grpc 1.28.0 → 1.37.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (1541) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1734 -22357
  3. data/etc/roots.pem +257 -573
  4. data/include/grpc/compression.h +1 -1
  5. data/include/grpc/grpc.h +31 -9
  6. data/include/grpc/grpc_security.h +274 -180
  7. data/include/grpc/grpc_security_constants.h +4 -0
  8. data/include/grpc/impl/codegen/README.md +22 -0
  9. data/include/grpc/impl/codegen/atm_windows.h +4 -0
  10. data/include/grpc/impl/codegen/byte_buffer.h +1 -1
  11. data/include/grpc/impl/codegen/grpc_types.h +32 -30
  12. data/include/grpc/impl/codegen/log.h +0 -2
  13. data/include/grpc/impl/codegen/port_platform.h +36 -90
  14. data/include/grpc/impl/codegen/sync_windows.h +4 -0
  15. data/include/grpc/module.modulemap +24 -39
  16. data/include/grpc/slice_buffer.h +3 -3
  17. data/include/grpc/support/sync.h +3 -3
  18. data/include/grpc/support/time.h +7 -7
  19. data/src/core/ext/filters/client_channel/backend_metric.cc +16 -12
  20. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
  21. data/src/core/ext/filters/client_channel/client_channel.cc +3845 -2414
  22. data/src/core/ext/filters/client_channel/client_channel.h +1 -7
  23. data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
  24. data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
  25. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -3
  26. data/src/core/ext/filters/client_channel/config_selector.cc +58 -0
  27. data/src/core/ext/filters/client_channel/config_selector.h +133 -0
  28. data/src/core/ext/filters/client_channel/dynamic_filters.cc +191 -0
  29. data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
  30. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +26 -122
  31. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
  32. data/src/core/ext/filters/client_channel/health/health_check_client.cc +25 -30
  33. data/src/core/ext/filters/client_channel/health/health_check_client.h +7 -7
  34. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +15 -16
  35. data/src/core/ext/filters/client_channel/http_proxy.cc +44 -34
  36. data/src/core/ext/filters/client_channel/lb_policy.cc +28 -20
  37. data/src/core/ext/filters/client_channel/lb_policy.h +50 -38
  38. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +96 -0
  39. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +101 -0
  40. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +20 -11
  41. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
  42. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +481 -510
  43. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +76 -0
  44. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +37 -0
  45. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
  46. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +6 -41
  47. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
  48. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +3 -2
  49. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
  50. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
  51. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +24 -18
  52. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +922 -0
  53. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
  54. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
  55. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +11 -10
  56. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +18 -46
  57. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +744 -0
  58. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +520 -134
  59. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +53 -26
  60. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
  61. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +795 -0
  62. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +722 -0
  63. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1384 -0
  64. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +18 -8
  65. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
  66. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +12 -10
  67. data/src/core/ext/filters/client_channel/resolver.cc +9 -10
  68. data/src/core/ext/filters/client_channel/resolver.h +10 -20
  69. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +111 -110
  70. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +4 -34
  71. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +22 -24
  72. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +15 -13
  73. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +82 -123
  74. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +642 -184
  75. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +10 -3
  76. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  77. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  78. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +61 -61
  79. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +102 -108
  80. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -5
  81. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
  82. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +38 -31
  83. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +829 -46
  84. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
  85. data/src/core/ext/filters/client_channel/resolver_factory.h +8 -8
  86. data/src/core/ext/filters/client_channel/resolver_registry.cc +55 -52
  87. data/src/core/ext/filters/client_channel/resolver_registry.h +10 -10
  88. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +47 -93
  89. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +30 -26
  90. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
  91. data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
  92. data/src/core/ext/filters/client_channel/server_address.cc +132 -13
  93. data/src/core/ext/filters/client_channel/server_address.h +80 -32
  94. data/src/core/ext/filters/client_channel/service_config.cc +114 -149
  95. data/src/core/ext/filters/client_channel/service_config.h +33 -100
  96. data/src/core/ext/filters/client_channel/service_config_call_data.h +86 -0
  97. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
  98. data/src/core/ext/filters/client_channel/service_config_parser.cc +89 -0
  99. data/src/core/ext/filters/client_channel/service_config_parser.h +92 -0
  100. data/src/core/ext/filters/client_channel/subchannel.cc +211 -230
  101. data/src/core/ext/filters/client_channel/subchannel.h +116 -118
  102. data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
  103. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
  104. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +16 -10
  105. data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
  106. data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
  107. data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
  108. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +495 -0
  109. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
  110. data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
  111. data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
  112. data/src/core/ext/filters/http/client/http_client_filter.cc +29 -34
  113. data/src/core/ext/filters/http/client_authority_filter.cc +10 -10
  114. data/src/core/ext/filters/http/http_filters_plugin.cc +34 -15
  115. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +258 -221
  116. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
  117. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
  118. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
  119. data/src/core/ext/filters/max_age/max_age_filter.cc +38 -34
  120. data/src/core/ext/filters/message_size/message_size_filter.cc +64 -90
  121. data/src/core/ext/filters/message_size/message_size_filter.h +12 -5
  122. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
  123. data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
  124. data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
  125. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
  126. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +19 -2
  127. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +23 -10
  128. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
  129. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +37 -49
  130. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +803 -355
  131. data/src/core/ext/transport/chttp2/server/chttp2_server.h +16 -2
  132. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +13 -3
  133. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +19 -18
  134. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +65 -21
  135. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
  136. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  137. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +343 -347
  138. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +13 -1
  139. data/src/core/ext/transport/chttp2/transport/flow_control.cc +36 -33
  140. data/src/core/ext/transport/chttp2/transport/flow_control.h +27 -19
  141. data/src/core/ext/transport/chttp2/transport/frame_data.cc +14 -13
  142. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +6 -7
  143. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  144. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
  145. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  146. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
  147. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -3
  148. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +8 -9
  149. data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -4
  150. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +15 -18
  151. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  152. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +30 -17
  153. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +2 -3
  154. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +37 -37
  155. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +2 -3
  156. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
  157. data/src/core/ext/transport/chttp2/transport/hpack_table.h +2 -2
  158. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  159. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  160. data/src/core/ext/transport/chttp2/transport/internal.h +38 -23
  161. data/src/core/ext/transport/chttp2/transport/parsing.cc +52 -74
  162. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  163. data/src/core/ext/transport/chttp2/transport/writing.cc +30 -28
  164. data/src/core/ext/transport/inproc/inproc_transport.cc +106 -33
  165. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
  166. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
  167. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -1
  168. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
  169. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +10 -4
  170. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +243 -0
  171. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +865 -0
  172. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
  173. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
  174. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
  175. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +253 -0
  176. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +453 -0
  177. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1801 -0
  178. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +35 -0
  179. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +77 -0
  180. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +56 -0
  181. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +364 -0
  182. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +124 -0
  183. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +428 -0
  184. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +35 -0
  185. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +88 -0
  186. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +334 -0
  187. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +1066 -0
  188. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +103 -0
  189. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +388 -0
  190. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
  191. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +78 -0
  192. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
  193. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +149 -0
  194. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +241 -0
  195. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +839 -0
  196. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
  197. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +767 -0
  198. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +36 -0
  199. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +88 -0
  200. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +182 -0
  201. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +755 -0
  202. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +27 -0
  203. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +65 -0
  204. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +34 -0
  205. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +95 -0
  206. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +42 -0
  207. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +126 -0
  208. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +90 -0
  209. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +243 -0
  210. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
  211. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +305 -0
  212. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
  213. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +367 -0
  214. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +33 -0
  215. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +73 -0
  216. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +130 -0
  217. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +557 -0
  218. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +159 -0
  219. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +623 -0
  220. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +40 -0
  221. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +107 -0
  222. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
  223. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
  224. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
  225. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
  226. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +178 -0
  227. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +662 -0
  228. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +65 -0
  229. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +237 -0
  230. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +941 -0
  231. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +3790 -0
  232. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +60 -0
  233. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +159 -0
  234. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +49 -0
  235. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +122 -0
  236. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
  237. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
  238. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
  239. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
  240. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
  241. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
  242. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
  243. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
  244. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +362 -0
  245. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1488 -0
  246. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +19 -0
  247. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +35 -0
  248. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +113 -0
  249. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +458 -0
  250. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +73 -0
  251. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +219 -0
  252. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +146 -0
  253. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +621 -0
  254. data/src/core/ext/upb-generated/envoy/{api/v2/rds.upb.c → service/cluster/v3/cds.upb.c} +7 -9
  255. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +56 -0
  256. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +25 -0
  257. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +56 -0
  258. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +146 -0
  259. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +499 -0
  260. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +27 -0
  261. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +56 -0
  262. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +27 -0
  263. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +56 -0
  264. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +54 -0
  265. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +151 -0
  266. data/src/core/ext/upb-generated/envoy/{api/v2/srds.upb.c → service/route/v3/rds.upb.c} +7 -7
  267. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +56 -0
  268. data/src/core/ext/upb-generated/envoy/{api/v2/cds.upb.c → service/route/v3/srds.upb.c} +7 -7
  269. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +56 -0
  270. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
  271. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
  272. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
  273. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +128 -0
  274. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
  275. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
  276. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
  277. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +84 -0
  278. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
  279. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +78 -0
  280. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
  281. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +166 -0
  282. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +53 -0
  283. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +146 -0
  284. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
  285. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
  286. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
  287. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +207 -0
  288. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
  289. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +301 -0
  290. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
  291. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +283 -0
  292. data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +3 -2
  293. data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +9 -9
  294. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +40 -0
  295. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +99 -0
  296. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +51 -0
  297. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +130 -0
  298. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +30 -0
  299. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +68 -0
  300. data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -1
  301. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
  302. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +830 -0
  303. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +251 -0
  304. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +871 -0
  305. data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
  306. data/src/core/ext/upb-generated/google/api/http.upb.h +52 -32
  307. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
  308. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +12 -6
  309. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +107 -106
  310. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +691 -496
  311. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
  312. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +12 -6
  313. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
  314. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +8 -2
  315. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +5 -5
  316. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +55 -57
  317. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
  318. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +12 -6
  319. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
  320. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +82 -28
  321. data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
  322. data/src/core/ext/upb-generated/google/rpc/status.upb.h +17 -10
  323. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +5 -5
  324. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +40 -45
  325. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +43 -43
  326. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +236 -184
  327. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
  328. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +29 -13
  329. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
  330. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +19 -7
  331. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
  332. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +122 -62
  333. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
  334. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +30 -12
  335. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
  336. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +64 -0
  337. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -1
  338. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  339. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +71 -0
  340. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
  341. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +60 -0
  342. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +9 -9
  343. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +48 -68
  344. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
  345. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
  346. data/src/core/ext/upb-generated/validate/validate.upb.c +71 -70
  347. data/src/core/ext/upb-generated/validate/validate.upb.h +732 -586
  348. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +28 -0
  349. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
  350. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
  351. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
  352. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
  353. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
  354. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
  355. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
  356. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
  357. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
  358. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
  359. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
  360. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
  361. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
  362. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
  363. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
  364. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
  365. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
  366. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +251 -0
  367. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
  368. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
  369. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
  370. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
  371. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
  372. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +543 -0
  373. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
  374. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
  375. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
  376. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +136 -0
  377. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
  378. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
  379. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
  380. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
  381. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
  382. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +272 -0
  383. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +135 -0
  384. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
  385. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
  386. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
  387. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
  388. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
  389. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
  390. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
  391. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
  392. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
  393. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
  394. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
  395. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
  396. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +231 -0
  397. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +85 -0
  398. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +43 -0
  399. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
  400. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
  401. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
  402. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +68 -0
  403. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
  404. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +107 -0
  405. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
  406. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
  407. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
  408. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
  409. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
  410. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
  411. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
  412. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +195 -0
  413. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
  414. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +193 -0
  415. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
  416. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +59 -0
  417. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
  418. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
  419. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
  420. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
  421. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
  422. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +101 -0
  423. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
  424. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +944 -0
  425. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +290 -0
  426. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
  427. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
  428. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +61 -0
  429. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
  430. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
  431. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  432. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
  433. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
  434. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
  435. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
  436. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
  437. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
  438. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +505 -0
  439. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
  440. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +44 -0
  441. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
  442. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +170 -0
  443. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
  444. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +97 -0
  445. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
  446. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +246 -0
  447. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
  448. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
  449. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
  450. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
  451. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
  452. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +142 -0
  453. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +65 -0
  454. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +73 -0
  455. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
  456. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +72 -0
  457. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
  458. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +80 -0
  459. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
  460. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +80 -0
  461. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
  462. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
  463. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
  464. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
  465. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
  466. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
  467. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
  468. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
  469. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
  470. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
  471. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
  472. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
  473. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
  474. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
  475. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
  476. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +69 -0
  477. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
  478. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
  479. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
  480. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
  481. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
  482. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
  483. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
  484. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
  485. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
  486. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
  487. data/src/core/ext/{upb-generated/gogoproto/gogo.upb.h → upbdefs-generated/envoy/type/v3/http.upbdefs.h} +10 -10
  488. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
  489. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
  490. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
  491. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
  492. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
  493. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
  494. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
  495. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
  496. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
  497. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
