. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
  150. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
  151. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
  152. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
  153. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
  154. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  155. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
  156. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
  157. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
  158. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
  159. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
  160. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
  161. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
  162. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
  163. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
  164. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  165. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
  166. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
  167. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
  168. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
  169. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
  170. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
  171. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
  172. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
  173. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
  174. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
  175. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
  176. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
  177. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
  178. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
  179. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
  180. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
  181. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
  182. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
  183. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
  184. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
  185. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
  186. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
  187. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
  188. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
  189. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
  190. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
  191. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
  192. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
  193. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
  194. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
  195. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
  196. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
  197. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
  198. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
  199. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
  200. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
  201. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
  202. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
  203. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
  204. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
  205. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
  206. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  207. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  208. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
  209. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
  210. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
  211. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
  212. data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
  213. data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
  214. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
  215. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
  216. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
  217. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
  218. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
  219. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
  220. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
  221. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
  222. data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
  223. data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
  224. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
  225. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
  226. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
  227. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
  228. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
  229. data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
  230. data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
  231. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
  232. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
  233. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
  234. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
  235. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
  236. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
  237. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
  238. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
  239. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
  240. data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
  241. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
  242. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
  243. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
  244. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
  245. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
  246. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
  247. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
  248. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
  249. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
  250. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  251. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
  252. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
  253. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
  254. data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
  255. data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
  256. data/src/core/lib/channel/channel_args.cc +15 -14
  257. data/src/core/lib/channel/channel_args.h +3 -1
  258. data/src/core/lib/channel/channel_stack.h +20 -13
  259. data/src/core/lib/channel/channel_trace.cc +2 -6
  260. data/src/core/lib/channel/channelz.cc +10 -21
  261. data/src/core/lib/channel/channelz.h +3 -2
  262. data/src/core/lib/channel/channelz_registry.cc +5 -3
  263. data/src/core/lib/channel/connected_channel.cc +7 -5
  264. data/src/core/lib/channel/context.h +1 -1
  265. data/src/core/lib/channel/handshaker.cc +11 -13
  266. data/src/core/lib/channel/handshaker.h +4 -2
  267. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  268. data/src/core/lib/channel/status_util.cc +2 -3
  269. data/src/core/lib/compression/message_compress.cc +5 -1
  270. data/src/core/lib/debug/stats.cc +21 -27
  271. data/src/core/lib/debug/stats.h +3 -1
  272. data/src/core/lib/gpr/log_linux.cc +6 -8
  273. data/src/core/lib/gpr/log_posix.cc +6 -8
  274. data/src/core/lib/gpr/spinlock.h +2 -3
  275. data/src/core/lib/gpr/string.cc +10 -33
  276. data/src/core/lib/gpr/string.h +4 -18
  277. data/src/core/lib/gpr/sync_abseil.cc +2 -0
  278. data/src/core/lib/gpr/time.cc +4 -0
  279. data/src/core/lib/gpr/time_posix.cc +1 -1
  280. data/src/core/lib/gprpp/atomic.h +6 -6
  281. data/src/core/lib/gprpp/fork.cc +1 -1
  282. data/src/core/lib/gprpp/global_config_env.cc +8 -6
  283. data/src/core/lib/gprpp/host_port.cc +29 -35
  284. data/src/core/lib/gprpp/host_port.h +14 -17
  285. data/src/core/lib/gprpp/map.h +5 -11
  286. data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
  287. data/src/core/lib/gprpp/sync.h +9 -0
  288. data/src/core/lib/http/format_request.cc +46 -65
  289. data/src/core/lib/http/httpcli.cc +15 -13
  290. data/src/core/lib/http/httpcli.h +2 -3
  291. data/src/core/lib/http/httpcli_security_connector.cc +10 -10
  292. data/src/core/lib/http/parser.h +2 -3
  293. data/src/core/lib/iomgr/buffer_list.h +22 -21
  294. data/src/core/lib/iomgr/call_combiner.h +3 -2
  295. data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
  296. data/src/core/lib/iomgr/closure.h +2 -3
  297. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  298. data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
  299. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  300. data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
  301. data/src/core/lib/iomgr/error.cc +6 -9
  302. data/src/core/lib/iomgr/error.h +0 -1
  303. data/src/core/lib/iomgr/error_cfstream.cc +9 -8
  304. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  305. data/src/core/lib/iomgr/ev_apple.h +43 -0
  306. data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
  307. data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
  308. data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
  309. data/src/core/lib/iomgr/ev_posix.cc +4 -3
  310. data/src/core/lib/iomgr/exec_ctx.h +14 -2
  311. data/src/core/lib/iomgr/iomgr.cc +10 -0
  312. data/src/core/lib/iomgr/iomgr.h +10 -0
  313. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
  314. data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
  315. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  316. data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
  317. data/src/core/lib/iomgr/port.h +2 -21
  318. data/src/core/lib/iomgr/python_util.h +46 -0
  319. data/src/core/lib/iomgr/resolve_address.h +4 -6
  320. data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
  321. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  322. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
  323. data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
  324. data/src/core/lib/iomgr/resource_quota.cc +38 -37
  325. data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
  326. data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
  327. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  328. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  329. data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
  330. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  331. data/src/core/lib/iomgr/socket_windows.cc +4 -5
  332. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
  333. data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
  334. data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
  335. data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
  336. data/src/core/lib/iomgr/tcp_custom.cc +3 -4
  337. data/src/core/lib/iomgr/tcp_custom.h +1 -1
  338. data/src/core/lib/iomgr/tcp_server.cc +3 -4
  339. data/src/core/lib/iomgr/tcp_server.h +7 -5
  340. data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
  341. data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
  342. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
  343. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
  344. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
  345. data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
  346. data/src/core/lib/iomgr/tcp_uv.cc +3 -2
  347. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  348. data/src/core/lib/iomgr/timer_generic.cc +15 -15
  349. data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
  350. data/src/core/lib/iomgr/timer_heap.h +2 -3
  351. data/src/core/lib/iomgr/udp_server.cc +32 -36
  352. data/src/core/lib/iomgr/udp_server.h +5 -2
  353. data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
  354. data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
  355. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
  356. data/src/core/lib/json/json.h +3 -2
  357. data/src/core/lib/json/json_reader.cc +25 -26
  358. data/src/core/lib/json/json_writer.cc +13 -12
  359. data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
  360. data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
  361. data/src/core/lib/security/credentials/credentials.cc +0 -84
  362. data/src/core/lib/security/credentials/credentials.h +13 -62
  363. data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
  364. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
  365. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
  366. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  367. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  368. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  369. data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
  370. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
  371. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  372. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
  373. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
  374. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
  375. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
  376. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
  377. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  378. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
  379. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
  380. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
  381. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
  382. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
  383. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
  384. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
  385. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  386. data/src/core/lib/security/security_connector/security_connector.cc +2 -0
  387. data/src/core/lib/security/security_connector/security_connector.h +2 -2
  388. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
  389. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
  390. data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
  391. data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
  392. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
  393. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
  394. data/src/core/lib/security/transport/auth_filters.h +0 -5
  395. data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
  396. data/src/core/lib/security/util/json_util.cc +12 -13
  397. data/src/core/lib/slice/slice.cc +38 -1
  398. data/src/core/lib/slice/slice_intern.cc +2 -3
  399. data/src/core/lib/slice/slice_internal.h +15 -0
  400. data/src/core/lib/slice/slice_utils.h +9 -0
  401. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  402. data/src/core/lib/surface/call.cc +42 -44
  403. data/src/core/lib/surface/call_log_batch.cc +50 -58
  404. data/src/core/lib/surface/channel.cc +53 -31
  405. data/src/core/lib/surface/channel.h +35 -4
  406. data/src/core/lib/surface/channel_ping.cc +2 -3
  407. data/src/core/lib/surface/completion_queue.cc +304 -47
