grpc 1.30.0 → 1.46.3

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (2443) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1497 -18376
  3. data/etc/roots.pem +592 -899
  4. data/include/grpc/byte_buffer.h +1 -1
  5. data/include/grpc/byte_buffer_reader.h +1 -1
  6. data/include/grpc/compression.h +1 -1
  7. data/include/grpc/event_engine/README.md +38 -0
  8. data/include/grpc/event_engine/endpoint_config.h +43 -0
  9. data/include/grpc/event_engine/event_engine.h +399 -0
  10. data/include/grpc/event_engine/internal/memory_allocator_impl.h +68 -0
  11. data/include/grpc/event_engine/memory_allocator.h +226 -0
  12. data/include/grpc/event_engine/memory_request.h +57 -0
  13. data/include/grpc/event_engine/port.h +39 -0
  14. data/include/grpc/fork.h +1 -1
  15. data/include/grpc/grpc.h +90 -25
  16. data/include/grpc/grpc_posix.h +22 -18
  17. data/include/grpc/grpc_security.h +563 -315
  18. data/include/grpc/grpc_security_constants.h +20 -14
  19. data/include/grpc/impl/codegen/README.md +22 -0
  20. data/include/grpc/impl/codegen/atm.h +5 -3
  21. data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
  22. data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
  23. data/include/grpc/impl/codegen/atm_windows.h +6 -0
  24. data/include/grpc/impl/codegen/byte_buffer.h +3 -1
  25. data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
  26. data/include/grpc/impl/codegen/compression_types.h +2 -2
  27. data/include/grpc/impl/codegen/connectivity_state.h +2 -0
  28. data/include/grpc/impl/codegen/fork.h +2 -0
  29. data/include/grpc/impl/codegen/gpr_slice.h +2 -0
  30. data/include/grpc/impl/codegen/gpr_types.h +2 -0
  31. data/include/grpc/impl/codegen/grpc_types.h +84 -53
  32. data/include/grpc/impl/codegen/log.h +2 -2
  33. data/include/grpc/impl/codegen/port_platform.h +100 -97
  34. data/include/grpc/impl/codegen/propagation_bits.h +2 -0
  35. data/include/grpc/impl/codegen/slice.h +6 -1
  36. data/include/grpc/impl/codegen/status.h +2 -0
  37. data/include/grpc/impl/codegen/sync.h +8 -5
  38. data/include/grpc/impl/codegen/sync_abseil.h +2 -0
  39. data/include/grpc/impl/codegen/sync_custom.h +2 -0
  40. data/include/grpc/impl/codegen/sync_generic.h +3 -0
  41. data/include/grpc/impl/codegen/sync_posix.h +4 -2
  42. data/include/grpc/impl/codegen/sync_windows.h +6 -0
  43. data/include/grpc/module.modulemap +14 -14
  44. data/include/grpc/slice.h +1 -12
  45. data/include/grpc/slice_buffer.h +3 -3
  46. data/include/grpc/status.h +1 -1
  47. data/include/grpc/support/atm.h +1 -1
  48. data/include/grpc/support/atm_gcc_atomic.h +1 -1
  49. data/include/grpc/support/atm_gcc_sync.h +1 -1
  50. data/include/grpc/support/atm_windows.h +1 -1
  51. data/include/grpc/support/log.h +1 -1
  52. data/include/grpc/support/port_platform.h +1 -1
  53. data/include/grpc/support/sync.h +4 -4
  54. data/include/grpc/support/sync_abseil.h +1 -1
  55. data/include/grpc/support/sync_custom.h +1 -1
  56. data/include/grpc/support/sync_generic.h +1 -1
  57. data/include/grpc/support/sync_posix.h +1 -1
  58. data/include/grpc/support/sync_windows.h +1 -1
  59. data/include/grpc/support/time.h +9 -9
  60. data/src/core/ext/filters/census/grpc_context.cc +1 -0
  61. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +309 -0
  62. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +122 -0
  63. data/src/core/ext/filters/channel_idle/idle_filter_state.cc +96 -0
  64. data/src/core/ext/filters/channel_idle/idle_filter_state.h +66 -0
  65. data/src/core/ext/filters/client_channel/backend_metric.cc +33 -35
  66. data/src/core/ext/filters/client_channel/backend_metric.h +4 -3
  67. data/src/core/ext/filters/client_channel/backup_poller.cc +20 -14
  68. data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
  69. data/src/core/ext/filters/client_channel/channel_connectivity.cc +158 -202
  70. data/src/core/ext/filters/client_channel/client_channel.cc +2284 -3096
  71. data/src/core/ext/filters/client_channel/client_channel.h +566 -63
  72. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
  73. data/src/core/ext/filters/client_channel/client_channel_channelz.h +2 -5
  74. data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -1
  75. data/src/core/ext/filters/client_channel/client_channel_factory.h +18 -19
  76. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +19 -22
  77. data/src/core/ext/filters/client_channel/config_selector.cc +59 -0
  78. data/src/core/ext/filters/client_channel/config_selector.h +145 -0
  79. data/src/core/ext/filters/client_channel/connector.h +20 -20
  80. data/src/core/ext/filters/client_channel/dynamic_filters.cc +189 -0
  81. data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
  82. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +27 -143
  83. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +16 -24
  84. data/src/core/ext/filters/client_channel/health/health_check_client.cc +129 -572
  85. data/src/core/ext/filters/client_channel/health/health_check_client.h +24 -158
  86. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +60 -62
  87. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
  88. data/src/core/ext/filters/client_channel/http_proxy.cc +113 -117
  89. data/src/core/ext/filters/client_channel/http_proxy.h +17 -0
  90. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +52 -38
  91. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +12 -9
  92. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +16 -9
  93. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
  94. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +12 -24
  95. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +519 -388
  96. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +3 -6
  97. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +1 -14
  98. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +1 -4
  99. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +4 -3
  100. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +6 -5
  101. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +20 -21
  102. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +4 -4
  103. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +106 -75
  104. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +307 -211
  105. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +804 -0
  106. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +37 -0
  107. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2542 -0
  108. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +84 -84
  109. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +32 -49
  110. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +138 -96
  111. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +443 -156
  112. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
  113. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
  114. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +872 -0
  115. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +710 -0
  116. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1215 -0
  117. data/src/core/ext/filters/client_channel/lb_policy.cc +23 -29
  118. data/src/core/ext/filters/client_channel/lb_policy.h +178 -142
  119. data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
  120. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +13 -10
  121. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  122. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
  123. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
  124. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +133 -0
  125. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +304 -339
  126. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +22 -42
  127. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
  128. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +31 -24
  129. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +58 -72