  498. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +39 -0
  499. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
  500. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
  501. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
  502. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +40 -0
  503. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
  504. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
  505. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
  506. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
  507. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
  508. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +40 -0
  509. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
  510. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
  511. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
  512. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
  513. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
  514. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
  515. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
  516. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
  517. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
  518. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
  519. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
  520. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
  521. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
  522. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
  523. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
  524. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
  525. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
  526. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +310 -0
  527. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
  528. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
  529. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  530. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
  531. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  532. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
  533. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  534. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
  535. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  536. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
  537. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  538. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
  539. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  540. data/src/core/ext/xds/certificate_provider_factory.h +61 -0
  541. data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
  542. data/src/core/ext/xds/certificate_provider_registry.h +57 -0
  543. data/src/core/ext/xds/certificate_provider_store.cc +87 -0
  544. data/src/core/ext/xds/certificate_provider_store.h +112 -0
  545. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
  546. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
  547. data/src/core/ext/xds/xds_api.cc +3791 -0
  548. data/src/core/ext/xds/xds_api.h +671 -0
  549. data/src/core/ext/xds/xds_bootstrap.cc +555 -0
  550. data/src/core/ext/xds/xds_bootstrap.h +120 -0
  551. data/src/core/ext/xds/xds_certificate_provider.cc +405 -0
  552. data/src/core/ext/xds/xds_certificate_provider.h +151 -0
  553. data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +9 -6
  554. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +983 -773
  555. data/src/core/ext/xds/xds_client.h +365 -0
  556. data/src/core/ext/xds/xds_client_stats.cc +159 -0
  557. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +80 -40
  558. data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
  559. data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
  560. data/src/core/ext/xds/xds_http_filters.cc +114 -0
  561. data/src/core/ext/xds/xds_http_filters.h +130 -0
  562. data/src/core/ext/xds/xds_server_config_fetcher.cc +532 -0
  563. data/src/core/lib/channel/channel_args.cc +24 -22
  564. data/src/core/lib/channel/channel_args.h +3 -2
  565. data/src/core/lib/channel/channel_stack.cc +12 -0
  566. data/src/core/lib/channel/channel_stack.h +27 -13
  567. data/src/core/lib/channel/channel_trace.cc +6 -8
  568. data/src/core/lib/channel/channel_trace.h +1 -1
  569. data/src/core/lib/channel/channelz.cc +137 -97
  570. data/src/core/lib/channel/channelz.h +47 -26
  571. data/src/core/lib/channel/channelz_registry.cc +34 -15
  572. data/src/core/lib/channel/channelz_registry.h +3 -1
  573. data/src/core/lib/channel/connected_channel.cc +7 -5
  574. data/src/core/lib/channel/context.h +1 -1
  575. data/src/core/lib/channel/handshaker.cc +15 -59
  576. data/src/core/lib/channel/handshaker.h +7 -22
  577. data/src/core/lib/channel/handshaker_registry.cc +5 -17
  578. data/src/core/lib/channel/status_util.cc +14 -5
  579. data/src/core/lib/channel/status_util.h +5 -0
  580. data/src/core/lib/compression/compression.cc +8 -4
  581. data/src/core/lib/compression/compression_args.cc +3 -2
  582. data/src/core/lib/compression/compression_internal.cc +10 -5
  583. data/src/core/lib/compression/compression_internal.h +2 -1
  584. data/src/core/lib/compression/message_compress.cc +5 -1
  585. data/src/core/lib/compression/stream_compression_identity.cc +1 -3
  586. data/src/core/lib/debug/stats.cc +21 -27
  587. data/src/core/lib/debug/stats.h +5 -3
  588. data/src/core/lib/debug/stats_data.cc +1 -0
  589. data/src/core/lib/debug/stats_data.h +13 -13
  590. data/src/core/lib/gpr/alloc.cc +3 -2
  591. data/src/core/lib/gpr/cpu_iphone.cc +10 -2
  592. data/src/core/lib/gpr/log.cc +59 -17
  593. data/src/core/lib/gpr/log_linux.cc +23 -9
  594. data/src/core/lib/gpr/log_posix.cc +19 -7
  595. data/src/core/lib/gpr/log_windows.cc +18 -4
  596. data/src/core/lib/gpr/murmur_hash.cc +1 -1
  597. data/src/core/lib/gpr/spinlock.h +12 -5
  598. data/src/core/lib/gpr/string.cc +33 -55
  599. data/src/core/lib/gpr/string.h +9 -24
  600. data/src/core/lib/gpr/sync.cc +4 -4
  601. data/src/core/lib/gpr/sync_abseil.cc +5 -6
  602. data/src/core/lib/gpr/sync_posix.cc +2 -8
  603. data/src/core/lib/gpr/sync_windows.cc +2 -2
  604. data/src/core/lib/gpr/time.cc +16 -12
  605. data/src/core/lib/gpr/time_posix.cc +1 -1
  606. data/src/core/lib/gpr/time_precise.cc +5 -2
  607. data/src/core/lib/gpr/time_precise.h +6 -2
  608. data/src/core/lib/gpr/tls.h +4 -0
  609. data/src/core/lib/gpr/tls_msvc.h +2 -0
  610. data/src/core/lib/gpr/tls_stdcpp.h +48 -0
  611. data/src/core/lib/gpr/useful.h +5 -4
  612. data/src/core/lib/gprpp/arena.h +3 -2
  613. data/src/core/lib/gprpp/atomic.h +9 -9
  614. data/src/core/lib/gprpp/dual_ref_counted.h +331 -0
  615. data/src/core/lib/gprpp/examine_stack.cc +43 -0
  616. data/src/core/lib/gprpp/examine_stack.h +46 -0
  617. data/src/core/lib/gprpp/fork.cc +3 -3
  618. data/src/core/lib/gprpp/global_config_env.cc +8 -6
  619. data/src/core/lib/gprpp/host_port.cc +29 -35
  620. data/src/core/lib/gprpp/host_port.h +14 -17
  621. data/src/core/lib/gprpp/manual_constructor.h +1 -1
  622. data/src/core/lib/gprpp/mpscq.cc +2 -2
  623. data/src/core/lib/gprpp/orphanable.h +4 -8
  624. data/src/core/lib/gprpp/ref_counted.h +91 -68
  625. data/src/core/lib/gprpp/ref_counted_ptr.h +173 -7
  626. data/src/core/lib/gprpp/stat.h +38 -0
  627. data/src/core/lib/gprpp/stat_posix.cc +49 -0
  628. data/src/core/lib/gprpp/stat_windows.cc +48 -0
  629. data/src/core/lib/gprpp/sync.h +129 -40
  630. data/src/core/lib/gprpp/thd.h +3 -3
  631. data/src/core/lib/gprpp/thd_posix.cc +42 -37
  632. data/src/core/lib/gprpp/thd_windows.cc +3 -1
  633. data/src/core/lib/gprpp/time_util.cc +77 -0
  634. data/src/core/lib/gprpp/time_util.h +42 -0
  635. data/src/core/lib/http/format_request.cc +46 -65
  636. data/src/core/lib/http/httpcli.cc +16 -14
  637. data/src/core/lib/http/httpcli.h +4 -6
  638. data/src/core/lib/http/httpcli_security_connector.cc +13 -13
  639. data/src/core/lib/http/parser.cc +47 -27
  640. data/src/core/lib/http/parser.h +2 -3
  641. data/src/core/lib/iomgr/buffer_list.h +23 -22
  642. data/src/core/lib/iomgr/call_combiner.cc +8 -5
  643. data/src/core/lib/iomgr/call_combiner.h +3 -2
  644. data/src/core/lib/iomgr/cfstream_handle.cc +6 -4
  645. data/src/core/lib/iomgr/closure.h +2 -3
  646. data/src/core/lib/iomgr/combiner.cc +2 -1
  647. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  648. data/src/core/lib/iomgr/endpoint.cc +5 -1
  649. data/src/core/lib/iomgr/endpoint.h +8 -4
  650. data/src/core/lib/iomgr/endpoint_cfstream.cc +38 -14
  651. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  652. data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
  653. data/src/core/lib/iomgr/error.cc +23 -21
  654. data/src/core/lib/iomgr/error.h +1 -2
  655. data/src/core/lib/iomgr/error_cfstream.cc +9 -8
  656. data/src/core/lib/iomgr/error_internal.h +1 -1
  657. data/src/core/lib/iomgr/ev_apple.cc +359 -0
  658. data/src/core/lib/iomgr/ev_apple.h +43 -0
  659. data/src/core/lib/iomgr/ev_epoll1_linux.cc +46 -43
  660. data/src/core/lib/iomgr/ev_epollex_linux.cc +46 -45
  661. data/src/core/lib/iomgr/ev_poll_posix.cc +18 -15
  662. data/src/core/lib/iomgr/ev_posix.cc +5 -6
  663. data/src/core/lib/iomgr/exec_ctx.cc +7 -3
  664. data/src/core/lib/iomgr/exec_ctx.h +26 -10
  665. data/src/core/lib/iomgr/executor.cc +2 -1
  666. data/src/core/lib/iomgr/executor.h +1 -1
  667. data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
  668. data/src/core/lib/iomgr/executor/threadpool.h +4 -4
  669. data/src/core/lib/iomgr/iomgr.cc +1 -1
  670. data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
  671. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +84 -21
  672. data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
  673. data/src/core/lib/iomgr/load_file.h +1 -1
  674. data/src/core/lib/iomgr/lockfree_event.cc +19 -14
  675. data/src/core/lib/iomgr/lockfree_event.h +2 -2
  676. data/src/core/lib/iomgr/parse_address.cc +322 -0
  677. data/src/core/lib/iomgr/parse_address.h +77 -0
  678. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
  679. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
  680. data/src/core/lib/iomgr/pollset_set_custom.cc +11 -11
  681. data/src/core/lib/{gprpp/optional.h → iomgr/pollset_uv.h} +11 -12
  682. data/src/core/lib/iomgr/port.h +2 -21
  683. data/src/core/lib/iomgr/python_util.h +46 -0
  684. data/src/core/lib/iomgr/resolve_address.cc +4 -4
  685. data/src/core/lib/iomgr/resolve_address.h +4 -6
  686. data/src/core/lib/iomgr/resolve_address_custom.cc +42 -57
  687. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  688. data/src/core/lib/iomgr/resolve_address_posix.cc +11 -16
  689. data/src/core/lib/iomgr/resolve_address_windows.cc +16 -25
  690. data/src/core/lib/iomgr/resource_quota.cc +39 -38
  691. data/src/core/lib/iomgr/sockaddr_utils.cc +161 -44
  692. data/src/core/lib/iomgr/sockaddr_utils.h +40 -19
  693. data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
  694. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  695. data/src/core/lib/iomgr/socket_mutator.cc +3 -2
  696. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  697. data/src/core/lib/iomgr/socket_utils_common_posix.cc +103 -81
  698. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  699. data/src/core/lib/iomgr/socket_windows.cc +4 -5
  700. data/src/core/lib/iomgr/tcp_client.cc +3 -3
  701. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -18
  702. data/src/core/lib/iomgr/tcp_client_custom.cc +13 -15
  703. data/src/core/lib/iomgr/tcp_client_posix.cc +31 -37
  704. data/src/core/lib/iomgr/tcp_client_windows.cc +10 -11
  705. data/src/core/lib/iomgr/tcp_custom.cc +56 -36
  706. data/src/core/lib/iomgr/tcp_custom.h +1 -1
  707. data/src/core/lib/iomgr/tcp_posix.cc +48 -29
  708. data/src/core/lib/iomgr/tcp_server.cc +3 -4
  709. data/src/core/lib/iomgr/tcp_server.h +7 -5
  710. data/src/core/lib/iomgr/tcp_server_custom.cc +39 -45
  711. data/src/core/lib/iomgr/tcp_server_posix.cc +38 -44
  712. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
  713. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +7 -8
  714. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
  715. data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
  716. data/src/core/lib/iomgr/tcp_uv.cc +5 -4
  717. data/src/core/lib/iomgr/tcp_windows.cc +26 -10
  718. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  719. data/src/core/lib/iomgr/timer_custom.cc +5 -5
  720. data/src/core/lib/iomgr/timer_generic.cc +20 -20
  721. data/src/core/lib/{gprpp/inlined_vector.h → iomgr/timer_generic.h} +19 -17
  722. data/src/core/lib/iomgr/timer_heap.h +2 -3
  723. data/src/core/lib/iomgr/timer_manager.cc +3 -3
  724. data/src/core/lib/iomgr/udp_server.cc +33 -38
  725. data/src/core/lib/iomgr/udp_server.h +6 -4
  726. data/src/core/lib/iomgr/unix_sockets_posix.cc +36 -30
  727. data/src/core/lib/iomgr/unix_sockets_posix.h +8 -1
  728. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +12 -2
  729. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
  730. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
  731. data/src/core/lib/json/json.h +15 -4
  732. data/src/core/lib/json/json_reader.cc +33 -30
  733. data/src/core/lib/json/json_util.cc +58 -0
  734. data/src/core/lib/json/json_util.h +204 -0
  735. data/src/core/lib/json/json_writer.cc +15 -13
  736. data/src/core/lib/matchers/matchers.cc +339 -0
  737. data/src/core/lib/matchers/matchers.h +160 -0
  738. data/src/core/lib/security/context/security_context.cc +4 -3
  739. data/src/core/lib/security/context/security_context.h +3 -1
  740. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
  741. data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
  742. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  743. data/src/core/lib/security/credentials/composite/composite_credentials.cc +12 -0
  744. data/src/core/lib/security/credentials/composite/composite_credentials.h +6 -3
  745. data/src/core/lib/security/credentials/credentials.cc +7 -91
  746. data/src/core/lib/security/credentials/credentials.h +18 -66
  747. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
  748. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
  749. data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
  750. data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
  751. data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
  752. data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
  753. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
  754. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
  755. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
  756. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
  757. data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -2
  758. data/src/core/lib/security/credentials/fake/fake_credentials.h +4 -0
  759. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
  760. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +90 -67
  761. data/src/core/lib/security/credentials/iam/iam_credentials.cc +8 -6
  762. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  763. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
  764. data/src/core/lib/security/credentials/jwt/json_token.cc +4 -4
  765. data/src/core/lib/security/credentials/jwt/json_token.h +2 -5
  766. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
  767. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +13 -0
  768. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +13 -19
  769. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -3
  770. data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
  771. data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
  772. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +109 -97
  773. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +14 -7
  774. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +20 -7
  775. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  776. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +27 -6
  777. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +12 -2
  778. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +346 -0
  779. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +213 -0
  780. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
  781. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
  782. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -140
  783. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +74 -167
  784. data/src/core/lib/security/credentials/tls/tls_credentials.cc +18 -13
  785. data/src/core/lib/security/credentials/tls/tls_credentials.h +3 -3
  786. data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
  787. data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
  788. data/src/core/lib/security/credentials/xds/xds_credentials.cc +244 -0
  789. data/src/core/lib/security/credentials/xds/xds_credentials.h +69 -0
  790. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +22 -7
  791. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +27 -32
  792. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
  793. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
  794. data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
  795. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -2
  796. data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
  797. data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
  798. data/src/core/lib/security/security_connector/security_connector.cc +6 -3
  799. data/src/core/lib/security/security_connector/security_connector.h +6 -4
  800. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +42 -40
  801. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
  802. data/src/core/lib/security/security_connector/ssl_utils.cc +100 -27
  803. data/src/core/lib/security/security_connector/ssl_utils.h +37 -31
  804. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +394 -284
  805. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +108 -42
  806. data/src/core/lib/security/transport/auth_filters.h +0 -5
  807. data/src/core/lib/security/transport/client_auth_filter.cc +11 -11
  808. data/src/core/lib/security/transport/secure_endpoint.cc +9 -3
  809. data/src/core/lib/security/transport/security_handshaker.cc +36 -8
  810. data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
  811. data/src/core/lib/security/util/json_util.cc +12 -13
  812. data/src/core/lib/security/util/json_util.h +1 -0
  813. data/src/core/lib/slice/slice.cc +45 -5
  814. data/src/core/lib/slice/slice_buffer.cc +2 -1
  815. data/src/core/lib/slice/slice_intern.cc +13 -16
  816. data/src/core/lib/slice/slice_internal.h +17 -2
  817. data/src/core/lib/slice/slice_utils.h +9 -0
  818. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  819. data/src/core/lib/surface/call.cc +95 -88
  820. data/src/core/lib/surface/call.h +2 -1
  821. data/src/core/lib/surface/call_details.cc +8 -8
  822. data/src/core/lib/surface/call_log_batch.cc +50 -58
  823. data/src/core/lib/surface/channel.cc +86 -72
  824. data/src/core/lib/surface/channel.h +54 -7
  825. data/src/core/lib/surface/channel_init.cc +1 -1
  826. data/src/core/lib/surface/channel_ping.cc +2 -3
  827. data/src/core/lib/surface/completion_queue.cc +64 -63
  828. data/src/core/lib/surface/completion_queue.h +16 -16
  829. data/src/core/lib/surface/event_string.cc +18 -25
  830. data/src/core/lib/surface/event_string.h +3 -1
  831. data/src/core/lib/surface/init.cc +45 -29
  832. data/src/core/lib/surface/init_secure.cc +1 -4
  833. data/src/core/lib/surface/lame_client.cc +47 -54
  834. data/src/core/lib/surface/lame_client.h +5 -0
  835. data/src/core/lib/surface/server.cc +1309 -1300
  836. data/src/core/lib/surface/server.h +469 -45
  837. data/src/core/lib/surface/validate_metadata.h +3 -0
  838. data/src/core/lib/surface/version.cc +2 -2
  839. data/src/core/lib/transport/authority_override.cc +40 -0
  840. data/src/core/lib/transport/authority_override.h +37 -0
  841. data/src/core/lib/transport/bdp_estimator.cc +1 -1
  842. data/src/core/lib/transport/bdp_estimator.h +2 -1
  843. data/src/core/lib/transport/byte_stream.h +10 -5
  844. data/src/core/lib/transport/connectivity_state.cc +23 -17
  845. data/src/core/lib/transport/connectivity_state.h +31 -15
  846. data/src/core/lib/transport/error_utils.cc +13 -0
  847. data/src/core/lib/transport/error_utils.h +7 -1
  848. data/src/core/lib/transport/metadata.cc +19 -5
  849. data/src/core/lib/transport/metadata.h +2 -2
  850. data/src/core/lib/transport/metadata_batch.cc +27 -0
  851. data/src/core/lib/transport/metadata_batch.h +20 -7
  852. data/src/core/lib/transport/static_metadata.cc +296 -277
  853. data/src/core/lib/transport/static_metadata.h +81 -74
  854. data/src/core/lib/transport/status_conversion.cc +6 -14
  855. data/src/core/lib/transport/status_metadata.cc +4 -3
  856. data/src/core/lib/transport/timeout_encoding.cc +4 -4
  857. data/src/core/lib/transport/transport.cc +7 -6
  858. data/src/core/lib/transport/transport.h +24 -10
  859. data/src/core/lib/transport/transport_op_string.cc +61 -102
  860. data/src/core/lib/uri/uri_parser.cc +135 -258
  861. data/src/core/lib/uri/uri_parser.h +60 -23
  862. data/src/core/plugin_registry/grpc_plugin_registry.cc +65 -12
  863. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  864. data/src/core/tsi/alts/crypt/gsec.cc +5 -4
  865. data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
  866. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +49 -38
  867. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  868. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +98 -48
  869. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +9 -1
  870. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +3 -3
  871. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  872. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
  873. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
  874. data/src/core/tsi/fake_transport_security.cc +27 -20
  875. data/src/core/tsi/local_transport_security.cc +5 -1
  876. data/src/core/tsi/local_transport_security.h +6 -7
  877. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -2
  878. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  879. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
  880. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +3 -4
  881. data/src/core/tsi/ssl_transport_security.cc +226 -105
  882. data/src/core/tsi/ssl_transport_security.h +28 -16
  883. data/src/core/tsi/ssl_types.h +0 -2
  884. data/src/core/tsi/transport_security.cc +10 -8
  885. data/src/core/tsi/transport_security.h +6 -9
  886. data/src/core/tsi/transport_security_grpc.h +2 -3
  887. data/src/core/tsi/transport_security_interface.h +9 -4
  888. data/src/ruby/bin/math_services_pb.rb +4 -4
  889. data/src/ruby/ext/grpc/extconf.rb +15 -4
  890. data/src/ruby/ext/grpc/rb_call.c +12 -3
  891. data/src/ruby/ext/grpc/rb_call.h +4 -0
  892. data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
  893. data/src/ruby/ext/grpc/rb_channel.c +10 -1
  894. data/src/ruby/ext/grpc/rb_channel_credentials.c +20 -1
  895. data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
  896. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  897. data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
  898. data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
  899. data/src/ruby/ext/grpc/rb_grpc.c +4 -0
  900. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +44 -18
  901. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +83 -44
  902. data/src/ruby/ext/grpc/rb_server.c +13 -1
  903. data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
  904. data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
  905. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
  906. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
  907. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
  908. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
  909. data/src/ruby/lib/grpc/errors.rb +103 -42
  910. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  911. data/src/ruby/lib/grpc/generic/client_stub.rb +5 -3
  912. data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
  913. data/src/ruby/lib/grpc/generic/rpc_server.rb +9 -10
  914. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  915. data/src/ruby/lib/grpc/structs.rb +1 -1
  916. data/src/ruby/lib/grpc/version.rb +1 -1
  917. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  918. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
  919. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +51 -0
  920. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +61 -11
  921. data/src/ruby/spec/call_spec.rb +1 -1
  922. data/src/ruby/spec/channel_credentials_spec.rb +42 -0
  923. data/src/ruby/spec/channel_spec.rb +17 -6
  924. data/src/ruby/spec/client_auth_spec.rb +27 -1
  925. data/src/ruby/spec/debug_message_spec.rb +134 -0
  926. data/src/ruby/spec/errors_spec.rb +1 -1
  927. data/src/ruby/spec/generic/active_call_spec.rb +21 -10
  928. data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
  929. data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
  930. data/src/ruby/spec/generic/service_spec.rb +2 -0
  931. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  932. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +7 -0
  933. data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
  934. data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
  935. data/src/ruby/spec/pb/codegen/package_option_spec.rb +29 -7
  936. data/src/ruby/spec/server_credentials_spec.rb +25 -0
  937. data/src/ruby/spec/server_spec.rb +22 -0
  938. data/src/ruby/spec/support/services.rb +10 -4
  939. data/src/ruby/spec/testdata/ca.pem +18 -13
  940. data/src/ruby/spec/testdata/client.key +26 -14
  941. data/src/ruby/spec/testdata/client.pem +18 -12
  942. data/src/ruby/spec/testdata/server1.key +26 -14
  943. data/src/ruby/spec/testdata/server1.pem +20 -14
  944. data/src/ruby/spec/user_agent_spec.rb +74 -0
  945. data/third_party/abseil-cpp/absl/algorithm/container.h +1764 -0
  946. data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
  947. data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
  948. data/third_party/abseil-cpp/absl/base/casts.h +9 -6
  949. data/third_party/abseil-cpp/absl/base/config.h +60 -17
  950. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
  951. data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
  952. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +166 -0
  953. data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
  954. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
  955. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
  956. data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
  957. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
  958. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
  959. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
  960. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
  961. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
  962. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
  963. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
  964. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
  965. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
  966. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
  967. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
  968. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
  969. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
  970. data/third_party/abseil-cpp/absl/base/macros.h +36 -109
  971. data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
  972. data/third_party/abseil-cpp/absl/base/options.h +31 -4
  973. data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
  974. data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
  975. data/third_party/abseil-cpp/absl/container/fixed_array.h +532 -0
  976. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
  977. data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
  978. data/third_party/abseil-cpp/absl/container/internal/common.h +206 -0
  979. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
  980. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +460 -0
  981. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +161 -0
  982. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +208 -0
  983. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
  984. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +270 -0
  985. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +321 -0
  986. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
  987. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +50 -0
  988. data/third_party/abseil-cpp/absl/container/internal/layout.h +743 -0
  989. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
  990. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
  991. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1903 -0
  992. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +139 -0
  993. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
  994. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1945 -0
  995. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
  996. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
  997. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
  998. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +196 -0
  999. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +134 -0
  1000. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +89 -0
  1001. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +108 -0
  1002. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
  1003. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
  1004. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +93 -0
  1005. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
  1006. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +149 -0
  1007. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +173 -0
  1008. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
  1009. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
  1010. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
  1011. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +36 -0
  1012. data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
  1013. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
  1014. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1560 -0
  1015. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
  1016. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
  1017. data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
  1018. data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
  1019. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
  1020. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
  1021. data/third_party/abseil-cpp/absl/hash/hash.h +325 -0
  1022. data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
  1023. data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
  1024. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
  1025. data/third_party/abseil-cpp/absl/hash/internal/hash.h +996 -0
  1026. data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
  1027. data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
  1028. data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
  1029. data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
  1030. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
  1031. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
  1032. data/third_party/abseil-cpp/absl/status/status.cc +445 -0
  1033. data/third_party/abseil-cpp/absl/status/status.h +817 -0
  1034. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +38 -0
  1035. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