  408. data/src/core/lib/surface/completion_queue.h +8 -0
  409. data/src/core/lib/surface/event_string.cc +18 -25
  410. data/src/core/lib/surface/event_string.h +3 -1
  411. data/src/core/lib/surface/init.cc +2 -0
  412. data/src/core/lib/surface/init_secure.cc +1 -4
  413. data/src/core/lib/surface/server.cc +971 -837
  414. data/src/core/lib/surface/server.h +66 -12
  415. data/src/core/lib/surface/version.cc +2 -2
  416. data/src/core/lib/transport/byte_stream.h +7 -2
  417. data/src/core/lib/transport/connectivity_state.cc +7 -6
  418. data/src/core/lib/transport/connectivity_state.h +5 -3
  419. data/src/core/lib/transport/metadata.cc +3 -3
  420. data/src/core/lib/transport/metadata_batch.h +2 -3
  421. data/src/core/lib/transport/static_metadata.h +1 -1
  422. data/src/core/lib/transport/status_conversion.cc +6 -14
  423. data/src/core/lib/transport/transport.cc +2 -3
  424. data/src/core/lib/transport/transport.h +9 -2
  425. data/src/core/lib/transport/transport_op_string.cc +61 -102
  426. data/src/core/lib/uri/uri_parser.cc +8 -15
  427. data/src/core/lib/uri/uri_parser.h +2 -3
  428. data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
  429. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  430. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
  431. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  432. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
  433. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
  434. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
  435. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  436. data/src/core/tsi/fake_transport_security.cc +10 -15
  437. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  438. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
  439. data/src/core/tsi/ssl_transport_security.cc +154 -50
  440. data/src/core/tsi/ssl_transport_security.h +22 -10
  441. data/src/core/tsi/ssl_types.h +0 -2
  442. data/src/core/tsi/transport_security.h +6 -9
  443. data/src/core/tsi/transport_security_grpc.h +2 -3
  444. data/src/core/tsi/transport_security_interface.h +8 -3
  445. data/src/ruby/ext/grpc/extconf.rb +5 -2
  446. data/src/ruby/ext/grpc/rb_call.c +12 -3
  447. data/src/ruby/ext/grpc/rb_call.h +4 -0
  448. data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
  449. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
  450. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
  451. data/src/ruby/lib/grpc/errors.rb +103 -42
  452. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  453. data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
  454. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  455. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  456. data/src/ruby/lib/grpc/structs.rb +1 -1
  457. data/src/ruby/lib/grpc/version.rb +1 -1
  458. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  459. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
  460. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
  461. data/src/ruby/spec/debug_message_spec.rb +134 -0
  462. data/src/ruby/spec/generic/service_spec.rb +2 -0
  463. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  464. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
  465. data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
  466. data/src/ruby/spec/support/services.rb +10 -4
  467. data/src/ruby/spec/testdata/ca.pem +18 -13
  468. data/src/ruby/spec/testdata/client.key +26 -14
  469. data/src/ruby/spec/testdata/client.pem +18 -12
  470. data/src/ruby/spec/testdata/server1.key +26 -14
  471. data/src/ruby/spec/testdata/server1.pem +20 -14
  472. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  473. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  474. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  475. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  476. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  477. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  478. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  479. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  480. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  481. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  482. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  483. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  484. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  485. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  486. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  487. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  488. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  489. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  490. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  491. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  492. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  493. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  494. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  495. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  496. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  497. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  498. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  499. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  500. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  501. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  502. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  503. data/third_party/boringssl-with-bazel/err_data.c +335 -297
  504. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  505. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
  506. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
  507. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
  508. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
  509. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
  510. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
  511. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
  512. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
  513. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
  514. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
  515. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
  516. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
  517. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
  518. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
  519. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  520. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
  521. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
  522. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
  523. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
  524. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
  525. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
  526. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
  527. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
  528. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
  529. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
  530. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
  531. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
  532. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
  533. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
  534. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
  535. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
  536. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
  537. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
  538. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
  539. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
  540. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
  541. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
  542. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
  543. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
  544. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
  545. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
  546. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
  547. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
  548. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
  549. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  550. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
  551. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
  552. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
  553. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
  554. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
  555. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
  556. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
  557. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  558. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  559. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  560. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
  561. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
  562. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
  563. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
  564. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
  565. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
  566. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
  567. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
  568. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
  569. data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
  570. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
  571. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
  572. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
  573. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
  574. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
  575. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
  576. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
  577. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
  578. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
  579. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
  580. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
  581. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
  582. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
  583. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
  584. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
  585. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
  586. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
  587. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
  588. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
  589. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
  590. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
  591. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
  592. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
  593. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
  594. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
  595. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
  596. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
  597. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
  598. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
  599. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
  600. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
  601. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  602. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
  603. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
  604. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
  605. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
  606. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
  607. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
  608. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
  609. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
  610. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
  611. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
  612. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
  613. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
  614. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
  615. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
  616. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
  617. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
  618. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
  619. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
  620. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
  621. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
  622. data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
  623. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
  624. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  625. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
  630. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
  631. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
  632. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
  633. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
  634. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
  635. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
  636. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
  637. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
  638. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
  639. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
  640. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
  641. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
  642. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
  643. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
  644. data/third_party/upb/upb/decode.c +467 -504
  645. data/third_party/upb/upb/encode.c +163 -121
  646. data/third_party/upb/upb/msg.c +130 -64
  647. data/third_party/upb/upb/msg.h +418 -14
  648. data/third_party/upb/upb/port_def.inc +35 -6
  649. data/third_party/upb/upb/port_undef.inc +8 -1
  650. data/third_party/upb/upb/table.c +53 -75
  651. data/third_party/upb/upb/table.int.h +11 -43
  652. data/third_party/upb/upb/upb.c +148 -124
  653. data/third_party/upb/upb/upb.h +65 -147
  654. data/third_party/upb/upb/upb.hpp +86 -0
  655. metadata +122 -41
  656. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1908
  657. data/src/core/lib/gprpp/string_view.h +0 -60
  658. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
  659. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
  660. data/third_party/upb/upb/generated_util.h +0 -105
data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc CHANGED
@@ -406,7 +406,8 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
406
406
  (ssl->session->session_id_length == 0 &&
407
407
  ssl->session->ticket.empty()) ||
408
408
  ssl->session->not_resumable ||
409
- !ssl_session_is_time_valid(ssl, ssl->session.get())) {
409
+ !ssl_session_is_time_valid(ssl, ssl->session.get()) ||
410
+ (ssl->quic_method != nullptr) != ssl->session->is_quic) {
410
411
  ssl_set_session(ssl, NULL);
411
412
  }
412
413
  }
@@ -415,17 +416,20 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
415
416
  return ssl_hs_error;
416
417
  }
417
418
 
