grpc 1.28.0 → 1.31.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +8314 -11869
- data/include/grpc/grpc.h +2 -2
- data/include/grpc/grpc_security.h +30 -9
- data/include/grpc/grpc_security_constants.h +4 -0
- data/include/grpc/impl/codegen/grpc_types.h +23 -23
- data/include/grpc/impl/codegen/port_platform.h +6 -34
- data/include/grpc/module.modulemap +24 -39
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -12
- data/src/core/ext/filters/client_channel/client_channel.cc +591 -479
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +3 -2
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +9 -22
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +23 -14
- data/src/core/ext/filters/client_channel/lb_policy.cc +19 -18
- data/src/core/ext/filters/client_channel/lb_policy.h +44 -33
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +279 -324
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -17
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +733 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +84 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1143 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +10 -7
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
- data/src/core/ext/filters/client_channel/parse_address.cc +22 -21
- data/src/core/ext/filters/client_channel/resolver.cc +5 -8
- data/src/core/ext/filters/client_channel/resolver.h +12 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +78 -61
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +8 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +12 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +79 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +199 -163
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +7 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +46 -45
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +93 -102
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +38 -8
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_registry.cc +19 -17
- data/src/core/ext/filters/client_channel/resolver_registry.h +8 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +21 -22
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +19 -16
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +49 -55
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +43 -23
- data/src/core/ext/filters/client_channel/server_address.cc +6 -9
- data/src/core/ext/filters/client_channel/server_address.h +6 -12
- data/src/core/ext/filters/client_channel/service_config.cc +104 -144
- data/src/core/ext/filters/client_channel/service_config.h +28 -98
- data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
- data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +55 -25
- data/src/core/ext/filters/client_channel/subchannel.h +35 -11
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +565 -234
- data/src/core/ext/filters/client_channel/xds/xds_api.h +102 -37
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +55 -71
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +4 -3
- data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +4 -2
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +619 -347
- data/src/core/ext/filters/client_channel/xds/xds_client.h +57 -22
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +11 -12
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +40 -28
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -33
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +61 -88
- data/src/core/ext/filters/message_size/message_size_filter.h +10 -4
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +386 -350
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +42 -26
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +1 -0
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +25 -30
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +29 -16
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
- data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +27 -21
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +24 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +54 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +4 -229
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +5 -876
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +429 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +352 -310
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +48 -27
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +258 -214
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +24 -20
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +157 -122
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +38 -18
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +173 -73
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +9 -6
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +53 -38
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +15 -10
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +95 -63
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +68 -46
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +770 -722
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +2 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +48 -28
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +305 -210
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +22 -16
- data/src/core/ext/upb-generated/envoy/type/http.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +16 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +48 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +12 -11
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +421 -389
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +21 -20
- data/src/core/ext/upb-generated/validate/validate.upb.h +569 -562
- data/src/core/lib/channel/channel_args.cc +15 -14
- data/src/core/lib/channel/channel_args.h +3 -1
- data/src/core/lib/channel/channel_stack.h +20 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +10 -21
- data/src/core/lib/channel/channelz.h +3 -2
- data/src/core/lib/channel/channelz_registry.cc +5 -3
- data/src/core/lib/channel/connected_channel.cc +7 -5
- data/src/core/lib/channel/context.h +1 -1
- data/src/core/lib/channel/handshaker.cc +11 -13
- data/src/core/lib/channel/handshaker.h +4 -2
- data/src/core/lib/channel/handshaker_registry.cc +5 -17
- data/src/core/lib/channel/status_util.cc +2 -3
- data/src/core/lib/compression/message_compress.cc +5 -1
- data/src/core/lib/debug/stats.cc +21 -27
- data/src/core/lib/debug/stats.h +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/spinlock.h +2 -3
- data/src/core/lib/gpr/string.cc +10 -33
- data/src/core/lib/gpr/string.h +4 -18
- data/src/core/lib/gpr/sync_abseil.cc +2 -0
- data/src/core/lib/gpr/time.cc +4 -0
- data/src/core/lib/gpr/time_posix.cc +1 -1
- data/src/core/lib/gprpp/atomic.h +6 -6
- data/src/core/lib/gprpp/fork.cc +1 -1
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/gprpp/host_port.cc +29 -35
- data/src/core/lib/gprpp/host_port.h +14 -17