  1036. data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
  1037. data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
  1038. data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
  1039. data/third_party/abseil-cpp/absl/strings/cord.cc +1998 -0
  1040. data/third_party/abseil-cpp/absl/strings/cord.h +1276 -0
  1041. data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
  1042. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
  1043. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
  1044. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
  1045. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  1046. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +173 -0
  1047. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
  1048. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
  1049. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
  1050. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
  1051. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
  1052. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
  1053. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
  1054. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
  1055. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
  1056. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
  1057. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
  1058. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
  1059. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
  1060. data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
  1061. data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
  1062. data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
  1063. data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
  1064. data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
  1065. data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
  1066. data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
  1067. data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
  1068. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
  1069. data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
  1070. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
  1071. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
  1072. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
  1073. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
  1074. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +698 -0
  1075. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
  1076. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
  1077. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +249 -0
  1078. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
  1079. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
  1080. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +492 -0
  1081. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
  1082. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2739 -0
  1083. data/third_party/abseil-cpp/absl/synchronization/mutex.h +1065 -0
  1084. data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
  1085. data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
  1086. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  1087. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  1088. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  1089. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  1090. data/third_party/abseil-cpp/absl/time/duration.cc +953 -0
  1091. data/third_party/abseil-cpp/absl/time/format.cc +160 -0
  1092. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  1093. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +632 -0
  1094. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +386 -0
  1095. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  1096. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  1097. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  1098. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  1099. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1029 -0
  1100. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  1101. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  1102. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +113 -0
  1103. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  1104. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +965 -0
  1105. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +137 -0
  1106. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +309 -0
  1107. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  1108. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  1109. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  1110. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  1111. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  1112. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +116 -0
  1113. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  1114. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  1115. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  1116. data/third_party/abseil-cpp/absl/time/time.h +1583 -0
  1117. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
  1118. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
  1119. data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
  1120. data/third_party/abseil-cpp/absl/types/optional.h +9 -9
  1121. data/third_party/abseil-cpp/absl/types/span.h +49 -36
  1122. data/third_party/abseil-cpp/absl/types/variant.h +861 -0
  1123. data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
  1124. data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
  1125. data/third_party/boringssl-with-bazel/err_data.c +759 -707
  1126. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +6 -6
  1127. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +5 -5
  1128. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +6 -6
  1129. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +6 -13
  1130. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  1131. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
  1132. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +5 -3
  1133. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
  1134. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -20
  1135. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
  1136. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
  1137. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
  1138. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
  1139. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
  1140. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
  1141. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
  1142. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
  1143. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
  1144. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
  1145. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
  1146. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
  1147. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  1148. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
  1149. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  1150. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
  1151. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
  1152. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +1 -1
  1153. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  1154. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
  1155. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
  1156. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  1157. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +18 -7
  1158. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
  1159. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +13 -4
  1160. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  1161. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519.c +18 -26
  1162. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/curve25519_tables.h +13 -21
  1163. data/third_party/boringssl-with-bazel/src/{third_party/fiat → crypto/curve25519}/internal.h +14 -22
  1164. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -1
  1165. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  1166. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
  1167. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
  1168. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +19 -43
  1169. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
  1170. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
  1171. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  1172. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
  1173. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
  1174. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +2 -2
  1175. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +33 -32
  1176. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
  1177. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +159 -0
  1178. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
  1179. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1 -1
  1180. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
  1181. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +5 -2
  1182. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  1183. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
  1184. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +3 -3
  1185. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +34 -13
  1186. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +8 -8
  1187. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +30 -154
  1188. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
  1189. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
  1190. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  1191. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +149 -211
  1192. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  1193. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +16 -0
  1194. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +301 -117
  1195. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +22 -28
  1196. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +96 -55
  1197. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +25 -7
  1198. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +434 -161
  1199. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +63 -71
  1200. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +18 -25
  1201. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9481 -9485
  1202. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +104 -122
  1203. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
  1204. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  1205. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +90 -11
  1206. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +125 -148
  1207. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +189 -3
  1208. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
  1209. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +61 -18
  1210. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +2 -2
  1211. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +20 -5
  1212. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  1213. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  1214. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  1215. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +69 -5
  1216. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +162 -55
  1217. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +24 -121
  1218. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +4 -0
  1219. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +5 -0
  1220. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +73 -40
  1221. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +122 -55
  1222. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +217 -2
  1223. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +44 -35
  1224. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +532 -0
  1225. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +246 -0
  1226. data/third_party/boringssl-with-bazel/src/crypto/mem.c +47 -16
  1227. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +15 -1
  1228. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
  1229. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
  1230. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
  1231. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  1232. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  1233. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +6 -10
  1234. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
  1235. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
  1236. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +16 -0
  1237. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  1238. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +4 -0
  1239. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +4 -0
  1240. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +318 -0
  1241. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1399 -0
  1242. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +858 -0
  1243. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
  1244. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +7 -7
  1245. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +10 -0
  1246. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
  1247. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
  1248. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
  1249. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
  1250. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
  1251. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +21 -37
  1252. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +27 -21
  1253. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
  1254. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
  1255. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
  1256. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +89 -11
  1257. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +7 -4
  1258. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
  1259. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +4 -4
  1260. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +62 -44
  1261. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +67 -25
  1262. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +13 -11
  1263. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
  1264. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
  1265. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +38 -17
  1266. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
  1267. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  1268. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
  1269. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
  1270. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +68 -9
  1271. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  1272. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
  1273. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
  1274. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
  1275. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
  1276. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +25 -24
  1277. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
  1278. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +32 -28
  1279. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
  1280. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
  1281. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +42 -22
  1282. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  1283. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
  1284. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
  1285. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +2 -2
  1286. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +126 -40
  1287. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -7
  1288. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
  1289. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
  1290. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
  1291. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +54 -0
  1292. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +662 -556
  1293. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
  1294. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -7
  1295. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
  1296. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  1297. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
  1298. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +25 -0
  1299. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
  1300. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +10 -5
  1301. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
  1302. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +82 -20
  1303. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +11 -0
  1304. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +16 -0
  1305. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
  1306. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +6 -0
  1307. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +2 -0
  1308. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +85 -3
  1309. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +5 -0
  1310. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
  1311. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
  1312. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +6 -17
  1313. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +31 -0
  1314. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +26 -0
  1315. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
  1316. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +359 -120
  1317. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +33 -10
  1318. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +310 -0
  1319. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1140 -755
  1320. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +1 -0
  1321. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +593 -440
  1322. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
  1323. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +0 -4
  1324. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +3 -3
  1325. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -4
  1326. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +181 -57
  1327. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +45 -26
  1328. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +43 -45
  1329. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +32 -10
  1330. data/third_party/boringssl-with-bazel/src/ssl/internal.h +160 -80
  1331. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +10 -10
  1332. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -3
  1333. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -21
  1334. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +77 -8
  1335. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +7 -6
  1336. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
  1337. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +131 -15
  1338. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +13 -2
  1339. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +50 -15
  1340. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +6 -0
  1341. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
  1342. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
  1343. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +53 -30
  1344. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +636 -100
  1345. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +2 -3
  1346. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +187 -68
  1347. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +71 -90
  1348. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +247 -73
  1349. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +63 -25
  1350. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
  1351. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +245 -175
  1352. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +135 -75
  1353. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +1593 -1672
  1354. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +512 -503
  1355. data/third_party/re2/re2/bitmap256.h +117 -0
  1356. data/third_party/re2/re2/bitstate.cc +385 -0
  1357. data/third_party/re2/re2/compile.cc +1279 -0
  1358. data/third_party/re2/re2/dfa.cc +2130 -0
  1359. data/third_party/re2/re2/filtered_re2.cc +121 -0
  1360. data/third_party/re2/re2/filtered_re2.h +109 -0
  1361. data/third_party/re2/re2/mimics_pcre.cc +197 -0
  1362. data/third_party/re2/re2/nfa.cc +713 -0
  1363. data/third_party/re2/re2/onepass.cc +623 -0
  1364. data/third_party/re2/re2/parse.cc +2464 -0
  1365. data/third_party/re2/re2/perl_groups.cc +119 -0
  1366. data/third_party/re2/re2/pod_array.h +55 -0
  1367. data/third_party/re2/re2/prefilter.cc +710 -0
  1368. data/third_party/re2/re2/prefilter.h +108 -0
  1369. data/third_party/re2/re2/prefilter_tree.cc +407 -0
  1370. data/third_party/re2/re2/prefilter_tree.h +139 -0
  1371. data/third_party/re2/re2/prog.cc +988 -0
  1372. data/third_party/re2/re2/prog.h +436 -0
  1373. data/third_party/re2/re2/re2.cc +1362 -0
  1374. data/third_party/re2/re2/re2.h +1002 -0
  1375. data/third_party/re2/re2/regexp.cc +980 -0
  1376. data/third_party/re2/re2/regexp.h +659 -0
  1377. data/third_party/re2/re2/set.cc +154 -0
  1378. data/third_party/re2/re2/set.h +80 -0
  1379. data/third_party/re2/re2/simplify.cc +657 -0
  1380. data/third_party/re2/re2/sparse_array.h +392 -0
  1381. data/third_party/re2/re2/sparse_set.h +264 -0
  1382. data/third_party/re2/re2/stringpiece.cc +65 -0
  1383. data/third_party/re2/re2/stringpiece.h +210 -0
  1384. data/third_party/re2/re2/tostring.cc +351 -0
  1385. data/third_party/re2/re2/unicode_casefold.cc +582 -0
  1386. data/third_party/re2/re2/unicode_casefold.h +78 -0
  1387. data/third_party/re2/re2/unicode_groups.cc +6269 -0
  1388. data/third_party/re2/re2/unicode_groups.h +67 -0
  1389. data/third_party/re2/re2/walker-inl.h +246 -0
  1390. data/third_party/re2/util/benchmark.h +156 -0
  1391. data/third_party/re2/util/flags.h +26 -0
  1392. data/third_party/re2/util/logging.h +109 -0
  1393. data/third_party/re2/util/malloc_counter.h +19 -0
  1394. data/third_party/re2/util/mix.h +41 -0
  1395. data/third_party/re2/util/mutex.h +148 -0
  1396. data/third_party/re2/util/pcre.cc +1025 -0
  1397. data/third_party/re2/util/pcre.h +681 -0
  1398. data/third_party/re2/util/rune.cc +260 -0
  1399. data/third_party/re2/util/strutil.cc +149 -0
  1400. data/third_party/re2/util/strutil.h +21 -0
  1401. data/third_party/re2/util/test.h +50 -0
  1402. data/third_party/re2/util/utf.h +44 -0
  1403. data/third_party/re2/util/util.h +42 -0
  1404. data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
  1405. data/third_party/upb/upb/decode.c +604 -511
  1406. data/third_party/upb/upb/decode.h +20 -1
  1407. data/third_party/upb/upb/decode.int.h +163 -0
  1408. data/third_party/upb/upb/decode_fast.c +1040 -0
  1409. data/third_party/upb/upb/decode_fast.h +126 -0
  1410. data/third_party/upb/upb/def.c +2178 -0
  1411. data/third_party/upb/upb/def.h +315 -0
  1412. data/third_party/upb/upb/def.hpp +439 -0
  1413. data/third_party/upb/upb/encode.c +311 -211
  1414. data/third_party/upb/upb/encode.h +27 -2
  1415. data/third_party/upb/upb/msg.c +215 -70
  1416. data/third_party/upb/upb/msg.h +558 -14
  1417. data/third_party/upb/upb/port_def.inc +105 -63
  1418. data/third_party/upb/upb/port_undef.inc +10 -7
  1419. data/third_party/upb/upb/reflection.c +408 -0
  1420. data/third_party/upb/upb/reflection.h +168 -0
  1421. data/third_party/upb/upb/table.c +73 -269
  1422. data/third_party/upb/upb/table.int.h +25 -57
  1423. data/third_party/upb/upb/text_encode.c +421 -0
  1424. data/third_party/upb/upb/text_encode.h +38 -0
  1425. data/third_party/upb/upb/upb.c +138 -135
  1426. data/third_party/upb/upb/upb.h +119 -146
  1427. data/third_party/upb/upb/upb.hpp +88 -0
  1428. data/third_party/upb/upb/upb.int.h +29 -0
  1429. data/third_party/xxhash/xxhash.h +5443 -0
  1430. metadata +686 -160
  1431. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -1754
  1432. data/src/core/ext/filters/client_channel/parse_address.cc +0 -237
  1433. data/src/core/ext/filters/client_channel/parse_address.h +0 -53
  1434. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -484
  1435. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -65
  1436. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -359
  1437. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -122
  1438. data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -1779
  1439. data/src/core/ext/filters/client_channel/xds/xds_api.h +0 -280
  1440. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +0 -347
  1441. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +0 -87
  1442. data/src/core/ext/filters/client_channel/xds/xds_channel.h +0 -46
  1443. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +0 -104
  1444. data/src/core/ext/filters/client_channel/xds/xds_client.h +0 -274
  1445. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +0 -116
  1446. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -246
  1447. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -905
  1448. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -53
  1449. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -390
  1450. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1411
  1451. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -73
  1452. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -218
  1453. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +0 -34
  1454. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
  1455. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +0 -54
  1456. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -305
  1457. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -111
  1458. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -328
  1459. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -292
  1460. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -847
  1461. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -95
  1462. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -322
  1463. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -196
  1464. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -642
  1465. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -168
  1466. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -658
  1467. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +0 -35
  1468. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
  1469. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -132
  1470. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -436
  1471. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -128
  1472. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -392
  1473. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +0 -30
  1474. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -53
  1475. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -91
  1476. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -240
  1477. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -17
  1478. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -33
  1479. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -88
  1480. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -258
  1481. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -111
  1482. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -324
  1483. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +0 -30
  1484. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -53
  1485. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -104
  1486. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -383
  1487. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -17
  1488. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -33
  1489. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -144
  1490. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -527
  1491. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -42
  1492. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -112
  1493. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -53
  1494. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -62
  1495. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -199
  1496. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -17
  1497. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -33
  1498. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -793
  1499. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -2936
  1500. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -58
  1501. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -134
  1502. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -53
  1503. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -227
  1504. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -725
  1505. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -296
  1506. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1072
  1507. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +0 -32
  1508. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
  1509. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +0 -23
  1510. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -50
  1511. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -52
  1512. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -130
  1513. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -47
  1514. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -108
  1515. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -52
  1516. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
  1517. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -87
  1518. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
  1519. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +0 -38
  1520. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -87
  1521. data/src/core/ext/upb-generated/envoy/type/range.upb.c +0 -49
  1522. data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -112
  1523. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +0 -28
  1524. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -62
  1525. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -88
  1526. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -249
  1527. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
  1528. data/src/core/lib/gprpp/map.h +0 -59
  1529. data/src/core/lib/gprpp/string_view.h +0 -60
  1530. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
  1531. data/src/core/lib/security/transport/target_authority_table.cc +0 -75
  1532. data/src/core/lib/security/transport/target_authority_table.h +0 -40
  1533. data/src/core/lib/slice/slice_hash_table.h +0 -199
  1534. data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
  1535. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3311
  1536. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
  1537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
  1538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
  1539. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256.c +0 -1063
  1540. data/third_party/upb/upb/generated_util.h +0 -105
  1541. data/third_party/upb/upb/port.c +0 -26
data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc CHANGED
@@ -791,7 +791,8 @@ int SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str) {
791
791
 