418
- if (ssl->session != nullptr &&
419
- !ssl->s3->initial_handshake_complete &&
420
- ssl->session->session_id_length > 0) {
421
- hs->session_id_len = ssl->session->session_id_length;
422
- OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
423
- hs->session_id_len);
424
- } else if (hs->max_version >= TLS1_3_VERSION) {
425
- // Initialize a random session ID.
426
- hs->session_id_len = sizeof(hs->session_id);
427
- if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
428
- return ssl_hs_error;
419
+ // Never send a session ID in QUIC. QUIC uses TLS 1.3 at a minimum and
420
+ // disables TLS 1.3 middlebox compatibility mode.
421
+ if (ssl->quic_method == nullptr) {
422
+ if (ssl->session != nullptr && !ssl->s3->initial_handshake_complete &&
423
+ ssl->session->session_id_length > 0) {
424
+ hs->session_id_len = ssl->session->session_id_length;
425
+ OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
426
+ hs->session_id_len);
427
+ } else if (hs->max_version >= TLS1_3_VERSION) {
428
+ // Initialize a random session ID.
429
+ hs->session_id_len = sizeof(hs->session_id);
430
+ if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
431
+ return ssl_hs_error;
432
+ }
429
433
  }
430
434
  }
431
435
 
@@ -461,11 +465,6 @@ static enum ssl_hs_wait_t do_enter_early_data(SSL_HANDSHAKE *hs) {
461
465
  !tls13_derive_early_secret(hs)) {
462
466
  return ssl_hs_error;
463
467
  }
464
- if (ssl->quic_method == nullptr &&
465
- !tls13_set_traffic_key(ssl, ssl_encryption_early_data, evp_aead_seal,
466
- hs->early_traffic_secret())) {
467
- return ssl_hs_error;
468
- }
469
468
 