- data/src/core/lib/gprpp/map.h +5 -11
- data/src/core/lib/gprpp/ref_counted_ptr.h +5 -0
- data/src/core/lib/http/format_request.cc +46 -65
- data/src/core/lib/http/httpcli.cc +15 -13
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +10 -10
- data/src/core/lib/http/parser.h +2 -3
- data/src/core/lib/iomgr/buffer_list.h +22 -21
- data/src/core/lib/iomgr/call_combiner.h +3 -2
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -2
- data/src/core/lib/iomgr/closure.h +2 -3
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +2 -3
- data/src/core/lib/iomgr/endpoint_pair.h +2 -3
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error.cc +6 -9
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_apple.cc +356 -0
- data/src/core/lib/iomgr/ev_apple.h +43 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +25 -29
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -8
- data/src/core/lib/iomgr/ev_posix.cc +4 -3
- data/src/core/lib/iomgr/exec_ctx.h +14 -2
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -20
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
- data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
- data/src/core/lib/iomgr/port.h +2 -21
- data/src/core/lib/iomgr/python_util.h +46 -0
- data/src/core/lib/iomgr/resolve_address.h +4 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
- data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
- data/src/core/lib/iomgr/resource_quota.cc +38 -37
- data/src/core/lib/iomgr/sockaddr_utils.cc +29 -33
- data/src/core/lib/iomgr/sockaddr_utils.h +10 -15
- data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
- data/src/core/lib/iomgr/socket_mutator.h +2 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +102 -81
- data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +30 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
- data/src/core/lib/iomgr/tcp_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_uv.cc +3 -2
- data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
- data/src/core/lib/iomgr/timer_generic.cc +15 -15
- data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
- data/src/core/lib/iomgr/timer_heap.h +2 -3
- data/src/core/lib/iomgr/udp_server.cc +32 -36
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json.h +3 -2
- data/src/core/lib/json/json_reader.cc +25 -26
- data/src/core/lib/json/json_writer.cc +13 -12
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
- data/src/core/lib/security/credentials/credentials.cc +0 -84
- data/src/core/lib/security/credentials/credentials.h +13 -62
- data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -17
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
- data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +73 -54
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +9 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +19 -6
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +23 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +48 -11
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +21 -6
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +17 -17
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +38 -36
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +89 -21
- data/src/core/lib/security/security_connector/ssl_utils.h +18 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +101 -72
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +27 -5
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_intern.cc +2 -3
- data/src/core/lib/slice/slice_internal.h +15 -0
- data/src/core/lib/slice/slice_utils.h +9 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
- data/src/core/lib/surface/call.cc +42 -44
- data/src/core/lib/surface/call_log_batch.cc +50 -58
- data/src/core/lib/surface/channel.cc +53 -31
- data/src/core/lib/surface/channel.h +35 -4
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/completion_queue.cc +304 -47
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/event_string.cc +18 -25
- data/src/core/lib/surface/event_string.h +3 -1
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/init_secure.cc +1 -4
- data/src/core/lib/surface/server.cc +971 -837
- data/src/core/lib/surface/server.h +66 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.h +7 -2
- data/src/core/lib/transport/connectivity_state.cc +7 -6
- data/src/core/lib/transport/connectivity_state.h +5 -3
- data/src/core/lib/transport/metadata.cc +3 -3
- data/src/core/lib/transport/metadata_batch.h +2 -3
- data/src/core/lib/transport/static_metadata.h +1 -1
- data/src/core/lib/transport/status_conversion.cc +6 -14
- data/src/core/lib/transport/transport.cc +2 -3
- data/src/core/lib/transport/transport.h +9 -2
- data/src/core/lib/transport/transport_op_string.cc +61 -102
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/lib/uri/uri_parser.h +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +24 -4
- data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +31 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +34 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
- data/src/core/tsi/fake_transport_security.cc +10 -15
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +0 -2
- data/src/core/tsi/ssl_transport_security.cc +154 -50
- data/src/core/tsi/ssl_transport_security.h +22 -10
- data/src/core/tsi/ssl_types.h +0 -2
- data/src/core/tsi/transport_security.h +6 -9
- data/src/core/tsi/transport_security_grpc.h +2 -3
- data/src/core/tsi/transport_security_interface.h +8 -3
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +12 -3
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/errors.rb +103 -42
- data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
- data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
- data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
- data/src/ruby/lib/grpc/generic/service.rb +5 -4
- data/src/ruby/lib/grpc/structs.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/generate_proto_ruby.sh +5 -3
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +11 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +16 -0
- data/src/ruby/spec/debug_message_spec.rb +134 -0
- data/src/ruby/spec/generic/service_spec.rb +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +7 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/testdata/ca.pem +18 -13
- data/src/ruby/spec/testdata/client.key +26 -14
- data/src/ruby/spec/testdata/client.pem +18 -12
- data/src/ruby/spec/testdata/server1.key +26 -14
- data/src/ruby/spec/testdata/server1.pem +20 -14
- data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
- data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
- data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
- data/third_party/abseil-cpp/absl/time/clock.h +74 -0
- data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
- data/third_party/abseil-cpp/absl/time/format.cc +153 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
- data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
- data/third_party/abseil-cpp/absl/time/time.cc +499 -0