792
792
  if (!SSL_CTX_set_signing_algorithm_prefs(ctx, sigalgs.data(),
793
793
  sigalgs.size()) ||
794
- !ctx->verify_sigalgs.CopyFrom(sigalgs)) {
794
+ !SSL_CTX_set_verify_algorithm_prefs(ctx, sigalgs.data(),
795
+ sigalgs.size())) {
795
796
  return 0;
796
797
  }
797
798
 
@@ -811,7 +812,7 @@ int SSL_set1_sigalgs_list(SSL *ssl, const char *str) {
811
812
  }
812
813
 
813
814
  if (!SSL_set_signing_algorithm_prefs(ssl, sigalgs.data(), sigalgs.size()) ||
814
- !ssl->config->verify_sigalgs.CopyFrom(sigalgs)) {
815
+ !SSL_set_verify_algorithm_prefs(ssl, sigalgs.data(), sigalgs.size())) {
815
816
  return 0;
816
817
  }
817
818
 
@@ -822,3 +823,13 @@ int SSL_CTX_set_verify_algorithm_prefs(SSL_CTX *ctx, const uint16_t *prefs,
822
823
  size_t num_prefs) {
823
824
  return ctx->verify_sigalgs.CopyFrom(MakeConstSpan(prefs, num_prefs));
824
825
  }
826
+
827
+ int SSL_set_verify_algorithm_prefs(SSL *ssl, const uint16_t *prefs,
828
+ size_t num_prefs) {
829
+ if (!ssl->config) {
830
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
831
+ return 0;
832
+ }
833
+
834
+ return ssl->config->verify_sigalgs.CopyFrom(MakeConstSpan(prefs, num_prefs));
835
+ }
data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc CHANGED
@@ -197,13 +197,13 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
197
197
 