470
469
  // Stash the early data session, so connection properties may be queried out
471
470
  // of it.
@@ -496,7 +495,9 @@ static enum ssl_hs_wait_t do_early_reverify_server_certificate(SSL_HANDSHAKE *hs
496
495
 
497
496
  // Defer releasing the 0-RTT key to after certificate reverification, so the
498
497
  // QUIC implementation does not accidentally write data too early.
499
- if (!tls13_set_early_secret_for_quic(hs)) {
498
+ if (!tls13_set_traffic_key(hs->ssl, ssl_encryption_early_data, evp_aead_seal,
499
+ hs->early_session.get(),
500
+ hs->early_traffic_secret())) {
500
501
  return ssl_hs_error;
501
502
  }
502
503
 
@@ -1050,7 +1051,7 @@ static enum ssl_hs_wait_t do_read_server_key_exchange(SSL_HANDSHAKE *hs) {
1050
1051
  return ssl_hs_error;
1051
1052
  }
1052
1053
  uint8_t alert = SSL_AD_DECODE_ERROR;
1053
- if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1054
+ if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
1054
1055
  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1055
1056
  return ssl_hs_error;
1056
1057
  }
@@ -1201,6 +1202,13 @@ static enum ssl_hs_wait_t do_read_server_hello_done(SSL_HANDSHAKE *hs) {
1201
1202
  return ssl_hs_error;
1202
1203
  }
1203
1204
 
1205
+ // ServerHelloDone should be the end of the flight.
1206
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
1207
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1208
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
1209
+ return ssl_hs_error;
1210
+ }
1211
+
1204
1212
  ssl->method->next_message(ssl);
1205
1213
  hs->state = state_send_client_certificate;
1206
1214
  return ssl_hs_ok;
@@ -1260,10 +1268,10 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1260
1268
  uint32_t alg_k = hs->new_cipher->algorithm_mkey;
1261
1269
  uint32_t alg_a = hs->new_cipher->algorithm_auth;
1262
1270
  if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1263
- CRYPTO_BUFFER *leaf =
1271
+ const CRYPTO_BUFFER *leaf =
1264
1272
  sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0);
1265
1273
  CBS leaf_cbs;
1266
- CBS_init(&leaf_cbs, CRYPTO_BUFFER_data(leaf), CRYPTO_BUFFER_len(leaf));
1274
+ CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs);
1267
1275
 
1268
1276
  // Check the key usage matches the cipher suite. We do this unconditionally
1269
1277
  // for non-RSA certificates. In particular, it's needed to distinguish ECDH
@@ -1273,7 +1281,7 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
1273
1281
  ssl_key_usage_t intended_use = (alg_k & SSL_kRSA)
1274
1282
  ? key_usage_encipherment
1275
1283
  : key_usage_digital_signature;
1276
- if (ssl->config->enforce_rsa_key_usage ||
1284
+ if (hs->config->enforce_rsa_key_usage ||
1277
1285
  EVP_PKEY_id(hs->peer_pubkey.get()) != EVP_PKEY_RSA) {
1278
1286
  if (!ssl_cert_check_key_usage(&leaf_cbs, intended_use)) {
1279
1287
  return ssl_hs_error;
data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc CHANGED
@@ -325,7 +325,7 @@ static void ssl_get_compatible_server_ciphers(SSL_HANDSHAKE *hs,
325
325
  *out_mask_a = mask_a;
326
326
  }
327
327
 