- data/third_party/abseil-cpp/absl/time/time.h +1584 -0
- data/third_party/boringssl-with-bazel/err_data.c +335 -297
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
- data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +15 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +25 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +289 -117
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +13 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +41 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +32 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -114
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +51 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +57 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +33 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +9 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +20 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +191 -79
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +791 -715
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +146 -57
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +23 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +30 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +21 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +74 -54
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +29 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +44 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +51 -26
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +47 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +129 -48
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +23 -75
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +55 -22
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
- data/third_party/re2/re2/bitmap256.h +117 -0
- data/third_party/re2/re2/bitstate.cc +385 -0
- data/third_party/re2/re2/compile.cc +1279 -0
- data/third_party/re2/re2/dfa.cc +2130 -0
- data/third_party/re2/re2/filtered_re2.cc +121 -0
- data/third_party/re2/re2/filtered_re2.h +109 -0
- data/third_party/re2/re2/mimics_pcre.cc +197 -0
- data/third_party/re2/re2/nfa.cc +713 -0
- data/third_party/re2/re2/onepass.cc +623 -0
- data/third_party/re2/re2/parse.cc +2464 -0
- data/third_party/re2/re2/perl_groups.cc +119 -0
- data/third_party/re2/re2/pod_array.h +55 -0
- data/third_party/re2/re2/prefilter.cc +710 -0
- data/third_party/re2/re2/prefilter.h +108 -0
- data/third_party/re2/re2/prefilter_tree.cc +407 -0
- data/third_party/re2/re2/prefilter_tree.h +139 -0
- data/third_party/re2/re2/prog.cc +988 -0
- data/third_party/re2/re2/prog.h +436 -0
- data/third_party/re2/re2/re2.cc +1362 -0
- data/third_party/re2/re2/re2.h +1002 -0
- data/third_party/re2/re2/regexp.cc +980 -0
- data/third_party/re2/re2/regexp.h +659 -0
- data/third_party/re2/re2/set.cc +154 -0
- data/third_party/re2/re2/set.h +80 -0
- data/third_party/re2/re2/simplify.cc +657 -0
- data/third_party/re2/re2/sparse_array.h +392 -0
- data/third_party/re2/re2/sparse_set.h +264 -0
- data/third_party/re2/re2/stringpiece.cc +65 -0
- data/third_party/re2/re2/stringpiece.h +210 -0
- data/third_party/re2/re2/tostring.cc +351 -0
- data/third_party/re2/re2/unicode_casefold.cc +582 -0
- data/third_party/re2/re2/unicode_casefold.h +78 -0
- data/third_party/re2/re2/unicode_groups.cc +6269 -0
- data/third_party/re2/re2/unicode_groups.h +67 -0
- data/third_party/re2/re2/walker-inl.h +246 -0
- data/third_party/re2/util/benchmark.h +156 -0
- data/third_party/re2/util/flags.h +26 -0
- data/third_party/re2/util/logging.h +109 -0
- data/third_party/re2/util/malloc_counter.h +19 -0
- data/third_party/re2/util/mix.h +41 -0
- data/third_party/re2/util/mutex.h +148 -0
- data/third_party/re2/util/pcre.cc +1025 -0
- data/third_party/re2/util/pcre.h +681 -0
- data/third_party/re2/util/rune.cc +260 -0
- data/third_party/re2/util/strutil.cc +149 -0
- data/third_party/re2/util/strutil.h +21 -0
- data/third_party/re2/util/test.h +50 -0
- data/third_party/re2/util/utf.h +44 -0
- data/third_party/re2/util/util.h +42 -0
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +175 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
- data/src/core/lib/gprpp/string_view.h +0 -60
- data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -261,6 +261,32 @@ struct sha512_state_st {
|
|
261
261
|
};
|
262
262
|
|
263
263
|
|
264
|
+
// SHA-512-256
|
265
|
+
//
|
266
|
+
// See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf section 5.3.6
|
267
|
+
|
268
|
+
#define SHA512_256_DIGEST_LENGTH 32
|
269
|
+
|
270
|
+
// SHA512_256_Init initialises |sha| and returns 1.
|
271
|
+
OPENSSL_EXPORT int SHA512_256_Init(SHA512_CTX *sha);
|
272
|
+
|
273
|
+
// SHA512_256_Update adds |len| bytes from |data| to |sha| and returns 1.
|
274
|
+
OPENSSL_EXPORT int SHA512_256_Update(SHA512_CTX *sha, const void *data,
|
275
|
+
size_t len);
|
276
|
+
|
277
|
+
// SHA512_256_Final adds the final padding to |sha| and writes the resulting
|
278
|
+
// digest to |out|, which must have at least |SHA512_256_DIGEST_LENGTH| bytes of
|
279
|
+
// space. It returns one on success and zero on programmer error.
|
280
|
+
OPENSSL_EXPORT int SHA512_256_Final(uint8_t out[SHA512_256_DIGEST_LENGTH],
|
281
|
+
SHA512_CTX *sha);
|
282
|
+
|
283
|
+
// SHA512_256 writes the digest of |len| bytes from |data| to |out| and returns
|
284
|
+
// |out|. There must be at least |SHA512_256_DIGEST_LENGTH| bytes of space in
|
285
|
+
// |out|.
|
286
|
+
OPENSSL_EXPORT uint8_t *SHA512_256(const uint8_t *data, size_t len,
|
287
|
+
uint8_t out[SHA512_256_DIGEST_LENGTH]);
|
288
|
+
|
289
|
+
|
264
290
|
#if defined(__cplusplus)
|
265
291
|
} // extern C
|
266
292
|
#endif
|
@@ -1098,6 +1098,20 @@ OPENSSL_EXPORT int SSL_set_chain_and_key(
|
|
1098
1098
|
SSL *ssl, CRYPTO_BUFFER *const *certs, size_t num_certs, EVP_PKEY *privkey,
|
1099
1099
|
const SSL_PRIVATE_KEY_METHOD *privkey_method);
|
1100
1100
|
|
1101
|
+
// SSL_CTX_get0_chain returns the list of |CRYPTO_BUFFER|s that were set by
|
1102
|
+
// |SSL_CTX_set_chain_and_key|. Reference counts are not incremented by this
|
1103
|
+
// call. The return value may be |NULL| if no chain has been set.
|
1104
|
+
//
|
1105
|
+
// (Note: if a chain was configured by non-|CRYPTO_BUFFER|-based functions then
|
1106
|
+
// the return value is undefined and, even if not NULL, the stack itself may
|
1107
|
+
// contain nullptrs. Thus you shouldn't mix this function with
|
1108
|
+
// non-|CRYPTO_BUFFER| functions for manipulating the chain.)
|
1109
|
+
//
|
1110
|
+
// There is no |SSL*| version of this function because connections discard
|
1111
|
+
// configuration after handshaking, thus making it of questionable utility.
|
1112
|
+
OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER)*
|
1113
|
+
SSL_CTX_get0_chain(const SSL_CTX *ctx);
|
1114
|
+
|
1101
1115
|
// SSL_CTX_use_RSAPrivateKey sets |ctx|'s private key to |rsa|. It returns one
|
1102
1116
|
// on success and zero on failure.