198
198
  new_session->is_server = session->is_server;
199
199
  new_session->ssl_version = session->ssl_version;
200
+ new_session->is_quic = session->is_quic;
200
201
  new_session->sid_ctx_length = session->sid_ctx_length;
201
202
  OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
202
203
 
203
204
  // Copy the key material.
204
- new_session->master_key_length = session->master_key_length;
205
- OPENSSL_memcpy(new_session->master_key, session->master_key,
206
- session->master_key_length);
205
+ new_session->secret_length = session->secret_length;
206
+ OPENSSL_memcpy(new_session->secret, session->secret, session->secret_length);
207
207
  new_session->cipher = session->cipher;
208
208
 
209
209
  // Copy authentication state.
@@ -263,8 +263,15 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
263
263
  new_session->ticket_age_add = session->ticket_age_add;
264
264
  new_session->ticket_max_early_data = session->ticket_max_early_data;
265
265
  new_session->extended_master_secret = session->extended_master_secret;
266
-
267
- if (!new_session->early_alpn.CopyFrom(session->early_alpn)) {
266
+ new_session->has_application_settings = session->has_application_settings;
267
+
268
+ if (!new_session->early_alpn.CopyFrom(session->early_alpn) ||
269
+ !new_session->quic_early_data_context.CopyFrom(
270
+ session->quic_early_data_context) ||
271
+ !new_session->local_application_settings.CopyFrom(
272
+ session->local_application_settings) ||
273
+ !new_session->peer_application_settings.CopyFrom(
274
+ session->peer_application_settings)) {
268
275
  return nullptr;
269
276
  }
270
277
  }
@@ -357,6 +364,7 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
357
364
 
358
365
  session->is_server = is_server;
359
366
  session->ssl_version = ssl->version;
367
+ session->is_quic = ssl->quic_method != nullptr;
360
368
 
361
369
  // Fill in the time from the |SSL_CTX|'s clock.
362
370
  struct OPENSSL_timeval now;
@@ -624,10 +632,14 @@ int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
624
632
  ssl->server == session->is_server &&
625
633
  // The session must not be expired.
626
634
  ssl_session_is_time_valid(ssl, session) &&
627
- /* Only resume if the session's version matches the negotiated
628
- * version. */
635
+ // Only resume if the session's version matches the negotiated
636
+ // version.
629
637
  ssl->version == session->ssl_version &&
630
- // Only resume if the session's cipher matches the negotiated one.
638
+ // Only resume if the session's cipher matches the negotiated one. This
639
+ // is stricter than necessary for TLS 1.3, which allows cross-cipher
640
+ // resumption if the PRF hashes match. We require an exact match for
641
+ // simplicity. If loosening this, the 0-RTT accept logic must be
642
+ // updated to check the cipher.
631
643
  hs->new_cipher == session->cipher &&
632
644
  // If the session contains a client certificate (either the full
633
645
  // certificate or just the hash) then require that the form of the
@@ -635,7 +647,10 @@ int ssl_session_is_resumable(const SSL_HANDSHAKE *hs,
635
647
  ((sk_CRYPTO_BUFFER_num(session->certs.get()) == 0 &&
636
648
  !session->peer_sha256_valid) ||
637
649
  session->peer_sha256_valid ==
638
- hs->config->retain_only_sha256_of_client_certs);
650
+ hs->config->retain_only_sha256_of_client_certs) &&
651
+ // Only resume if the underlying transport protocol hasn't changed.
652
+ // This is to prevent cross-protocol resumption between QUIC and TCP.
653
+ (hs->ssl->quic_method != nullptr) == session->is_quic;
639
654
  }
640
655
 
641
656
  // ssl_lookup_session looks up |session_id| in the session cache and sets
@@ -849,7 +864,9 @@ ssl_session_st::ssl_session_st(const SSL_X509_METHOD *method)
849
864
  peer_sha256_valid(false),
850
865
  not_resumable(false),
851
866
  ticket_age_add_valid(false),
852
- is_server(false) {
867
+ is_server(false),
868
+ is_quic(false),
869
+ has_application_settings(false) {
853
870
  CRYPTO_new_ex_data(&ex_data);
854
871
  time = ::time(nullptr);
855
872
  }
@@ -945,14 +962,14 @@ void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
945
962
 
946
963
  size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
947
964
  size_t max_out) {
948
- // TODO(davidben): Fix master_key_length's type and remove these casts.
965
+ // TODO(davidben): Fix secret_length's type and remove these casts.
949
966
  if (max_out == 0) {
950
- return (size_t)session->master_key_length;
967
+ return (size_t)session->secret_length;
951
968
  }
952
- if (max_out > (size_t)session->master_key_length) {
953
- max_out = (size_t)session->master_key_length;
969
+ if (max_out > (size_t)session->secret_length) {
970
+ max_out = (size_t)session->secret_length;
954
971
  }
955
- OPENSSL_memcpy(out, session->master_key, max_out);
972
+ OPENSSL_memcpy(out, session->secret, max_out);
956
973
  return max_out;
957
974
  }
958
975
 
@@ -1050,6 +1067,24 @@ int SSL_SESSION_early_data_capable(const SSL_SESSION *session) {
1050
1067
  session->ticket_max_early_data != 0;
1051
1068
  }
1052
1069
 
1070
+ SSL_SESSION *SSL_SESSION_copy_without_early_data(SSL_SESSION *session) {
1071
+ if (!SSL_SESSION_early_data_capable(session)) {
1072
+ return UpRef(session).release();
1073
+ }
1074
+
1075
+ bssl::UniquePtr<SSL_SESSION> copy =
1076
+ SSL_SESSION_dup(session, SSL_SESSION_DUP_ALL);
1077
+ if (!copy) {
1078
+ return nullptr;
1079
+ }
1080
+
1081
+ copy->ticket_max_early_data = 0;
1082
+ // Copied sessions are non-resumable until they're completely filled in.
1083
+ copy->not_resumable = session->not_resumable;
1084
+ assert(!SSL_SESSION_early_data_capable(copy.get()));
1085
+ return copy.release();
1086
+ }
1087
+
1053
1088
  SSL_SESSION *SSL_magic_pending_session_ptr(void) {
1054
1089
  return (SSL_SESSION *)&g_pending_session_magic;
1055
1090
  }
data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc CHANGED
@@ -197,6 +197,9 @@ const char *SSL_alert_desc_string_long(int value) {
197
197
  case TLS1_AD_NO_RENEGOTIATION:
198
198
  return "no renegotiation";
199
199
 
200
+ case TLS1_AD_MISSING_EXTENSION:
201
+ return "missing extension";
202
+
200
203
  case TLS1_AD_UNSUPPORTED_EXTENSION:
201
204
  return "unsupported extension";
202
205
 
@@ -218,6 +221,9 @@ const char *SSL_alert_desc_string_long(int value) {
218
221
  case TLS1_AD_CERTIFICATE_REQUIRED:
219
222
  return "certificate required";
220
223
 
224
+ case TLS1_AD_NO_APPLICATION_PROTOCOL:
225
+ return "no application protocol";
226
+
221
227
  default:
222
228
  return "unknown";
223
229
  }
data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc CHANGED
@@ -265,8 +265,8 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len,
265
265
 
266
266
  static const size_t kFinishedLen = 12;
267
267
  if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen),
268
- MakeConstSpan(session->master_key, session->master_key_length),
269
- label, MakeConstSpan(digest, digest_len), {})) {
268
+ MakeConstSpan(session->secret, session->secret_length), label,
269
+ MakeConstSpan(digest, digest_len), {})) {
270
270
  return false;
271
271
  }
272
272
 
data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc CHANGED
@@ -193,11 +193,11 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version,
193
193
  min_version = TLS1_3_VERSION;
194
194
  }
195
195
 
196
- // OpenSSL's API for controlling versions entails blacklisting individual
197
- // protocols. This has two problems. First, on the client, the protocol can
198
- // only express a contiguous range of versions. Second, a library consumer
199
- // trying to set a maximum version cannot disable protocol versions that get
200
- // added in a future version of the library.
196
+ // The |SSL_OP_NO_*| flags disable individual protocols. This has two
197
+ // problems. First, prior to TLS 1.3, the protocol can only express a
198
+ // contiguous range of versions. Second, a library consumer trying to set a
199
+ // maximum version cannot disable protocol versions that get added in a future
200
+ // version of the library.
201
201
  //
202
202
  // To account for both of these, OpenSSL interprets the client-side bitmask
203
203
  // as a min/max range by picking the lowest contiguous non-empty range of
data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc CHANGED
@@ -189,21 +189,35 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len,
189
189
  return true;
190
190
  }
191
191
 
192
- int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
193
- Array<uint8_t> *key_block_cache,
194
- const SSL_CIPHER *cipher,
195
- Span<const uint8_t> iv_override) {
192
+ static bool generate_key_block(const SSL *ssl, Span<uint8_t> out,
193
+ const SSL_SESSION *session) {
194
+ auto secret = MakeConstSpan(session->secret, session->secret_length);
195
+ static const char kLabel[] = "key expansion";
196
+ auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1);
197
+
198
+ const EVP_MD *digest = ssl_session_get_digest(session);
199
+ // Note this function assumes that |session|'s key material corresponds to
200
+ // |ssl->s3->client_random| and |ssl->s3->server_random|.
201
+ return tls1_prf(digest, out, secret, label, ssl->s3->server_random,
202
+ ssl->s3->client_random);
203
+ }
204
+
205
+ bool tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
206
+ Array<uint8_t> *key_block_cache,
207
+ const SSL_SESSION *session,
208
+ Span<const uint8_t> iv_override) {
196
209
  size_t mac_secret_len, key_len, iv_len;
197
- if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len, cipher)) {
198
- return 0;
210
+ if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len,
211
+ session->cipher)) {
212
+ return false;
199
213
  }
200
214
 
201
215
  // Ensure that |key_block_cache| is set up.
202
216
  const size_t key_block_size = 2 * (mac_secret_len + key_len + iv_len);
203
217
  if (key_block_cache->empty()) {
204
218
  if (!key_block_cache->Init(key_block_size) ||
205
- !SSL_generate_key_block(ssl, key_block_cache->data(), key_block_size)) {
206
- return 0;
219
+ !generate_key_block(ssl, MakeSpan(*key_block_cache), session)) {
220
+ return false;
207
221
  }
208
222
  }
209
223
  assert(key_block_cache->size() == key_block_size);
@@ -224,28 +238,33 @@ int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
224
238
 
225
239
  if (!iv_override.empty()) {
226
240
  if (iv_override.size() != iv_len) {
227
- return 0;
241
+ return false;
228
242
  }
229
243
  iv = iv_override;
230
244
  }
231
245
 
232
- UniquePtr<SSLAEADContext> aead_ctx = SSLAEADContext::Create(
233
- direction, ssl->version, SSL_is_dtls(ssl), cipher, key, mac_secret, iv);
246
+ UniquePtr<SSLAEADContext> aead_ctx =
247
+ SSLAEADContext::Create(direction, ssl->version, SSL_is_dtls(ssl),
248
+ session->cipher, key, mac_secret, iv);
234
249
  if (!aead_ctx) {
235
- return 0;
250
+ return false;
236
251
  }
237
252
 
238
253
  if (direction == evp_aead_open) {
239
- return ssl->method->set_read_state(ssl, std::move(aead_ctx));
254
+ return ssl->method->set_read_state(ssl, ssl_encryption_application,
255
+ std::move(aead_ctx),
256
+ /*secret_for_quic=*/{});
240
257
  }
241
258
 
242
- return ssl->method->set_write_state(ssl, std::move(aead_ctx));
259
+ return ssl->method->set_write_state(ssl, ssl_encryption_application,
260
+ std::move(aead_ctx),
261
+ /*secret_for_quic=*/{});
243
262
  }
244
263
 
245
- int tls1_change_cipher_state(SSL_HANDSHAKE *hs,
246
- evp_aead_direction_t direction) {
264
+ bool tls1_change_cipher_state(SSL_HANDSHAKE *hs,
265
+ evp_aead_direction_t direction) {
247
266
  return tls1_configure_aead(hs->ssl, direction, &hs->key_block,
248
- hs->new_cipher, {});
267
+ ssl_handshake_session(hs), {});
249
268
  }
250
269
 
251
270
  int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out,
@@ -282,6 +301,11 @@ BSSL_NAMESPACE_END
282
301
  using namespace bssl;
283
302
 
284
303
  size_t SSL_get_key_block_len(const SSL *ssl) {
304
+ // See |SSL_generate_key_block|.
305
+ if (SSL_in_init(ssl)) {
306
+ return 0;
307
+ }
308
+
285
309
  size_t mac_secret_len, key_len, fixed_iv_len;
286
310
  if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &fixed_iv_len,
287
311
  SSL_get_current_cipher(ssl))) {
@@ -293,16 +317,16 @@ size_t SSL_get_key_block_len(const SSL *ssl) {
293
317
  }
294
318
 
295
319
  int SSL_generate_key_block(const SSL *ssl, uint8_t *out, size_t out_len) {
296
- const SSL_SESSION *session = SSL_get_session(ssl);
297
- auto out_span = MakeSpan(out, out_len);
298
- auto master_key =
299
- MakeConstSpan(session->master_key, session->master_key_length);
300
- static const char kLabel[] = "key expansion";
301
- auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1);
320
+ // Which cipher state to use is ambiguous during a handshake. In particular,
321
+ // there are points where read and write states are from different epochs.
322
+ // During a handshake, before ChangeCipherSpec, the encryption states may not
323
+ // match |ssl->s3->client_random| and |ssl->s3->server_random|.
324
+ if (SSL_in_init(ssl)) {
325
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
326
+ return 0;
327
+ }
302
328
 