328
- static const SSL_CIPHER *ssl3_choose_cipher(
328
+ static const SSL_CIPHER *choose_cipher(
329
329
  SSL_HANDSHAKE *hs, const SSL_CLIENT_HELLO *client_hello,
330
330
  const SSLCipherPreferenceList *server_pref) {
331
331
  SSL *const ssl = hs->ssl;
@@ -569,6 +569,14 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
569
569
  return ssl_hs_error;
570
570
  }
571
571
 
572
+ // ClientHello should be the end of the flight. We check this early to cover
573
+ // all protocol versions.
574
+ if (ssl->method->has_unprocessed_handshake_data(ssl)) {
575
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
576
+ OPENSSL_PUT_ERROR(SSL, SSL_R_EXCESS_HANDSHAKE_DATA);
577
+ return ssl_hs_error;
578
+ }
579
+
572
580
  if (hs->config->handoff) {
573
581
  return ssl_hs_handoff;
574
582
  }
@@ -699,7 +707,7 @@ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
699
707
  SSLCipherPreferenceList *prefs = hs->config->cipher_list
700
708
  ? hs->config->cipher_list.get()
701
709
  : ssl->ctx->cipher_list.get();
702
- hs->new_cipher = ssl3_choose_cipher(hs, &client_hello, prefs);
710
+ hs->new_cipher = choose_cipher(hs, &client_hello, prefs);
703
711
  if (hs->new_cipher == NULL) {
704
712
  OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_CIPHER);
705
713
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
@@ -1094,7 +1102,7 @@ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) {
1094
1102
  !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
1095
1103
  (ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
1096
1104
  (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
1097
- !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
1105
+ !tls12_add_verify_sigalgs(hs, &sigalgs_cbb))) ||
1098
1106
  !ssl_add_client_CA_list(hs, &body) ||
1099
1107
  !ssl_add_message_cbb(ssl, cbb.get())) {
1100
1108
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -1428,6 +1436,15 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
1428
1436
  return ssl_hs_error;
1429
1437
  }
1430
1438
 
1439
+ // The peer certificate must be valid for signing.
1440
+ const CRYPTO_BUFFER *leaf =
1441
+ sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0);
1442
+ CBS leaf_cbs;
1443
+ CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs);
1444
+ if (!ssl_cert_check_key_usage(&leaf_cbs, key_usage_digital_signature)) {
1445
+ return ssl_hs_error;
1446
+ }
1447
+
1431
1448
  CBS certificate_verify = msg.body, signature;
1432
1449
 
1433
1450
  // Determine the signature algorithm.
@@ -1439,7 +1456,7 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
1439
1456
  return ssl_hs_error;
1440
1457
  }
1441
1458
  uint8_t alert = SSL_AD_DECODE_ERROR;
1442
- if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
1459
+ if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
1443
1460
  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
1444
1461
  return ssl_hs_error;
1445
1462
  }
data/third_party/boringssl-with-bazel/src/ssl/internal.h CHANGED
@@ -1356,23 +1356,17 @@ bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs, Span psk);
1356
1356
  bool tls13_advance_key_schedule(SSL_HANDSHAKE *hs, Span<const uint8_t> in);
1357
1357
 
1358
1358
  // tls13_set_traffic_key sets the read or write traffic keys to
1359
- // |traffic_secret|. It returns true on success and false on error.
1359
+ // |traffic_secret|. The version and cipher suite are determined from |session|.
1360
+ // It returns true on success and false on error.
1360
1361
  bool tls13_set_traffic_key(SSL *ssl, enum ssl_encryption_level_t level,
1361
1362
  enum evp_aead_direction_t direction,
1363
+ const SSL_SESSION *session,
1362
1364
  Span<const uint8_t> traffic_secret);
1363
1365
 
1364
1366
  // tls13_derive_early_secret derives the early traffic secret. It returns true
1365
- // on success and false on error. Unlike with other traffic secrets, this
1366
- // function does not pass the keys to QUIC. Call
1367
- // |tls13_set_early_secret_for_quic| to do so. This is done to due to an
1368
- // ordering complication around resolving HelloRetryRequest on the server.
1367
+ // on success and false on error.
1369
1368
  bool tls13_derive_early_secret(SSL_HANDSHAKE *hs);
1370
1369
 