|
1103
1117
|
OPENSSL_EXPORT int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
|
@@ -2183,6 +2197,20 @@ struct ssl_ticket_aead_method_st {
|
|
2183
2197
|
OPENSSL_EXPORT void SSL_CTX_set_ticket_aead_method(
|
2184
2198
|
SSL_CTX *ctx, const SSL_TICKET_AEAD_METHOD *aead_method);
|
2185
2199
|
|
2200
|
+
// SSL_process_tls13_new_session_ticket processes an unencrypted TLS 1.3
|
2201
|
+
// NewSessionTicket message from |buf| and returns a resumable |SSL_SESSION|,
|
2202
|
+
// or NULL on error. The caller takes ownership of the returned session and
|
2203
|
+
// must call |SSL_SESSION_free| to free it.
|
2204
|
+
//
|
2205
|
+
// |buf| contains |buf_len| bytes that represents a complete NewSessionTicket
|
2206
|
+
// message including its header, i.e., one byte for the type (0x04) and three
|
2207
|
+
// bytes for the length. |buf| must contain only one such message.
|
2208
|
+
//
|
2209
|
+
// This function may be used to process NewSessionTicket messages in TLS 1.3
|
2210
|
+
// clients that are handling the record layer externally.
|
2211
|
+
OPENSSL_EXPORT SSL_SESSION *SSL_process_tls13_new_session_ticket(
|
2212
|
+
SSL *ssl, const uint8_t *buf, size_t buf_len);
|
2213
|
+
|
2186
2214
|
|
2187
2215
|
// Elliptic curve Diffie-Hellman.
|
2188
2216
|
//
|
@@ -2436,7 +2464,7 @@ OPENSSL_EXPORT int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
|
|
2436
2464
|
// one on success and zero on failure.
|
2437
2465
|
//
|
2438
2466
|
// See
|
2439
|
-
// https://www.openssl.org/docs/
|
2467
|
+
// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.html
|
2440
2468
|
// for documentation on the directory format.
|
2441
2469
|
OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
|
2442
2470
|
const char *ca_file,
|
@@ -2518,20 +2546,22 @@ OPENSSL_EXPORT int SSL_set0_verify_cert_store(SSL *ssl, X509_STORE *store);
|
|
2518
2546
|
// reference to |store| will be taken.
|
2519
2547
|
OPENSSL_EXPORT int SSL_set1_verify_cert_store(SSL *ssl, X509_STORE *store);
|
2520
2548
|
|
2521
|
-
// SSL_CTX_set_ed25519_enabled configures whether |ctx| advertises support for
|
2522
|
-
// the Ed25519 signature algorithm when using the default preference list. It is
|
2523
|
-
// disabled by default and may be enabled if the certificate verifier supports
|
2524
|
-
// Ed25519.
|
2525
|
-
OPENSSL_EXPORT void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled);
|
2526
|
-
|
2527
2549
|
// SSL_CTX_set_verify_algorithm_prefs configures |ctx| to use |prefs| as the
|
2528
|
-
// preference list when verifying
|
2550
|
+
// preference list when verifying signatures from the peer's long-term key. It
|
2529
2551
|
// returns one on zero on error. |prefs| should not include the internal-only
|
2530
2552
|
// value |SSL_SIGN_RSA_PKCS1_MD5_SHA1|.
|
2531
2553
|
OPENSSL_EXPORT int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx,
|
2532
2554
|
const uint16_t *prefs,
|
2533
2555
|
size_t num_prefs);
|
2534
2556
|
|
2557
|
+
// SSL_set_verify_algorithm_prefs configures |ssl| to use |prefs| as the
|
2558
|
+
// preference list when verifying signatures from the peer's long-term key. It
|
2559
|
+
// returns one on zero on error. |prefs| should not include the internal-only
|
2560
|
+
// value |SSL_SIGN_RSA_PKCS1_MD5_SHA1|.
|
2561
|
+
OPENSSL_EXPORT int SSL_set_verify_algorithm_prefs(SSL *ssl,
|
2562
|
+
const uint16_t *prefs,
|
2563
|
+
size_t num_prefs);
|
2564
|
+
|
2535
2565
|
|
2536
2566
|
// Client certificate CA list.
|
2537
2567
|
//
|
@@ -3051,38 +3081,6 @@ OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *ssl);
|
|
3051
3081
|
OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl);
|
3052
3082
|
|
3053
3083
|
|
3054
|
-
// QUIC transport parameters.
|
3055
|
-
//
|
3056
|
-
// draft-ietf-quic-tls defines a new TLS extension quic_transport_parameters
|
3057
|
-
// used by QUIC for each endpoint to unilaterally declare its supported
|
3058
|
-
// transport parameters. draft-ietf-quic-transport (section 7.4) defines the
|
3059
|
-
// contents of that extension (a TransportParameters struct) and describes how
|
3060
|
-
// to handle it and its semantic meaning.
|
3061
|
-
//
|
3062
|
-
// BoringSSL handles this extension as an opaque byte string. The caller is
|
3063
|
-
// responsible for serializing and parsing it.
|
3064
|
-
|
3065
|
-
// SSL_set_quic_transport_params configures |ssl| to send |params| (of length
|
3066
|
-
// |params_len|) in the quic_transport_parameters extension in either the
|
3067
|
-
// ClientHello or EncryptedExtensions handshake message. This extension will
|
3068
|
-
// only be sent if the TLS version is at least 1.3, and for a server, only if
|
3069
|
-
// the client sent the extension. The buffer pointed to by |params| only need be
|
3070
|
-
// valid for the duration of the call to this function. This function returns 1
|
3071
|
-
// on success and 0 on failure.