303
- const EVP_MD *digest = ssl_session_get_digest(session);
304
- return tls1_prf(digest, out_span, master_key, label, ssl->s3->server_random,
305
- ssl->s3->client_random);
329
+ return generate_key_block(ssl, MakeSpan(out, out_len), SSL_get_session(ssl));
306
330
  }
307
331
 
308
332
  int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
@@ -354,8 +378,7 @@ int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
354
378
 
355
379
  const SSL_SESSION *session = SSL_get_session(ssl);
356
380
  const EVP_MD *digest = ssl_session_get_digest(session);
357
- return tls1_prf(
358
- digest, MakeSpan(out, out_len),
359
- MakeConstSpan(session->master_key, session->master_key_length),
360
- MakeConstSpan(label, label_len), seed, {});
381
+ return tls1_prf(digest, MakeSpan(out, out_len),
382
+ MakeConstSpan(session->secret, session->secret_length),
383
+ MakeConstSpan(label, label_len), seed, {});
361
384
  }
data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc CHANGED
@@ -113,10 +113,13 @@
113
113
  #include <stdlib.h>
114
114
  #include <string.h>
115
115
 
116
+ #include <algorithm>
116
117
  #include <utility>
117
118
 
119
+ #include <openssl/aead.h>
118
120
  #include <openssl/bytestring.h>
119
121
  #include <openssl/chacha.h>
122
+ #include <openssl/curve25519.h>
120
123
  #include <openssl/digest.h>
121
124
  #include <openssl/err.h>
122
125
  #include <openssl/evp.h>
@@ -125,13 +128,15 @@
125
128
  #include <openssl/nid.h>
126
129
  #include <openssl/rand.h>
127
130
 
128
- #include "internal.h"
131
+ #include "../crypto/hpke/internal.h"
129
132
  #include "../crypto/internal.h"
133
+ #include "internal.h"
130
134
 
131
135
 
132
136
  BSSL_NAMESPACE_BEGIN
133
137
 
134
138
  static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
139
+ static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs);
135
140
 
136
141
  static int compare_uint16_t(const void *p1, const void *p2) {
137
142
  uint16_t u1 = *((const uint16_t *)p1);
@@ -413,7 +418,6 @@ bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
413
418
  // algorithms for verifying.
414
419
  static const uint16_t kVerifySignatureAlgorithms[] = {
415
420
  // List our preferred algorithms first.
416
- SSL_SIGN_ED25519,
417
421
  SSL_SIGN_ECDSA_SECP256R1_SHA256,
418
422
  SSL_SIGN_RSA_PSS_RSAE_SHA256,
419
423
  SSL_SIGN_RSA_PKCS1_SHA256,
@@ -455,39 +459,15 @@ static const uint16_t kSignSignatureAlgorithms[] = {
455
459
  SSL_SIGN_RSA_PKCS1_SHA1,
456
460
  };
457
461
 
458
- struct SSLSignatureAlgorithmList {
459
- bool Next(uint16_t *out) {
460
- while (!list.empty()) {
461
- uint16_t sigalg = list[0];
462
- list = list.subspan(1);
463
- if (skip_ed25519 && sigalg == SSL_SIGN_ED25519) {
464
- continue;
465
- }
466
- *out = sigalg;
467
- return true;
468
- }
469
- return false;
462
+ static Span<const uint16_t> tls12_get_verify_sigalgs(const SSL_HANDSHAKE *hs) {
463
+ if (hs->config->verify_sigalgs.empty()) {
464
+ return Span<const uint16_t>(kVerifySignatureAlgorithms);
470
465
  }
471
-
472
- Span<const uint16_t> list;
473
- bool skip_ed25519 = false;
474
- };
475
-
476
- static SSLSignatureAlgorithmList tls12_get_verify_sigalgs(const SSL *ssl) {
477
- SSLSignatureAlgorithmList ret;
478
- if (!ssl->config->verify_sigalgs.empty()) {
479
- ret.list = ssl->config->verify_sigalgs;
480
- } else {
481
- ret.list = kVerifySignatureAlgorithms;
482
- ret.skip_ed25519 = !ssl->ctx->ed25519_enabled;
483
- }
484
- return ret;
466
+ return hs->config->verify_sigalgs;
485
467
  }
486
468
 
487
- bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
488
- SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl);
489
- uint16_t sigalg;
490
- while (list.Next(&sigalg)) {
469
+ bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out) {
470
+ for (uint16_t sigalg : tls12_get_verify_sigalgs(hs)) {
491
471
  if (!CBB_add_u16(out, sigalg)) {
492
472
  return false;
493
473
  }
@@ -495,11 +475,9 @@ bool tls12_add_verify_sigalgs(const SSL *ssl, CBB *out) {
495
475
  return true;
496
476
  }
497
477
 
498
- bool tls12_check_peer_sigalg(const SSL *ssl, uint8_t *out_alert,
478
+ bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
499
479
  uint16_t sigalg) {
500
- SSLSignatureAlgorithmList list = tls12_get_verify_sigalgs(ssl);
501
- uint16_t verify_sigalg;
502
- while (list.Next(&verify_sigalg)) {
480
+ for (uint16_t verify_sigalg : tls12_get_verify_sigalgs(hs)) {
503
481
  if (verify_sigalg == sigalg) {
504
482
  return true;
505
483
  }
@@ -539,7 +517,7 @@ struct tls_extension {
539
517
  };
540
518
 
541
519
  static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
542
- CBS *contents) {
520
+ CBS *contents) {
543
521
  if (contents != NULL) {
544
522
  // Servers MUST NOT send this extension.
545
523
  *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
@@ -551,7 +529,7 @@ static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
551
529
  }
552
530
 
553
531
  static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
554
- CBS *contents) {
532
+ CBS *contents) {
555
533
  // This extension from the client is handled elsewhere.
556
534
  return true;
557
535
  }
@@ -613,6 +591,182 @@ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
613
591
  }
614
592
 
615
593
 
594
+ // Encrypted Client Hello (ECH)
595
+ //
596
+ // https://tools.ietf.org/html/draft-ietf-tls-esni-09
597
+
598
+ // random_size returns a random value between |min| and |max|, inclusive.
599
+ static size_t random_size(size_t min, size_t max) {
600
+ assert(min < max);
601
+ size_t value;
602
+ RAND_bytes(reinterpret_cast<uint8_t *>(&value), sizeof(value));
603
+ return value % (max - min + 1) + min;
604
+ }
605
+
606
+ static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) {
607
+ // If we are responding to the server's HelloRetryRequest, we repeat the bytes
608
+ // of the first ECH GREASE extension.
609
+ if (hs->ssl->s3->used_hello_retry_request) {
610
+ CBB ech_body;
611
+ if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
612
+ !CBB_add_u16_length_prefixed(out, &ech_body) ||
613
+ !CBB_add_bytes(&ech_body, hs->ech_grease.data(),
614
+ hs->ech_grease.size()) ||
615
+ !CBB_flush(out)) {
616
+ return false;
617
+ }
618
+ return true;
619
+ }
620
+
621
+ constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256;
622
+ const uint16_t aead_id = EVP_has_aes_hardware()
623
+ ? EVP_HPKE_AEAD_AES_GCM_128
624
+ : EVP_HPKE_AEAD_CHACHA20POLY1305;
625
+ const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id);
626
+ assert(aead != nullptr);
627
+
628
+ uint8_t ech_config_id[8];
629
+ RAND_bytes(ech_config_id, sizeof(ech_config_id));
630
+
631
+ uint8_t ech_enc[X25519_PUBLIC_VALUE_LEN];
632
+ uint8_t private_key_unused[X25519_PRIVATE_KEY_LEN];
633
+ X25519_keypair(ech_enc, private_key_unused);
634
+
635
+ // To determine a plausible length for the payload, we first estimate the size
636
+ // of a typical EncodedClientHelloInner, with an expected use of
637
+ // outer_extensions. To limit the size, we only consider initial ClientHellos
638
+ // that do not offer resumption.
639
+ //
640
+ // Field/Extension Size
641
+ // ---------------------------------------------------------------------
642
+ // version 2
643
+ // random 32
644
+ // legacy_session_id 1
645
+ // - Has a U8 length prefix, but body is
646
+ // always empty string in inner CH.
647
+ // cipher_suites 2 (length prefix)
648
+ // - Only includes TLS 1.3 ciphers (3). 6
649
+ // - Maybe also include a GREASE suite. 2
650
+ // legacy_compression_methods 2 (length prefix)
651
+ // - Always has "null" compression method. 1
652
+ // extensions: 2 (length prefix)
653
+ // - encrypted_client_hello (empty). 4 (id + length prefix)
654
+ // - supported_versions. 4 (id + length prefix)
655
+ // - U8 length prefix 1
656
+ // - U16 protocol version (TLS 1.3) 2
657
+ // - outer_extensions. 4 (id + length prefix)
658
+ // - U8 length prefix 1
659
+ // - N extension IDs (2 bytes each):
660
+ // - key_share 2
661
+ // - sigalgs 2
662
+ // - sct 2
663
+ // - alpn 2
664
+ // - supported_groups. 2
665
+ // - status_request. 2
666
+ // - psk_key_exchange_modes. 2
667
+ // - compress_certificate. 2
668
+ //
669
+ // The server_name extension has an overhead of 9 bytes, plus up to an
670
+ // estimated 100 bytes of hostname. Rounding up to a multiple of 32 yields a
671
+ // range of 96 to 192. Note that this estimate does not fully capture
672
+ // optional extensions like GREASE, but the rounding gives some leeway.
673
+
674
+ uint8_t payload[EVP_AEAD_MAX_OVERHEAD + 192];
675
+ const size_t payload_len =
676
+ EVP_AEAD_max_overhead(aead) + 32 * random_size(96 / 32, 192 / 32);
677
+ assert(payload_len <= sizeof(payload));
678
+ RAND_bytes(payload, payload_len);
679
+
680
+ // Inside the TLS extension contents, write a serialized ClientEncryptedCH.
681
+ CBB ech_body, config_id_cbb, enc_cbb, payload_cbb;
682
+ if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
683
+ !CBB_add_u16_length_prefixed(out, &ech_body) ||
684
+ !CBB_add_u16(&ech_body, kdf_id) || //
685
+ !CBB_add_u16(&ech_body, aead_id) ||
686
+ !CBB_add_u8_length_prefixed(&ech_body, &config_id_cbb) ||
687
+ !CBB_add_bytes(&config_id_cbb, ech_config_id, sizeof(ech_config_id)) ||
688
+ !CBB_add_u16_length_prefixed(&ech_body, &enc_cbb) ||
689
+ !CBB_add_bytes(&enc_cbb, ech_enc, OPENSSL_ARRAY_SIZE(ech_enc)) ||
690
+ !CBB_add_u16_length_prefixed(&ech_body, &payload_cbb) ||
691
+ !CBB_add_bytes(&payload_cbb, payload, payload_len) || //
692
+ !CBB_flush(&ech_body)) {
693
+ return false;
694
+ }
695
+ // Save the bytes of the newly-generated extension in case the server sends
696
+ // a HelloRetryRequest.
697
+ if (!hs->ech_grease.CopyFrom(
698
+ MakeConstSpan(CBB_data(&ech_body), CBB_len(&ech_body)))) {
699
+ return false;
700
+ }
701
+ return CBB_flush(out);
702
+ }
703
+
704
+ static bool ext_ech_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
705
+ if (hs->max_version < TLS1_3_VERSION) {
706
+ return true;
707
+ }
708
+ if (hs->config->ech_grease_enabled) {
709
+ return ext_ech_add_clienthello_grease(hs, out);
710
+ }
711
+ // Nothing to do, since we don't yet implement the non-GREASE parts of ECH.
712
+ return true;
713
+ }
714
+
715
+ static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
716
+ CBS *contents) {
717
+ if (contents == NULL) {
718
+ return true;
719
+ }
720
+
721
+ // If the client only sent GREASE, we must check the extension syntactically.
722
+ CBS ech_configs;
723
+ if (!CBS_get_u16_length_prefixed(contents, &ech_configs) ||
724
+ CBS_len(&ech_configs) == 0 || //
725
+ CBS_len(contents) > 0) {
726
+ *out_alert = SSL_AD_DECODE_ERROR;
727
+ return false;
728
+ }
729
+ while (CBS_len(&ech_configs) > 0) {
730
+ // Do a top-level parse of the ECHConfig, stopping before ECHConfigContents.
731
+ uint16_t version;
732
+ CBS ech_config_contents;
733
+ if (!CBS_get_u16(&ech_configs, &version) ||
734
+ !CBS_get_u16_length_prefixed(&ech_configs, &ech_config_contents)) {
735
+ *out_alert = SSL_AD_DECODE_ERROR;
736
+ return false;
737
+ }
738
+ }
739
+ return true;
740
+ }
741
+
742
+ static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
743
+ CBS *contents) {
744
+ if (contents != nullptr) {
745
+ hs->ech_present = true;
746
+ return true;
747
+ }
748
+ return true;
749
+ }
750
+
751
+ static bool ext_ech_is_inner_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
752
+ return true;
753
+ }
754
+
755
+ static bool ext_ech_is_inner_parse_clienthello(SSL_HANDSHAKE *hs,
756
+ uint8_t *out_alert,
757
+ CBS *contents) {
758
+ if (contents == nullptr) {
759
+ return true;
760
+ }
761
+ if (CBS_len(contents) > 0) {
762
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
763
+ return false;
764
+ }
765
+ hs->ech_is_inner_present = true;
766
+ return true;
767
+ }
768
+
769
+
616
770
  // Renegotiation indication.
617
771
  //
618
772
  // https://tools.ietf.org/html/rfc5746
@@ -936,7 +1090,6 @@ static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
936
1090
  // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
937
1091
 