1371
- // tls13_set_early_secret_for_quic passes the early traffic secrets, as
1372
- // derived by |tls13_derive_early_secret|, to QUIC. It returns true on success
1373
- // and false on error.
1374
- bool tls13_set_early_secret_for_quic(SSL_HANDSHAKE *hs);
1375
-
1376
1370
  // tls13_derive_handshake_secrets derives the handshake traffic secret. It
1377
1371
  // returns true on success and false on error.
1378
1372
  bool tls13_derive_handshake_secrets(SSL_HANDSHAKE *hs);
@@ -1485,6 +1479,7 @@ enum tls13_server_hs_state_t {
1485
1479
  state13_send_server_hello,
1486
1480
  state13_send_server_certificate_verify,
1487
1481
  state13_send_server_finished,
1482
+ state13_send_half_rtt_ticket,
1488
1483
  state13_read_second_client_flight,
1489
1484
  state13_process_end_of_early_data,
1490
1485
  state13_read_client_certificate,
@@ -1498,10 +1493,11 @@ enum tls13_server_hs_state_t {
1498
1493
  // handback_t lists the points in the state machine where a handback can occur.
1499
1494
  // These are the different points at which key material is no longer needed.
1500
1495
  enum handback_t {
1501
- handback_after_session_resumption,
1502
- handback_after_ecdhe,
1503
- handback_after_handshake,
1504
- handback_tls13,
1496
+ handback_after_session_resumption = 0,
1497
+ handback_after_ecdhe = 1,
1498
+ handback_after_handshake = 2,
1499
+ handback_tls13 = 3,
1500
+ handback_max_value = handback_tls13,
1505
1501
  };
1506
1502
 
1507
1503
 
@@ -1867,6 +1863,8 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs);
1867
1863
 
1868
1864
  bool tls13_add_finished(SSL_HANDSHAKE *hs);
1869
1865
  bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg);
1866
+ bssl::UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl,
1867
+ CBS *body);
1870
1868
 
1871
1869
  bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
1872
1870
  Array<uint8_t> *out_secret,
@@ -1942,6 +1940,11 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
1942
1940
  bool ssl_send_finished(SSL_HANDSHAKE *hs);
1943
1941
  bool ssl_output_cert_chain(SSL_HANDSHAKE *hs);
1944
1942
 
1943
+ // ssl_handshake_session returns the |SSL_SESSION| corresponding to the current
1944
+ // handshake. Note, in TLS 1.2 resumptions, this session is immutable.
1945
+ const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs);
1946
+
1947
+
1945
1948
  // SSLKEYLOGFILE functions.
1946
1949
 
1947
1950
  // ssl_log_secret logs |secret| with label |label|, if logging is enabled for
@@ -1999,12 +2002,12 @@ Span tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs);
1999
2002
 
2000
2003
  // tls12_add_verify_sigalgs adds the signature algorithms acceptable for the
2001
2004
  // peer signature to |out|. It returns true on success and false on error.
2002
- bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out);
2005
+ bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out);
2003
2006
 
2004
2007
  // tls12_check_peer_sigalg checks if |sigalg| is acceptable for the peer
2005
2008
  // signature. It returns true on success and false on error, setting
2006
2009
  // |*out_alert| to an alert to send.
2007
- bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
2010
+ bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
2008
2011
  uint16_t sigalg);
2009
2012
 
2010
2013
 
@@ -2108,6 +2111,9 @@ struct SSL_PROTOCOL_METHOD {
2108
2111
  bool (*get_message)(const SSL *ssl, SSLMessage *out);
2109
2112
  // next_message is called to release the current handshake message.
2110
2113
  void (*next_message)(SSL *ssl);
2114
+ // has_unprocessed_handshake_data returns whether there is buffered
2115
+ // handshake data that has not been consumed by |get_message|.
2116
+ bool (*has_unprocessed_handshake_data)(const SSL *ssl);
2111
2117
  // Use the |ssl_open_handshake| wrapper.
2112
2118
  ssl_open_record_t (*open_handshake)(SSL *ssl, size_t *out_consumed,
2113
2119
  uint8_t *out_alert, Span<uint8_t> in);
@@ -2140,14 +2146,20 @@ struct SSL_PROTOCOL_METHOD {
2140
2146
  int (*flush_flight)(SSL *ssl);
2141
2147
  // on_handshake_complete is called when the handshake is complete.
2142
2148
  void (*on_handshake_complete)(SSL *ssl);
2143
- // set_read_state sets |ssl|'s read cipher state to |aead_ctx|. It returns
2144
- // true on success and false if changing the read state is forbidden at this
2145
- // point.
2146
- bool (*set_read_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
2147
- // set_write_state sets |ssl|'s write cipher state to |aead_ctx|. It returns
2148
- // true on success and false if changing the write state is forbidden at this
2149
- // point.
2150
- bool (*set_write_state)(SSL *ssl, UniquePtr<SSLAEADContext> aead_ctx);
2149
+ // set_read_state sets |ssl|'s read cipher state and level to |aead_ctx| and
2150
+ // |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
2151
+ // is the original secret. This function returns true on success and false on
2152
+ // error.
2153
+ bool (*set_read_state)(SSL *ssl, ssl_encryption_level_t level,
2154
+ UniquePtr<SSLAEADContext> aead_ctx,
2155
+ Span<const uint8_t> secret_for_quic);
2156
+ // set_write_state sets |ssl|'s write cipher state and level to |aead_ctx| and
2157
+ // |level|. In QUIC, |aead_ctx| is a placeholder object and |secret_for_quic|
2158
+ // is the original secret. This function returns true on success and false on
2159
+ // error.
2160
+ bool (*set_write_state)(SSL *ssl, ssl_encryption_level_t level,
2161
+ UniquePtr<SSLAEADContext> aead_ctx,
2162
+ Span<const uint8_t> secret_for_quic);
2151
2163
  };
2152
2164
 