|
3072
|
-
OPENSSL_EXPORT int SSL_set_quic_transport_params(SSL *ssl,
|
3073
|
-
const uint8_t *params,
|
3074
|
-
size_t params_len);
|
3075
|
-
|
3076
|
-
// SSL_get_peer_quic_transport_params provides the caller with the value of the
|
3077
|
-
// quic_transport_parameters extension sent by the peer. A pointer to the buffer
|
3078
|
-
// containing the TransportParameters will be put in |*out_params|, and its
|
3079
|
-
// length in |*params_len|. This buffer will be valid for the lifetime of the
|
3080
|
-
// |SSL|. If no params were received from the peer, |*out_params_len| will be 0.
|
3081
|
-
OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(const SSL *ssl,
|
3082
|
-
const uint8_t **out_params,
|
3083
|
-
size_t *out_params_len);
|
3084
|
-
|
3085
|
-
|
3086
3084
|
// Delegated credentials.
|
3087
3085
|
//
|
3088
3086
|
// *** EXPERIMENTAL — PRONE TO CHANGE ***
|
@@ -3131,10 +3129,11 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
|
|
3131
3129
|
// When configured for QUIC, |SSL_do_handshake| will drive the handshake as
|
3132
3130
|
// before, but it will not use the configured |BIO|. It will call functions on
|
3133
3131
|
// |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from
|
3134
|
-
// the peer, it will return |SSL_ERROR_WANT_READ|.
|
3135
|
-
//
|
3136
|
-
//
|
3137
|
-
//
|
3132
|
+
// the peer, it will return |SSL_ERROR_WANT_READ|. As the caller receives data
|
3133
|
+
// it can decrypt, it calls |SSL_provide_quic_data|. Subsequent
|
3134
|
+
// |SSL_do_handshake| calls will then consume that data and progress the
|
3135
|
+
// handshake. After the handshake is complete, the caller should continue to
|
3136
|
+
// call |SSL_provide_quic_data| for any post-handshake data, followed by
|
3138
3137
|
// |SSL_process_quic_post_handshake| to process it. It is an error to call
|
3139
3138
|
// |SSL_read| and |SSL_write| in QUIC.
|
3140
3139
|
//
|
@@ -3145,13 +3144,6 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
|
|
3145
3144
|
// confirm the handshake. As a client, |SSL_ERROR_EARLY_DATA_REJECTED| and
|
3146
3145
|
// |SSL_reset_early_data_reject| behave as usual.
|
3147
3146
|
//
|
3148
|
-
// Note that secrets for an encryption level may be available to QUIC before the
|
3149
|
-
// level is active in TLS. Callers should use |SSL_quic_read_level| to determine
|
3150
|
-
// the active read level for |SSL_provide_quic_data|. |SSL_do_handshake| will
|
3151
|
-
// pass the active write level to |SSL_QUIC_METHOD| when writing data. Callers
|
3152
|
-
// can use |SSL_quic_write_level| to query the active write level when
|
3153
|
-
// generating their own errors.
|
3154
|
-
//
|
3155
3147
|
// See https://tools.ietf.org/html/draft-ietf-quic-tls-15#section-4.1 for more
|
3156
3148
|
// details.
|
3157
3149
|
//
|
@@ -3160,8 +3152,37 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
|
|
3160
3152
|
// |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each
|
3161
3153
|
// encryption level.
|
3162
3154
|
//
|
3163
|
-
//
|
3164
|
-
//
|
3155
|
+
// QUIC implementations must additionally configure transport parameters with
|
3156
|
+
// |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be
|
3157
|
+
// used to query the value received from the peer. BoringSSL handles this
|
3158
|
+
// extension as an opaque byte string. The caller is responsible for serializing
|
3159
|
+
// and parsing them. See draft-ietf-quic-transport (section 7.3) for details.
|
3160
|
+
//
|
3161
|
+
// QUIC additionally imposes restrictions on 0-RTT. In particular, the QUIC
|
3162
|
+
// transport layer requires that if a server accepts 0-RTT data, then the
|
3163
|
+
// transport parameters sent on the resumed connection must not lower any limits
|
3164
|
+
// compared to the transport parameters that the server sent on the connection
|
3165
|
+
// where the ticket for 0-RTT was issued. In effect, the server must remember
|
3166
|
+
// the transport parameters with the ticket. Application protocols running on
|
3167
|
+
// QUIC may impose similar restrictions, for example HTTP/3's restrictions on
|
3168
|
+
// SETTINGS frames.
|
3169
|
+
//
|
3170
|
+
// BoringSSL implements this check by doing a byte-for-byte comparison of an
|
3171
|
+
// opaque context passed in by the server. This context must be the same on the
|
3172
|
+
// connection where the ticket was issued and the connection where that ticket
|
3173
|
+
// is used for 0-RTT. If there is a mismatch, or the context was not set,
|
3174
|
+
// BoringSSL will reject early data (but not reject the resumption attempt).
|
3175
|
+
// This context is set via |SSL_set_quic_early_data_context| and should cover
|
3176
|
+
// both transport parameters and any application state.
|
3177
|
+
// |SSL_set_quic_early_data_context| must be called on the server with a
|
3178
|
+
// non-empty context if the server is to support 0-RTT in QUIC.
|
3179
|
+
//
|
3180
|
+
// BoringSSL does not perform any client-side checks on the transport
|
3181
|
+
// parameters received from a server that also accepted early data. It is up to
|
3182
|
+
// the caller to verify that the received transport parameters do not lower any
|
3183
|
+
// limits, and to close the QUIC connection if that is not the case. The same
|
3184
|
+
// holds for any application protocol state remembered for 0-RTT, e.g. HTTP/3
|
3185
|
+
// SETTINGS.