  130. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +524 -230
  131. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +44 -26
  132. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
  133. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
  134. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +98 -247
  135. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +60 -62
  136. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +10 -7
  137. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +400 -0
  138. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +201 -0
  139. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +106 -0
  140. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +71 -63
  141. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +983 -101
  142. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
  143. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +57 -314
  144. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +40 -62
  145. data/src/core/ext/filters/client_channel/retry_filter.cc +2655 -0
  146. data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
  147. data/src/core/ext/filters/client_channel/retry_service_config.cc +314 -0
  148. data/src/core/ext/filters/client_channel/retry_service_config.h +102 -0
  149. data/src/core/ext/filters/client_channel/retry_throttle.cc +17 -60
  150. data/src/core/ext/filters/client_channel/retry_throttle.h +15 -7
  151. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +157 -0
  152. data/src/core/ext/filters/client_channel/subchannel.cc +284 -397
  153. data/src/core/ext/filters/client_channel/subchannel.h +116 -161
  154. data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
  155. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +38 -9
  156. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +27 -12
  157. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +544 -0
  158. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +214 -0
  159. data/src/core/ext/filters/deadline/deadline_filter.cc +120 -114
  160. data/src/core/ext/filters/deadline/deadline_filter.h +9 -12
  161. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +258 -0
  162. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +62 -0
  163. data/src/core/ext/filters/fault_injection/service_config_parser.cc +179 -0
  164. data/src/core/ext/filters/fault_injection/service_config_parser.h +91 -0
  165. data/src/core/ext/filters/http/client/http_client_filter.cc +84 -539
  166. data/src/core/ext/filters/http/client/http_client_filter.h +21 -4
  167. data/src/core/ext/filters/http/client_authority_filter.cc +39 -103
  168. data/src/core/ext/filters/http/client_authority_filter.h +24 -5
  169. data/src/core/ext/filters/http/http_filters_plugin.cc +55 -69
  170. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +67 -157
  171. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +103 -75
  172. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
  173. data/src/core/ext/filters/http/server/http_server_filter.cc +89 -295
  174. data/src/core/ext/filters/message_size/message_size_filter.cc +101 -130
  175. data/src/core/ext/filters/message_size/message_size_filter.h +17 -3
  176. data/src/core/ext/filters/rbac/rbac_filter.cc +162 -0
  177. data/src/core/ext/filters/rbac/rbac_filter.h +76 -0
  178. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +606 -0
  179. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +75 -0
  180. data/src/core/ext/filters/server_config_selector/server_config_selector.cc +61 -0
  181. data/src/core/ext/filters/server_config_selector/server_config_selector.h +71 -0
  182. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +143 -0
  183. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.h +32 -0
  184. data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
  185. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +335 -46
  186. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +22 -5
  187. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +1005 -355
  188. data/src/core/ext/transport/chttp2/server/chttp2_server.h +16 -2
  189. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +11 -9
  190. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
  191. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
  192. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +807 -778
  193. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +24 -5
  194. data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -6
  195. data/src/core/ext/transport/chttp2/transport/context_list.h +4 -6
  196. data/src/core/ext/transport/chttp2/transport/flow_control.cc +89 -67
  197. data/src/core/ext/transport/chttp2/transport/flow_control.h +52 -38
  198. data/src/core/ext/transport/chttp2/transport/frame_data.cc +30 -30
  199. data/src/core/ext/transport/chttp2/transport/frame_data.h +11 -10
  200. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +25 -25
  201. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +7 -6
  202. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +19 -20
  203. data/src/core/ext/transport/chttp2/transport/frame_ping.h +8 -6
  204. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +23 -22
  205. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +7 -6
  206. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +55 -22
  207. data/src/core/ext/transport/chttp2/transport/frame_settings.h +9 -7
  208. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +25 -25
  209. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +5 -6
  210. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
  211. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +516 -749
  212. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +183 -71
  213. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
  214. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +71 -0
  215. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +814 -1196
  216. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +101 -83
  217. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +239 -0
  218. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +115 -0
  219. data/src/core/ext/transport/chttp2/transport/internal.h +79 -78
  220. data/src/core/ext/transport/chttp2/transport/parsing.cc +177 -327
  221. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
  222. data/src/core/ext/transport/chttp2/transport/varint.cc +13 -7
  223. data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
  224. data/src/core/ext/transport/chttp2/transport/writing.cc +145 -190
  225. data/src/core/ext/transport/inproc/inproc_plugin.cc +0 -4
  226. data/src/core/ext/transport/inproc/inproc_transport.cc +262 -237
  227. data/src/core/ext/transport/inproc/inproc_transport.h +1 -4
  228. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +117 -0
  229. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +482 -0
  230. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +121 -0
  231. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +553 -0
  232. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +444 -0
  233. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +2156 -0
  234. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +56 -0
  235. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +151 -0
  236. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +62 -0
  237. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +160 -0
  238. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +46 -0
  239. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +124 -0
  240. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +43 -0
  241. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +102 -0
  242. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +43 -0
  243. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +97 -0
  244. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +106 -0
  245. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +605 -0