2153
2165
  // The following wrappers call |open_*| but handle |read_shutdown| correctly.
@@ -2680,6 +2692,9 @@ struct SSL_CONFIG {
2680
2692
  // Contains the QUIC transport params that this endpoint will send.
2681
2693
  Array<uint8_t> quic_transport_params;
2682
2694
 
2695
+ // Contains the context used to decide whether to accept early data in QUIC.
2696
+ Array<uint8_t> quic_early_data_context;
2697
+
2683
2698
  // verify_sigalgs, if not empty, is the set of signature algorithms
2684
2699
  // accepted from the peer in decreasing order of preference.
2685
2700
  Array<uint16_t> verify_sigalgs;
@@ -2835,29 +2850,29 @@ void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
2835
2850
 
2836
2851
  void ssl_send_alert(SSL *ssl, int level, int desc);
2837
2852
  int ssl_send_alert_impl(SSL *ssl, int level, int desc);
2838
- bool ssl3_get_message(const SSL *ssl, SSLMessage *out);
2839
- ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
2840
- uint8_t *out_alert, Span<uint8_t> in);
2841
- void ssl3_next_message(SSL *ssl);
2853
+ bool tls_get_message(const SSL *ssl, SSLMessage *out);
2854
+ ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
2855
+ uint8_t *out_alert, Span<uint8_t> in);
2856
+ void tls_next_message(SSL *ssl);
2842
2857
 
2843
- int ssl3_dispatch_alert(SSL *ssl);
2844
- ssl_open_record_t ssl3_open_app_data(SSL *ssl, Span<uint8_t> *out,
2845
- size_t *out_consumed, uint8_t *out_alert,
2846
- Span<uint8_t> in);
2847
- ssl_open_record_t ssl3_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
2848
- uint8_t *out_alert,
2849
- Span<uint8_t> in);
2850
- int ssl3_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
2851
- int len);
2858
+ int tls_dispatch_alert(SSL *ssl);
2859
+ ssl_open_record_t tls_open_app_data(SSL *ssl, Span<uint8_t> *out,
2860
+ size_t *out_consumed, uint8_t *out_alert,
2861
+ Span<uint8_t> in);
2862
+ ssl_open_record_t tls_open_change_cipher_spec(SSL *ssl, size_t *out_consumed,
2863
+ uint8_t *out_alert,
2864
+ Span<uint8_t> in);
2865
+ int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
2866
+ int len);
2852
2867
 
2853
- bool ssl3_new(SSL *ssl);
2854
- void ssl3_free(SSL *ssl);
2868
+ bool tls_new(SSL *ssl);
2869
+ void tls_free(SSL *ssl);
2855
2870
 
2856
- bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2857
- bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
2858
- bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg);
2859
- bool ssl3_add_change_cipher_spec(SSL *ssl);
2860
- int ssl3_flush_flight(SSL *ssl);
2871
+ bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2872
+ bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
2873
+ bool tls_add_message(SSL *ssl, Array<uint8_t> msg);
2874
+ bool tls_add_change_cipher_spec(SSL *ssl);
2875
+ int tls_flush_flight(SSL *ssl);
2861
2876
 
2862
2877
  bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
2863
2878
  bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
@@ -2911,13 +2926,14 @@ int dtls1_dispatch_alert(SSL *ssl);
2911
2926
  // determined by |direction|) using the keys generated by the TLS KDF. The
2912
2927
  // |key_block_cache| argument is used to store the generated key block, if
2913
2928
  // empty. Otherwise it's assumed that the key block is already contained within
2914
- // it. Returns one on success or zero on error.
2915
- int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
2916
- Array<uint8_t> *key_block_cache,
2917
- const SSL_CIPHER *cipher,
2918
- Span<const uint8_t> iv_override);
2919
-
2920
- int tls1_change_cipher_state(SSL_HANDSHAKE *hs, evp_aead_direction_t direction);
2929
+ // it. It returns true on success or false on error.
2930
+ bool tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
2931
+ Array<uint8_t> *key_block_cache,
2932
+ const SSL_SESSION *session,
2933
+ Span<const uint8_t> iv_override);
2934
+
2935
+ bool tls1_change_cipher_state(SSL_HANDSHAKE *hs,
2936
+ evp_aead_direction_t direction);
2921
2937
  int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out,
2922
2938
  Span<const uint8_t> premaster);
2923
2939
 