|
3165
3186
|
|
3166
3187
|
// ssl_encryption_level_t represents a specific QUIC encryption level used to
|
3167
3188
|
// transmit handshake messages.
|
@@ -3174,26 +3195,51 @@ enum ssl_encryption_level_t BORINGSSL_ENUM_INT {
|
|
3174
3195
|
|
3175
3196
|
// ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks.
|
3176
3197
|
struct ssl_quic_method_st {
|
3177
|
-
//
|
3178
|
-
// encryption level.
|
3179
|
-
//
|
3180
|
-
//
|
3181
|
-
//
|
3198
|
+
// set_read_secret configures the read secret and cipher suite for the given
|
3199
|
+
// encryption level. It returns one on success and zero to terminate the
|
3200
|
+
// handshake with an error. It will be called at most once per encryption
|
3201
|
+
// level.
|
3202
|
+
//
|
3203
|
+
// BoringSSL will not release read keys before QUIC may use them. Once a level
|
3204
|
+
// has been initialized, QUIC may begin processing data from it. Handshake
|
3205
|
+
// data should be passed to |SSL_provide_quic_data| and application data (if
|
3206
|
+
// |level| is |ssl_encryption_early_data| or |ssl_encryption_application|) may
|
3207
|
+
// be processed according to the rules of the QUIC protocol.
|
3208
|
+
//
|
3209
|
+
// QUIC ACKs packets at the same encryption level they were received at,
|
3210
|
+
// except that client |ssl_encryption_early_data| (0-RTT) packets trigger
|
3211
|
+
// server |ssl_encryption_application| (1-RTT) ACKs. BoringSSL will always
|
3212
|
+
// install ACK-writing keys with |set_write_secret| before the packet-reading
|
3213
|
+
// keys with |set_read_secret|. This ensures the caller can always ACK any
|
3214
|
+
// packet it decrypts. Note this means the server installs 1-RTT write keys
|
3215
|
+
// before 0-RTT read keys.
|
3182
3216
|
//
|
3183
|
-
//
|
3184
|
-
//
|
3185
|
-
//
|
3186
|
-
|
3187
|
-
|
3188
|
-
|
3217
|
+
// The converse is not true. An encryption level may be configured with write
|
3218
|
+
// secrets a roundtrip before the corresponding secrets for reading ACKs is
|
3219
|
+
// available.
|
3220
|
+
int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level,
|
3221
|
+
const SSL_CIPHER *cipher, const uint8_t *secret,
|
3222
|
+
size_t secret_len);
|
3223
|
+
// set_write_secret behaves like |set_read_secret| but configures the write
|
3224
|
+
// secret and cipher suite for the given encryption level. It will be called
|
3225
|
+
// at most once per encryption level.
|
3189
3226
|
//
|
3190
|
-
//
|
3191
|
-
//
|
3227
|
+
// BoringSSL will not release write keys before QUIC may use them. If |level|
|
3228
|
+
// is |ssl_encryption_early_data| or |ssl_encryption_application|, QUIC may
|
3229
|
+
// begin sending application data at |level|. However, note that BoringSSL
|
3230
|
+
// configures server |ssl_encryption_application| write keys before the client
|
3231
|
+
// Finished. This allows QUIC to send half-RTT data, but the handshake is not
|
3232
|
+
// confirmed at this point and, if requesting client certificates, the client
|
3233
|
+
// is not yet authenticated.
|
3192
3234
|
//
|
3193
|
-
//
|
3194
|
-
|
3195
|
-
|
3196
|
-
|
3235
|
+
// See |set_read_secret| for additional invariants between packets and their
|
3236
|
+
// ACKs.
|
3237
|
+
//
|
3238
|
+
// Note that, on 0-RTT reject, the |ssl_encryption_early_data| write secret
|
3239
|
+
// may use a different cipher suite from the other keys.
|
3240
|
+
int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level,
|
3241
|
+
const SSL_CIPHER *cipher, const uint8_t *secret,
|
3242
|
+
size_t secret_len);
|
3197
3243
|
// add_handshake_data adds handshake data to the current flight at the given
|
3198
3244
|
// encryption level. It returns one on success and zero on error.
|
3199
3245
|
//
|
@@ -3201,6 +3247,9 @@ struct ssl_quic_method_st {
|
|
3201
3247
|
// single handshake flight may include multiple encryption levels. Callers
|
3202
3248
|
// should defer writing data to the network until |flush_flight| to better
|
3203
3249
|
// pack QUIC packets into transport datagrams.
|
3250
|
+
//
|
3251
|
+
// If |level| is not |ssl_encryption_initial|, this function will not be
|
3252
|
+
// called before |level| is initialized with |set_write_secret|.
|
3204
3253
|
int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level,
|
3205
3254
|
const uint8_t *data, size_t len);
|
3206
3255
|
// flush_flight is called when the current flight is complete and should be
|
@@ -3209,6 +3258,9 @@ struct ssl_quic_method_st {
|
|
3209
3258
|
int (*flush_flight)(SSL *ssl);
|
3210
3259
|
// send_alert sends a fatal alert at the specified encryption level. It
|
3211
3260
|
// returns one on success and zero on error.
|
3261
|
+
//
|
3262
|
+
// If |level| is not |ssl_encryption_initial|, this function will not be
|
3263
|
+
// called before |level| is initialized with |set_write_secret|.