938
1092
  static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
939
- SSL *const ssl = hs->ssl;
940
1093
  if (hs->max_version < TLS1_2_VERSION) {
941
1094
  return true;
942
1095
  }
@@ -945,7 +1098,7 @@ static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
945
1098
  if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms) ||
946
1099
  !CBB_add_u16_length_prefixed(out, &contents) ||
947
1100
  !CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
948
- !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb) ||
1101
+ !tls12_add_verify_sigalgs(hs, &sigalgs_cbb) ||
949
1102
  !CBB_flush(out)) {
950
1103
  return false;
951
1104
  }
@@ -1273,6 +1426,12 @@ static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1273
1426
 
1274
1427
  static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1275
1428
  SSL *const ssl = hs->ssl;
1429
+ if (hs->config->alpn_client_proto_list.empty() && ssl->quic_method) {
1430
+ // ALPN MUST be used with QUIC.
1431
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1432
+ return false;
1433
+ }
1434
+
1276
1435
  if (hs->config->alpn_client_proto_list.empty() ||
1277
1436
  ssl->s3->initial_handshake_complete) {
1278
1437
  return true;
@@ -1295,6 +1454,12 @@ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1295
1454
  CBS *contents) {
1296
1455
  SSL *const ssl = hs->ssl;
1297
1456
  if (contents == NULL) {
1457
+ if (ssl->quic_method) {
1458
+ // ALPN is required when QUIC is used.
1459
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1460
+ *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1461
+ return false;
1462
+ }
1298
1463
  return true;
1299
1464
  }
1300
1465
 
@@ -1370,6 +1535,12 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1370
1535
  !ssl_client_hello_get_extension(
1371
1536
  client_hello, &contents,
1372
1537
  TLSEXT_TYPE_application_layer_protocol_negotiation)) {
1538
+ if (ssl->quic_method) {
1539
+ // ALPN is required when QUIC is used.
1540
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1541
+ *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1542
+ return false;
1543
+ }
1373
1544
  // Ignore ALPN if not configured or no extension was supplied.
1374
1545
  return true;
1375
1546
  }
@@ -1390,7 +1561,6 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1390
1561
  CBS protocol_name_list_copy = protocol_name_list;
1391
1562
  while (CBS_len(&protocol_name_list_copy) > 0) {
1392
1563
  CBS protocol_name;
1393
-
1394
1564
  if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
1395
1565
  // Empty protocol names are forbidden.
1396
1566
  CBS_len(&protocol_name) == 0) {
@@ -1402,20 +1572,39 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1402
1572
 
1403
1573
  const uint8_t *selected;
1404
1574
  uint8_t selected_len;
1405
- if (ssl->ctx->alpn_select_cb(
1406
- ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
1407
- CBS_len(&protocol_name_list),
1408
- ssl->ctx->alpn_select_cb_arg) == SSL_TLSEXT_ERR_OK) {
1409
- if (selected_len == 0) {
1410
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1411
- *out_alert = SSL_AD_INTERNAL_ERROR;
1575
+ int ret = ssl->ctx->alpn_select_cb(
1576
+ ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
1577
+ CBS_len(&protocol_name_list), ssl->ctx->alpn_select_cb_arg);
1578
+ // ALPN is required when QUIC is used.
1579
+ if (ssl->quic_method &&
1580
+ (ret == SSL_TLSEXT_ERR_NOACK || ret == SSL_TLSEXT_ERR_ALERT_WARNING)) {
1581
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1582
+ }
1583
+ switch (ret) {
1584
+ case SSL_TLSEXT_ERR_OK:
1585
+ if (selected_len == 0) {
1586
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1587
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1588
+ return false;
1589
+ }
1590
+ if (!ssl->s3->alpn_selected.CopyFrom(
1591
+ MakeConstSpan(selected, selected_len))) {
1592
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1593
+ return false;
1594
+ }
1595
+ break;
1596
+ case SSL_TLSEXT_ERR_NOACK:
1597
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
1598
+ break;
1599
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
1600
+ *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1601
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1412
1602
  return false;
1413
- }
1414
- if (!ssl->s3->alpn_selected.CopyFrom(
1415
- MakeConstSpan(selected, selected_len))) {
1603
+ default:
1604
+ // Invalid return value.
1416
1605
  *out_alert = SSL_AD_INTERNAL_ERROR;
1606
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1417
1607
  return false;
1418
- }
1419
1608
  }
1420
1609
 
1421
1610
  return true;
@@ -1951,6 +2140,21 @@ static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
1951
2140
  //
1952
2141
  // https://tools.ietf.org/html/rfc8446#section-4.2.10
1953
2142
 
2143
+ // ssl_get_local_application_settings looks up the configured ALPS value for
2144
+ // |protocol|. If found, it sets |*out_settings| to the value and returns true.
2145
+ // Otherwise, it returns false.
2146
+ static bool ssl_get_local_application_settings(
2147
+ const SSL_HANDSHAKE *hs, Span<const uint8_t> *out_settings,
2148
+ Span<const uint8_t> protocol) {
2149
+ for (const ALPSConfig &config : hs->config->alps_configs) {
2150
+ if (protocol == config.protocol) {
2151
+ *out_settings = config.settings;
2152
+ return true;
2153
+ }
2154
+ }
2155
+ return false;
2156
+ }
2157
+
1954
2158
  static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1955
2159
  SSL *const ssl = hs->ssl;
1956
2160
  // The second ClientHello never offers early data, and we must have already
@@ -1983,13 +2187,25 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1983
2187
  return true;
1984
2188
  }
1985
2189
 
1986
- // In case ALPN preferences changed since this session was established, avoid
1987
- // reporting a confusing value in |SSL_get0_alpn_selected| and sending early
1988
- // data we know will be rejected.
1989
- if (!ssl->session->early_alpn.empty() &&
1990
- !ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
1991
- ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
1992
- return true;
2190
+ if (!ssl->session->early_alpn.empty()) {
2191
+ if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
2192
+ // Avoid reporting a confusing value in |SSL_get0_alpn_selected|.
2193
+ ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
2194
+ return true;
2195
+ }
2196
+
2197
+ // If the previous connection negotiated ALPS, only offer 0-RTT when the
2198
+ // local are settings are consistent with what we'd offer for this
2199
+ // connection.
2200
+ if (ssl->session->has_application_settings) {
2201
+ Span<const uint8_t> settings;
2202
+ if (!ssl_get_local_application_settings(hs, &settings,
2203
+ ssl->session->early_alpn) ||
2204
+ settings != ssl->session->local_application_settings) {
2205
+ ssl->s3->early_data_reason = ssl_early_data_alps_mismatch;
2206
+ return true;
2207
+ }
2208
+ }
1993
2209
  }
1994
2210
 
1995
2211
  // |early_data_reason| will be filled in later when the server responds.
@@ -2263,7 +2479,8 @@ bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
2263
2479
  return true;
2264
2480
  }
2265
2481
 
2266
- bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2482
+ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out,
2483
+ bool dry_run) {
2267
2484
  uint16_t group_id;
2268
2485
  CBB kse_bytes, public_key;
2269
2486
  if (!tls1_get_shared_group(hs, &group_id) ||
@@ -2276,10 +2493,10 @@ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2276
2493
  !CBB_flush(out)) {
2277
2494
  return false;
2278
2495
  }
2279
-
2280
- hs->ecdh_public_key.Reset();
2281
-
2282
- hs->new_session->group_id = group_id;
2496
+ if (!dry_run) {
2497
+ hs->ecdh_public_key.Reset();
2498
+ hs->new_session->group_id = group_id;
2499
+ }
2283
2500
  return true;
2284
2501
  }
2285
2502
 
@@ -2573,15 +2790,31 @@ static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2573
2790
 
2574
2791
  // QUIC Transport Parameters
2575
2792
 
2576
- static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2577
- CBB *out) {
2578
- if (hs->config->quic_transport_params.empty() ||
2579
- hs->max_version <= TLS1_2_VERSION) {
2793
+ static bool ext_quic_transport_params_add_clienthello_impl(
2794
+ SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
2795
+ if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
2796
+ return true;
2797
+ }
2798
+ if (hs->config->quic_transport_params.empty() || !hs->ssl->quic_method) {
2799
+ // QUIC Transport Parameters must be sent over QUIC, and they must not be
2800
+ // sent over non-QUIC transports. If transport params are set, then
2801
+ // SSL(_CTX)_set_quic_method must also be called.
2802
+ OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2803
+ return false;
2804
+ }
2805
+ assert(hs->min_version > TLS1_2_VERSION);
2806
+ if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2807
+ // Do nothing, we'll send the other codepoint.
2580
2808
  return true;
2581
2809
  }
2582
2810
 
2811
+ uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
2812
+ if (hs->config->quic_use_legacy_codepoint) {
2813
+ extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
2814
+ }
2815
+
2583
2816
  CBB contents;
2584
- if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
2817
+ if (!CBB_add_u16(out, extension_type) ||
2585
2818
  !CBB_add_u16_length_prefixed(out, &contents) ||
2586
2819
  !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2587
2820
  hs->config->quic_transport_params.size()) ||
@@ -2591,45 +2824,133 @@ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2591
2824
  return true;
2592
2825
  }
2593
2826
 
2827
+ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2828
+ CBB *out) {
2829
+ return ext_quic_transport_params_add_clienthello_impl(
2830
+ hs, out, /*use_legacy_codepoint=*/false);
2831
+ }
2832
+
2833
+ static bool ext_quic_transport_params_add_clienthello_legacy(SSL_HANDSHAKE *hs,
2834
+ CBB *out) {
2835
+ return ext_quic_transport_params_add_clienthello_impl(
2836
+ hs, out, /*use_legacy_codepoint=*/true);
2837
+ }
2838
+
2839
+ static bool ext_quic_transport_params_parse_serverhello_impl(
2840
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
2841
+ bool used_legacy_codepoint) {
2842
+ SSL *const ssl = hs->ssl;
2843
+ if (contents == nullptr) {
2844
+ if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2845
+ // Silently ignore because we expect the other QUIC codepoint.
2846
+ return true;
2847
+ }
2848
+ if (!ssl->quic_method) {
2849
+ return true;
2850
+ }
2851
+ *out_alert = SSL_AD_MISSING_EXTENSION;
2852
+ return false;
2853
+ }
2854
+ // The extensions parser will check for unsolicited extensions before
2855
+ // calling the callback.
2856
+ assert(ssl->quic_method != nullptr);
2857
+ assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2858
+ assert(used_legacy_codepoint == hs->config->quic_use_legacy_codepoint);
2859
+ return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2860
+ }
2861
+
2594
2862
  static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
2595
2863
  uint8_t *out_alert,
2596
2864
  CBS *contents) {
2865
+ return ext_quic_transport_params_parse_serverhello_impl(
2866
+ hs, out_alert, contents, /*used_legacy_codepoint=*/false);
2867
+ }
2868
+
2869
+ static bool ext_quic_transport_params_parse_serverhello_legacy(
2870
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
2871
+ return ext_quic_transport_params_parse_serverhello_impl(
2872
+ hs, out_alert, contents, /*used_legacy_codepoint=*/true);
2873
+ }
2874
+
2875
+ static bool ext_quic_transport_params_parse_clienthello_impl(
2876
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
2877
+ bool used_legacy_codepoint) {
2597
2878
  SSL *const ssl = hs->ssl;
2598
- if (contents == nullptr) {
2599
- return true;
2879
+ if (!contents) {
2880
+ if (!ssl->quic_method) {
2881
+ if (hs->config->quic_transport_params.empty()) {
2882
+ return true;
2883
+ }
2884
+ // QUIC transport parameters must not be set if |ssl| is not configured
2885
+ // for QUIC.
2886
+ OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2887
+ *out_alert = SSL_AD_INTERNAL_ERROR;
2888
+ return false;
2889
+ }
2890
+ if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2891
+ // Silently ignore because we expect the other QUIC codepoint.
2892
+ return true;
2893
+ }
2894
+ *out_alert = SSL_AD_MISSING_EXTENSION;
2895
+ return false;
2600
2896
  }
2601
- // QUIC requires TLS 1.3.
2602
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
2897
+ if (!ssl->quic_method) {
2898
+ if (used_legacy_codepoint) {
2899
+ // Ignore the legacy private-use codepoint because that could be sent
2900
+ // to mean something else than QUIC transport parameters.
2901
+ return true;
2902
+ }
2903
+ // Fail if we received the codepoint registered with IANA for QUIC
2904
+ // because that is not allowed outside of QUIC.
2603
2905
  *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2604
2906
  return false;
2605
2907
  }
2606
-
2908
+ assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2909
+ if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2910
+ // Silently ignore because we expect the other QUIC codepoint.
2911
+ return true;
2912
+ }
2607
2913
  return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2608
2914
  }
2609
2915
 
2610
2916
  static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
2611
2917
  uint8_t *out_alert,
2612
2918
  CBS *contents) {
2613
- SSL *const ssl = hs->ssl;
2614
- if (!contents || hs->config->quic_transport_params.empty()) {
2615
- return true;
2616
- }
2617
- // Ignore the extension before TLS 1.3.
2618
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
2619
- return true;
2620
- }
2919
+ return ext_quic_transport_params_parse_clienthello_impl(
2920
+ hs, out_alert, contents, /*used_legacy_codepoint=*/false);
2921
+ }
2621
2922
 
2622
- return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2923
+ static bool ext_quic_transport_params_parse_clienthello_legacy(
2924
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
2925
+ return ext_quic_transport_params_parse_clienthello_impl(
2926
+ hs, out_alert, contents, /*used_legacy_codepoint=*/true);
2623
2927
  }
2624
2928
 
2625
- static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2626
- CBB *out) {
2929
+ static bool ext_quic_transport_params_add_serverhello_impl(
2930
+ SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
2931
+ if (hs->ssl->quic_method == nullptr && use_legacy_codepoint) {
2932
+ // Ignore the legacy private-use codepoint because that could be sent
2933
+ // to mean something else than QUIC transport parameters.
2934
+ return true;
2935
+ }
2936
+ assert(hs->ssl->quic_method != nullptr);
2627
2937
  if (hs->config->quic_transport_params.empty()) {
2938
+ // Transport parameters must be set when using QUIC.
2939
+ OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2940
+ return false;
2941
+ }
2942
+ if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2943
+ // Do nothing, we'll send the other codepoint.
2628
2944
  return true;
2629
2945
  }
2630
2946
 