@@ -3307,9 +3323,6 @@ struct ssl_ctx_st {
3307
3323
  // protocols from the peer.
3308
3324
  bool allow_unknown_alpn_protos : 1;
3309
3325
 
3310
- // ed25519_enabled is whether Ed25519 is advertised in the handshake.
3311
- bool ed25519_enabled : 1;
3312
-
3313
3326
  // false_start_allowed_without_alpn is whether False Start (if
3314
3327
  // |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN.
3315
3328
  bool false_start_allowed_without_alpn : 1;
@@ -3546,6 +3559,13 @@ struct ssl_session_st {
3546
3559
  // is_server is whether this session was created by a server.
3547
3560
  bool is_server : 1;
3548
3561
 
3562
+ // is_quic indicates whether this session was created using QUIC.
3563
+ bool is_quic : 1;
3564
+
3565
+ // quic_early_data_context is used to determine whether early data must be
3566
+ // rejected when performing a QUIC handshake.
3567
+ bssl::Array<uint8_t> quic_early_data_context;
3568
+
3549
3569
  private:
3550
3570
  ~ssl_session_st();
3551
3571
  friend void SSL_SESSION_free(SSL_SESSION *);
data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc CHANGED
@@ -168,7 +168,7 @@ static bool add_record_to_flight(SSL *ssl, uint8_t type,
168
168
  return true;
169
169
  }
170
170
 
171
- bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
171
+ bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
172
172
  // Pick a modest size hint to save most of the |realloc| calls.
173
173
  if (!CBB_init(cbb, 64) ||
174
174
  !CBB_add_u8(cbb, type) ||
@@ -181,11 +181,11 @@ bool ssl3_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
181
181
  return true;
182
182
  }
183
183
 
184
- bool ssl3_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
184
+ bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg) {
185
185
  return CBBFinishArray(cbb, out_msg);
186
186
  }
187
187
 
188
- bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg) {
188
+ bool tls_add_message(SSL *ssl, Array<uint8_t> msg) {
189
189
  // Pack handshake data into the minimal number of records. This avoids
190
190
  // unnecessary encryption overhead, notably in TLS 1.3 where we send several
191
191
  // encrypted messages in a row. For now, we do not do this for the null
@@ -262,7 +262,7 @@ bool tls_flush_pending_hs_data(SSL *ssl) {
262
262
  return add_record_to_flight(ssl, SSL3_RT_HANDSHAKE, data);
263
263
  }
264
264
 
265
- bool ssl3_add_change_cipher_spec(SSL *ssl) {
265
+ bool tls_add_change_cipher_spec(SSL *ssl) {
266
266
  static const uint8_t kChangeCipherSpec[1] = {SSL3_MT_CCS};
267
267
 
268
268
  if (!tls_flush_pending_hs_data(ssl)) {
@@ -280,7 +280,7 @@ bool ssl3_add_change_cipher_spec(SSL *ssl) {
280
280
  return true;
281
281
  }
282
282
 
283
- int ssl3_flush_flight(SSL *ssl) {
283
+ int tls_flush_flight(SSL *ssl) {
284
284
  if (!tls_flush_pending_hs_data(ssl)) {
285
285
  return -1;
286
286
  }
@@ -496,7 +496,7 @@ static bool parse_message(const SSL *ssl, SSLMessage *out,
496
496
  return true;
497
497
  }
498
498
 
499
- bool ssl3_get_message(const SSL *ssl, SSLMessage *out) {
499
+ bool tls_get_message(const SSL *ssl, SSLMessage *out) {
500
500
  size_t unused;
501
501
  if (!parse_message(ssl, out, &unused)) {
502
502
  return false;
@@ -552,8 +552,8 @@ bool tls_append_handshake_data(SSL *ssl, Span data) {
552
552
  BUF_MEM_append(ssl->s3->hs_buf.get(), data.data(), data.size());
553
553
  }
554
554
 
555
- ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
556
- uint8_t *out_alert, Span<uint8_t> in) {
555
+ ssl_open_record_t tls_open_handshake(SSL *ssl, size_t *out_consumed,
556
+ uint8_t *out_alert, Span<uint8_t> in) {
557
557
  *out_consumed = 0;
558
558
  // Bypass the record layer for the first message to handle V2ClientHello.
559
559
  if (ssl->server && !ssl->s3->v2_hello_done) {
@@ -631,9 +631,9 @@ ssl_open_record_t ssl3_open_handshake(SSL *ssl, size_t *out_consumed,
631
631
  return ssl_open_record_success;
632
632
  }
633
633
 
634
- void ssl3_next_message(SSL *ssl) {
634
+ void tls_next_message(SSL *ssl) {
635
635
  SSLMessage msg;
636
- if (!ssl3_get_message(ssl, &msg) ||
636
+ if (!tls_get_message(ssl, &msg) ||
637
637
  !ssl->s3->hs_buf ||
638
638
  ssl->s3->hs_buf->length < CBS_len(&msg.raw)) {
639
639
  assert(0);