|
3212
3264
|
int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert);
|
3213
3265
|
};
|
3214
3266
|
|
@@ -3221,15 +3273,22 @@ OPENSSL_EXPORT size_t SSL_quic_max_handshake_flight_len(
|
|
3221
3273
|
const SSL *ssl, enum ssl_encryption_level_t level);
|
3222
3274
|
|
3223
3275
|
// SSL_quic_read_level returns the current read encryption level.
|
3276
|
+
//
|
3277
|
+
// TODO(davidben): Is it still necessary to expose this function to callers?
|
3278
|
+
// QUICHE does not use it.
|
3224
3279
|
OPENSSL_EXPORT enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl);
|
3225
3280
|
|
3226
3281
|
// SSL_quic_write_level returns the current write encryption level.
|
3282
|
+
//
|
3283
|
+
// TODO(davidben): Is it still necessary to expose this function to callers?
|
3284
|
+
// QUICHE does not use it.
|
3227
3285
|
OPENSSL_EXPORT enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl);
|
3228
3286
|
|
3229
3287
|
// SSL_provide_quic_data provides data from QUIC at a particular encryption
|
3230
|
-
// level |level|. It
|
3231
|
-
//
|
3232
|
-
//
|
3288
|
+
// level |level|. It returns one on success and zero on error. Note this
|
3289
|
+
// function will return zero if the handshake is not expecting data from |level|
|
3290
|
+
// at this time. The QUIC implementation should then close the connection with
|
3291
|
+
// an error.
|
3233
3292
|
OPENSSL_EXPORT int SSL_provide_quic_data(SSL *ssl,
|
3234
3293
|
enum ssl_encryption_level_t level,
|
3235
3294
|
const uint8_t *data, size_t len);
|
@@ -3252,6 +3311,40 @@ OPENSSL_EXPORT int SSL_CTX_set_quic_method(SSL_CTX *ctx,
|
|
3252
3311
|
OPENSSL_EXPORT int SSL_set_quic_method(SSL *ssl,
|
3253
3312
|
const SSL_QUIC_METHOD *quic_method);
|
3254
3313
|
|
3314
|
+
// SSL_set_quic_transport_params configures |ssl| to send |params| (of length
|
3315
|
+
// |params_len|) in the quic_transport_parameters extension in either the
|
3316
|
+
// ClientHello or EncryptedExtensions handshake message. It is an error to set
|
3317
|
+
// transport parameters if |ssl| is not configured for QUIC. The buffer pointed
|
3318
|
+
// to by |params| only need be valid for the duration of the call to this
|
3319
|
+
// function. This function returns 1 on success and 0 on failure.
|
3320
|
+
OPENSSL_EXPORT int SSL_set_quic_transport_params(SSL *ssl,
|
3321
|
+
const uint8_t *params,
|
3322
|
+
size_t params_len);
|
3323
|
+
|
3324
|
+
// SSL_get_peer_quic_transport_params provides the caller with the value of the
|
3325
|
+
// quic_transport_parameters extension sent by the peer. A pointer to the buffer
|
3326
|
+
// containing the TransportParameters will be put in |*out_params|, and its
|
3327
|
+
// length in |*params_len|. This buffer will be valid for the lifetime of the
|
3328
|
+
// |SSL|. If no params were received from the peer, |*out_params_len| will be 0.
|
3329
|
+
OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(
|
3330
|
+
const SSL *ssl, const uint8_t **out_params, size_t *out_params_len);
|
3331
|
+
|
3332
|
+
// SSL_set_quic_early_data_context configures a context string in QUIC servers
|
3333
|
+
// for accepting early data. If a resumption connection offers early data, the
|
3334
|
+
// server will check if the value matches that of the connection which minted
|
3335
|
+
// the ticket. If not, resumption still succeeds but early data is rejected.
|
3336
|
+
// This should include all QUIC Transport Parameters except ones specified that
|
3337
|
+
// the client MUST NOT remember. This should also include any application
|
3338
|
+
// protocol-specific state. For HTTP/3, this should be the serialized server
|
3339
|
+
// SETTINGS frame and the QUIC Transport Parameters (except the stateless reset
|
3340
|
+
// token).
|
3341
|
+
//
|
3342
|
+
// This function may be called before |SSL_do_handshake| or during server
|
3343
|
+
// certificate selection. It returns 1 on success and 0 on failure.
|
3344
|
+
OPENSSL_EXPORT int SSL_set_quic_early_data_context(SSL *ssl,
|
3345
|
+
const uint8_t *context,
|
3346
|
+
size_t context_len);
|
3347
|
+
|
3255
3348
|
|
3256
3349
|
// Early data.
|
3257
3350
|
//
|
@@ -3325,6 +3418,18 @@ OPENSSL_EXPORT int SSL_in_early_data(const SSL *ssl);
|
|
3325
3418
|
// attempted with |session| if enabled.
|
3326
3419
|
OPENSSL_EXPORT int SSL_SESSION_early_data_capable(const SSL_SESSION *session);
|
3327
3420
|
|
3421
|
+
// SSL_SESSION_copy_without_early_data returns a copy of |session| with early
|
3422
|
+
// data disabled. If |session| already does not support early data, it returns
|
3423
|
+
// |session| with the reference count increased. The caller takes ownership of
|
3424
|
+
// the result and must release it with |SSL_SESSION_free|.
|
3425
|
+
//
|
3426
|
+
// This function may be used on the client to clear early data support from
|
3427
|
+
// existing sessions when the server rejects early data. In particular,
|
3428
|
+
// |SSL_R_WRONG_VERSION_ON_EARLY_DATA| requires a fresh connection to retry, and
|
3429
|
+
// the client would not want 0-RTT enabled for the next connection attempt.