2947
+ uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
2948
+ if (hs->config->quic_use_legacy_codepoint) {
2949
+ extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
2950
+ }
2951
+
2631
2952
  CBB contents;
2632
- if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
2953
+ if (!CBB_add_u16(out, extension_type) ||
2633
2954
  !CBB_add_u16_length_prefixed(out, &contents) ||
2634
2955
  !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2635
2956
  hs->config->quic_transport_params.size()) ||
@@ -2640,6 +2961,18 @@ static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2640
2961
  return true;
2641
2962
  }
2642
2963
 
2964
+ static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2965
+ CBB *out) {
2966
+ return ext_quic_transport_params_add_serverhello_impl(
2967
+ hs, out, /*use_legacy_codepoint=*/false);
2968
+ }
2969
+
2970
+ static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs,
2971
+ CBB *out) {
2972
+ return ext_quic_transport_params_add_serverhello_impl(
2973
+ hs, out, /*use_legacy_codepoint=*/true);
2974
+ }
2975
+
2643
2976
  // Delegated credentials.
2644
2977
  //
2645
2978
  // https://tools.ietf.org/html/draft-ietf-tls-subcerts
@@ -2652,20 +2985,22 @@ static bool ext_delegated_credential_add_clienthello(SSL_HANDSHAKE *hs,
2652
2985
  static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs,
2653
2986
  uint8_t *out_alert,
2654
2987
  CBS *contents) {
2655
- assert(TLSEXT_TYPE_delegated_credential == 0xff02);
2656
- // TODO: Check that the extension is empty.
2657
- //
2658
- // As of draft-03, the client sends an empty extension in order indicate
2659
- // support for delegated credentials. This could change, however, since the
2660
- // spec is not yet finalized. This assertion is here to remind us to enforce
2661
- // this check once the extension ID is assigned.
2662
-
2663
2988
  if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
2664
2989
  // Don't use delegated credentials unless we're negotiating TLS 1.3 or
2665
2990
  // higher.
2666
2991
  return true;
2667
2992
  }
2668
2993
 
2994
+ // The contents of the extension are the signature algorithms the client will
2995
+ // accept for a delegated credential.
2996
+ CBS sigalg_list;
2997
+ if (!CBS_get_u16_length_prefixed(contents, &sigalg_list) ||
2998
+ CBS_len(&sigalg_list) == 0 ||
2999
+ CBS_len(contents) != 0 ||
3000
+ !parse_u16_array(&sigalg_list, &hs->peer_delegated_credential_sigalgs)) {
3001
+ return false;
3002
+ }
3003
+
2669
3004
  hs->delegated_credential_requested = true;
2670
3005
  return true;
2671
3006
  }
@@ -2774,6 +3109,144 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2774
3109
  return true;
2775
3110
  }
2776
3111
 
3112
+ // Application-level Protocol Settings
3113
+ //
3114
+ // https://tools.ietf.org/html/draft-vvv-tls-alps-01
3115
+
3116
+ static bool ext_alps_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
3117
+ SSL *const ssl = hs->ssl;
3118
+ if (// ALPS requires TLS 1.3.
3119
+ hs->max_version < TLS1_3_VERSION ||
3120
+ // Do not offer ALPS without ALPN.
3121
+ hs->config->alpn_client_proto_list.empty() ||
3122
+ // Do not offer ALPS if not configured.
3123
+ hs->config->alps_configs.empty() ||
3124
+ // Do not offer ALPS on renegotiation handshakes.
3125
+ ssl->s3->initial_handshake_complete) {
3126
+ return true;
3127
+ }
3128
+
3129
+ CBB contents, proto_list, proto;
3130
+ if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
3131
+ !CBB_add_u16_length_prefixed(out, &contents) ||
3132
+ !CBB_add_u16_length_prefixed(&contents, &proto_list)) {
3133
+ return false;
3134
+ }
3135
+
3136
+ for (const ALPSConfig &config : hs->config->alps_configs) {
3137
+ if (!CBB_add_u8_length_prefixed(&proto_list, &proto) ||
3138
+ !CBB_add_bytes(&proto, config.protocol.data(),
3139
+ config.protocol.size())) {
3140
+ return false;
3141
+ }
3142
+ }
3143
+
3144
+ return CBB_flush(out);
3145
+ }
3146
+
3147
+ static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
3148
+ CBS *contents) {
3149
+ SSL *const ssl = hs->ssl;
3150
+ if (contents == nullptr) {
3151
+ return true;
3152
+ }
3153
+
3154
+ assert(!ssl->s3->initial_handshake_complete);
3155
+ assert(!hs->config->alpn_client_proto_list.empty());
3156
+ assert(!hs->config->alps_configs.empty());
3157
+
3158
+ // ALPS requires TLS 1.3.
3159
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
3160
+ *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
3161
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
3162
+ return false;
3163
+ }
3164
+
3165
+ // Note extension callbacks may run in any order, so we defer checking
3166
+ // consistency with ALPN to |ssl_check_serverhello_tlsext|.
3167
+ if (!hs->new_session->peer_application_settings.CopyFrom(*contents)) {
3168
+ *out_alert = SSL_AD_INTERNAL_ERROR;
3169
+ return false;
3170
+ }
3171
+
3172
+ hs->new_session->has_application_settings = true;
3173
+ return true;
3174
+ }
3175
+
3176
+ static bool ext_alps_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
3177
+ SSL *const ssl = hs->ssl;
3178
+ // If early data is accepted, we omit the ALPS extension. It is implicitly
3179
+ // carried over from the previous connection.
3180
+ if (hs->new_session == nullptr ||
3181
+ !hs->new_session->has_application_settings ||
3182
+ ssl->s3->early_data_accepted) {
3183
+ return true;
3184
+ }
3185
+
3186
+ CBB contents;
3187
+ if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
3188
+ !CBB_add_u16_length_prefixed(out, &contents) ||
3189
+ !CBB_add_bytes(&contents,
3190
+ hs->new_session->local_application_settings.data(),
3191
+ hs->new_session->local_application_settings.size()) ||
3192
+ !CBB_flush(out)) {
3193
+ return false;
3194
+ }
3195
+
3196
+ return true;
3197
+ }
3198
+
3199
+ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
3200
+ const SSL_CLIENT_HELLO *client_hello) {
3201
+ SSL *const ssl = hs->ssl;
3202
+ if (ssl->s3->alpn_selected.empty()) {
3203
+ return true;
3204
+ }
3205
+
3206
+ // If we negotiate ALPN over TLS 1.3, try to negotiate ALPS.
3207
+ CBS alps_contents;
3208
+ Span<const uint8_t> settings;
3209
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
3210
+ ssl_get_local_application_settings(hs, &settings,
3211
+ ssl->s3->alpn_selected) &&
3212
+ ssl_client_hello_get_extension(client_hello, &alps_contents,
3213
+ TLSEXT_TYPE_application_settings)) {
3214
+ // Check if the client supports ALPS with the selected ALPN.
3215
+ bool found = false;
3216
+ CBS alps_list;
3217
+ if (!CBS_get_u16_length_prefixed(&alps_contents, &alps_list) ||
3218
+ CBS_len(&alps_contents) != 0 ||
3219
+ CBS_len(&alps_list) == 0) {
3220
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3221
+ *out_alert = SSL_AD_DECODE_ERROR;
3222
+ return false;
3223
+ }
3224
+ while (CBS_len(&alps_list) > 0) {
3225
+ CBS protocol_name;
3226
+ if (!CBS_get_u8_length_prefixed(&alps_list, &protocol_name) ||
3227
+ // Empty protocol names are forbidden.
3228
+ CBS_len(&protocol_name) == 0) {
3229
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3230
+ *out_alert = SSL_AD_DECODE_ERROR;
3231
+ return false;
3232
+ }
3233
+ if (protocol_name == MakeConstSpan(ssl->s3->alpn_selected)) {
3234
+ found = true;
3235
+ }
3236
+ }
3237
+
3238
+ // Negotiate ALPS if both client also supports ALPS for this protocol.
3239
+ if (found) {
3240
+ hs->new_session->has_application_settings = true;
3241
+ if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
3242
+ *out_alert = SSL_AD_INTERNAL_ERROR;
3243
+ return false;
3244
+ }
3245
+ }
3246
+ }
3247
+
3248
+ return true;
3249
+ }
2777
3250
 
2778
3251
  // kExtensions contains all the supported extensions.
2779
3252
  static const struct tls_extension kExtensions[] = {
@@ -2785,6 +3258,22 @@ static const struct tls_extension kExtensions[] = {
2785
3258
  ext_sni_parse_clienthello,
2786
3259
  ext_sni_add_serverhello,
2787
3260
  },
3261
+ {
3262
+ TLSEXT_TYPE_encrypted_client_hello,
3263
+ NULL,
3264
+ ext_ech_add_clienthello,
3265
+ ext_ech_parse_serverhello,
3266
+ ext_ech_parse_clienthello,
3267
+ dont_add_serverhello,
3268
+ },
3269
+ {
3270
+ TLSEXT_TYPE_ech_is_inner,
3271
+ NULL,
3272
+ ext_ech_is_inner_add_clienthello,
3273
+ forbid_parse_serverhello,
3274
+ ext_ech_is_inner_parse_clienthello,
3275
+ dont_add_serverhello,
3276
+ },
2788
3277
  {
2789
3278
  TLSEXT_TYPE_extended_master_secret,
2790
3279
  NULL,
@@ -2924,13 +3413,21 @@ static const struct tls_extension kExtensions[] = {
2924
3413
  dont_add_serverhello,
2925
3414
  },
2926
3415
  {
2927
- TLSEXT_TYPE_quic_transport_parameters,
3416
+ TLSEXT_TYPE_quic_transport_parameters_standard,
2928
3417
  NULL,
2929
3418
  ext_quic_transport_params_add_clienthello,
2930
3419
  ext_quic_transport_params_parse_serverhello,
2931
3420
  ext_quic_transport_params_parse_clienthello,
2932
3421
  ext_quic_transport_params_add_serverhello,
2933
3422
  },
3423
+ {
3424
+ TLSEXT_TYPE_quic_transport_parameters_legacy,
3425
+ NULL,
3426
+ ext_quic_transport_params_add_clienthello_legacy,
3427
+ ext_quic_transport_params_parse_serverhello_legacy,
3428
+ ext_quic_transport_params_parse_clienthello_legacy,
3429
+ ext_quic_transport_params_add_serverhello_legacy,
3430
+ },
2934
3431
  {
2935
3432
  TLSEXT_TYPE_token_binding,
2936
3433
  NULL,
@@ -2955,6 +3452,15 @@ static const struct tls_extension kExtensions[] = {
2955
3452
  ext_delegated_credential_parse_clienthello,
2956
3453
  dont_add_serverhello,
2957
3454
  },
3455
+ {
3456
+ TLSEXT_TYPE_application_settings,
3457
+ NULL,
3458
+ ext_alps_add_clienthello,
3459
+ ext_alps_parse_serverhello,
3460
+ // ALPS is negotiated late in |ssl_negotiate_alpn|.
3461
+ ignore_parse_clienthello,
3462
+ ext_alps_add_serverhello,
3463
+ },
2958
3464
  };
2959
3465
 
2960
3466
  #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
@@ -3049,7 +3555,7 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
3049
3555
  last_was_empty = false;
3050
3556
  }
3051
3557
 
3052
- if (!SSL_is_dtls(ssl)) {
3558
+ if (!SSL_is_dtls(ssl) && !ssl->quic_method) {
3053
3559
  size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
3054
3560
  header_len += 2 + CBB_len(&extensions) + psk_extension_len;
3055
3561
  size_t padding_len = 0;
@@ -3347,6 +3853,36 @@ static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
3347
3853
  }
3348
3854
  }
3349
3855
 
3856
+ static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) {
3857
+ SSL *const ssl = hs->ssl;
3858
+ // ALPS and ALPN have a dependency between each other, so we defer checking
3859
+ // consistency to after the callbacks run.
3860
+ if (hs->new_session != nullptr && hs->new_session->has_application_settings) {
3861
+ // ALPN must be negotiated.
3862
+ if (ssl->s3->alpn_selected.empty()) {
3863
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN);
3864
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
3865
+ return false;
3866
+ }
3867
+
3868
+ // The negotiated protocol must be one of the ones we advertised for ALPS.
3869
+ Span<const uint8_t> settings;
3870
+ if (!ssl_get_local_application_settings(hs, &settings,
3871
+ ssl->s3->alpn_selected)) {
3872
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
3873
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
3874
+ return false;
3875
+ }
3876
+
3877
+ if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
3878
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
3879
+ return false;
3880
+ }
3881
+ }
3882
+
3883
+ return true;
3884
+ }
3885
+
3350
3886
  bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
3351
3887
  SSL *const ssl = hs->ssl;
3352
3888
  int alert = SSL_AD_DECODE_ERROR;
@@ -3355,6 +3891,10 @@ bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
3355
3891
  return false;
3356
3892
  }
3357
3893
 
3894
+ if (!ssl_check_serverhello_tlsext(hs)) {
3895
+ return false;
3896
+ }
3897
+
3358
3898
  return true;
3359
3899
  }
3360
3900
 
@@ -3870,7 +4410,3 @@ int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
3870
4410
  *out_len = CBS_len(&cbs);
3871
4411
  return 1;
3872
4412
  }
3873
-
3874
- void SSL_CTX_set_ed25519_enabled(SSL_CTX *ctx, int enabled) {
3875
- ctx->ed25519_enabled = !!enabled;
3876
- }