  246. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +48 -0
  247. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +103 -0
  248. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +44 -1
  249. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +53 -2
  250. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +31 -5
  251. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +59 -14
  252. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +270 -0
  253. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +1240 -0
  254. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +411 -0
  255. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +2161 -0
  256. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +95 -0
  257. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +382 -0
  258. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +543 -0
  259. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +2961 -0
  260. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +48 -0
  261. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +103 -0
  262. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +89 -0
  263. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +545 -0
  264. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +299 -0
  265. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +1381 -0
  266. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +145 -0
  267. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +636 -0
  268. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +49 -0
  269. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +116 -0
  270. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +419 -0
  271. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +1783 -0
  272. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +163 -0
  273. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +778 -0
  274. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +47 -0
  275. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +100 -0
  276. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +47 -0
  277. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +103 -0
  278. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +58 -0
  279. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +151 -0
  280. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +269 -0
  281. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +1277 -0
  282. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +220 -0
  283. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +1219 -0
  284. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +49 -0
  285. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +122 -0
  286. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +322 -0
  287. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +1686 -0
  288. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +40 -0
  289. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +84 -0
  290. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +60 -0
  291. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +169 -0
  292. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +47 -0
  293. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +144 -0
  294. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +56 -0
  295. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +178 -0
  296. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +48 -0
  297. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +118 -0
  298. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +106 -0
  299. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +348 -0
  300. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +144 -0
  301. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +623 -0
  302. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +129 -0
  303. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +568 -0
  304. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +46 -0
  305. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +94 -0
  306. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +165 -0
  307. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +886 -0
  308. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +186 -0
  309. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +941 -0
  310. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +63 -0
  311. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +234 -0
  312. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +56 -0
  313. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +154 -0
  314. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +53 -0
  315. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +136 -0
  316. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +165 -0
  317. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +716 -0
  318. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +174 -0
  319. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +721 -0
  320. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +209 -0
  321. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +1008 -0
  322. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +101 -0
  323. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +443 -0
  324. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +1051 -0
  325. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +5956 -0
  326. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +79 -0
  327. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +255 -0
  328. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +222 -0
  329. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +1052 -0
  330. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +44 -0
  331. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +88 -0
  332. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +49 -0
  333. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +103 -0
  334. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +63 -0
  335. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +167 -0
  336. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +52 -0
  337. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +134 -0
  338. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +63 -0
  339. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +250 -0
  340. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +47 -0
  341. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +94 -0
  342. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +69 -0
  343. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +213 -0
  344. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +32 -0
  345. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +42 -0
  346. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +71 -0
  347. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +218 -0
  348. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +54 -0
  349. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +146 -0
  350. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +42 -0
  351. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +85 -0
  352. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +96 -0
  353. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +375 -0
  354. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +94 -0
  355. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +433 -0
  356. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +64 -0
  357. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +183 -0
  358. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +55 -0
  359. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +168 -0
  360. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +463 -0
  361. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +2606 -0
  362. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +28 -0
  363. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +38 -0