|
3430
|
+
OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_copy_without_early_data(
|
3431
|
+
SSL_SESSION *session);
|
3432
|
+
|
3328
3433
|
// SSL_early_data_accepted returns whether early data was accepted on the
|
3329
3434
|
// handshake performed by |ssl|.
|
3330
3435
|
OPENSSL_EXPORT int SSL_early_data_accepted(const SSL *ssl);
|
@@ -3374,8 +3479,10 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
|
|
3374
3479
|
ssl_early_data_token_binding = 11,
|
3375
3480
|
// The client and server ticket age were too far apart.
|
3376
3481
|
ssl_early_data_ticket_age_skew = 12,
|
3482
|
+
// QUIC parameters differ between this connection and the original.
|
3483
|
+
ssl_early_data_quic_parameter_mismatch = 13,
|
3377
3484
|
// The value of the largest entry.
|
3378
|
-
ssl_early_data_reason_max_value =
|
3485
|
+
ssl_early_data_reason_max_value = ssl_early_data_quic_parameter_mismatch,
|
3379
3486
|
};
|
3380
3487
|
|
3381
3488
|
// SSL_get_early_data_reason returns details why 0-RTT was accepted or rejected
|
@@ -3436,6 +3543,7 @@ OPENSSL_EXPORT enum ssl_early_data_reason_t SSL_get_early_data_reason(
|
|
3436
3543
|
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
|
3437
3544
|
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
|
3438
3545
|
#define SSL_AD_CERTIFICATE_REQUIRED TLS1_AD_CERTIFICATE_REQUIRED
|
3546
|
+
#define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL
|
3439
3547
|
|
3440
3548
|
// SSL_alert_type_string_long returns a string description of |value| as an
|
3441
3549
|
// alert type (warning or fatal).
|
@@ -3496,11 +3604,13 @@ OPENSSL_EXPORT int SSL_get_ivs(const SSL *ssl, const uint8_t **out_read_iv,
|
|
3496
3604
|
const uint8_t **out_write_iv,
|
3497
3605
|
size_t *out_iv_len);
|
3498
3606
|
|
3499
|
-
// SSL_get_key_block_len returns the length of |ssl|'s key block.
|
3607
|
+
// SSL_get_key_block_len returns the length of |ssl|'s key block. It is an error
|
3608
|
+
// to call this function during a handshake.
|
3500
3609
|
OPENSSL_EXPORT size_t SSL_get_key_block_len(const SSL *ssl);
|
3501
3610
|
|
3502
3611
|
// SSL_generate_key_block generates |out_len| bytes of key material for |ssl|'s
|
3503
|
-
// current connection state.
|
3612
|
+
// current connection state. It is an error to call this function during a
|
3613
|
+
// handshake.
|
3504
3614
|
OPENSSL_EXPORT int SSL_generate_key_block(const SSL *ssl, uint8_t *out,
|
3505
3615
|
size_t out_len);
|
3506
3616
|
|
@@ -4211,7 +4321,7 @@ OPENSSL_EXPORT int SSL_set1_sigalgs(SSL *ssl, const int *values,
|
|
4211
4321
|
// SSL_CTX_set1_sigalgs_list takes a textual specification of a set of signature
|
4212
4322
|
// algorithms and configures them on |ctx|. It returns one on success and zero
|
4213
4323
|
// on error. See
|
4214
|
-
// https://www.openssl.org/docs/man1.1.0/
|
4324
|
+
// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html for
|
4215
4325
|
// a description of the text format. Also note that TLS 1.3 names (e.g.
|
4216
4326
|
// "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL
|
4217
4327
|
// doesn't document that).
|
@@ -4224,7 +4334,7 @@ OPENSSL_EXPORT int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str);
|
|
4224
4334
|
// SSL_set1_sigalgs_list takes a textual specification of a set of signature
|
4225
4335
|
// algorithms and configures them on |ssl|. It returns one on success and zero
|
4226
4336
|
// on error. See
|
4227
|
-
// https://www.openssl.org/docs/man1.1.0/
|
4337
|
+
// https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set1_sigalgs_list.html for
|
4228
4338
|
// a description of the text format. Also note that TLS 1.3 names (e.g.
|
4229
4339
|
// "rsa_pkcs1_md5_sha1") can also be used (as in OpenSSL, although OpenSSL
|
4230
4340
|
// doesn't document that).
|
@@ -5018,7 +5128,7 @@ BSSL_NAMESPACE_END
|
|
5018
5128
|
#define SSL_R_UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY 252
|
5019
5129
|
#define SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS 253
|
5020
5130
|
#define SSL_R_DOWNGRADE_DETECTED 254
|
5021
|
-
#define
|
5131
|
+
#define SSL_R_EXCESS_HANDSHAKE_DATA 255
|
5022
5132
|
#define SSL_R_INVALID_COMPRESSION_LIST 256
|
5023
5133
|
#define SSL_R_DUPLICATE_EXTENSION 257
|
5024
5134
|
#define SSL_R_MISSING_KEY_SHARE 258
|
@@ -5067,6 +5177,8 @@ BSSL_NAMESPACE_END
|
|
5067
5177
|
#define SSL_R_INVALID_DELEGATED_CREDENTIAL 301
|
5068
5178
|
#define SSL_R_KEY_USAGE_BIT_INCORRECT 302
|
5069
5179
|
#define SSL_R_INCONSISTENT_CLIENT_HELLO 303
|
5180
|
+
#define SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA 304
|
5181
|
+
#define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305
|
5070
5182
|
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
|
5071
5183
|
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
|
5072
5184
|
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
|