  364. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +175 -0
  365. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +880 -0
  366. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +88 -0
  367. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +308 -0
  368. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +191 -0
  369. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +1035 -0
  370. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +62 -0
  371. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +160 -0
  372. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +38 -0
  373. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +70 -0
  374. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +165 -0
  375. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +755 -0
  376. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +68 -0
  377. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +210 -0
  378. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +138 -0
  379. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +631 -0
  380. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +48 -0
  381. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +112 -0
  382. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +76 -0
  383. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +249 -0
  384. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +74 -0
  385. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +214 -0
  386. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +62 -0
  387. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +188 -0
  388. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +49 -0
  389. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +117 -0
  390. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +48 -0
  391. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +113 -0
  392. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +47 -0
  393. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +100 -0
  394. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +80 -0
  395. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +234 -0
  396. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +67 -0
  397. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +218 -0
  398. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +60 -0
  399. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +170 -0
  400. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +78 -0
  401. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +294 -0
  402. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +107 -0
  403. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +429 -0
  404. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +107 -0
  405. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +419 -0
  406. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +66 -0
  407. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +201 -0
  408. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +26 -0
  409. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +39 -0
  410. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +42 -0
  411. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +139 -0
  412. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +54 -0
  413. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +139 -0
  414. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +66 -0
  415. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +196 -0
  416. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +26 -0
  417. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +41 -0
  418. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +43 -0
  419. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +97 -0
  420. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +51 -0
  421. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +127 -0
  422. data/src/core/ext/upb-generated/google/api/annotations.upb.c +23 -1
  423. data/src/core/ext/upb-generated/google/api/annotations.upb.h +25 -2
  424. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +271 -0
  425. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +1236 -0
  426. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +283 -0
  427. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +1338 -0
  428. data/src/core/ext/upb-generated/google/api/http.upb.c +44 -29
  429. data/src/core/ext/upb-generated/google/api/http.upb.h +241 -100
  430. data/src/core/ext/upb-generated/google/api/httpbody.upb.c +46 -0
  431. data/src/core/ext/upb-generated/google/api/httpbody.upb.h +111 -0
  432. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +19 -6
  433. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +48 -18
  434. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +374 -283
  435. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +2368 -969
  436. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +19 -6
  437. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +46 -16
  438. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +16 -3
  439. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +31 -11
  440. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +48 -32
  441. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +203 -101
  442. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +19 -6
  443. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +46 -16
  444. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +58 -37
  445. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +313 -112
  446. data/src/core/ext/upb-generated/google/rpc/status.upb.c +22 -9
  447. data/src/core/ext/upb-generated/google/rpc/status.upb.h +63 -26
  448. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +84 -0
  449. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +319 -0
  450. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +33 -19
  451. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +118 -60
  452. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +136 -108
  453. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +777 -337
  454. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +28 -13
  455. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +99 -34
  456. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +23 -9
  457. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +74 -27
  458. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +82 -62
  459. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +460 -184
  460. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +70 -0
  461. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +208 -0
  462. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +175 -0
  463. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +764 -0
  464. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +76 -14
  465. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +217 -43
  466. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +55 -0
  467. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +108 -0
  468. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +22 -1
  469. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +18 -2
  470. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +32 -6
  471. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +66 -16
  472. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +53 -0
  473. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +99 -0
  474. data/src/core/ext/upb-generated/validate/validate.upb.c +407 -295
  475. data/src/core/ext/upb-generated/validate/validate.upb.h +3024 -1084
  476. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +110 -0
  477. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +278 -0
  478. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +55 -0
  479. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +108 -0
  480. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +38 -0
  481. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +46 -0
  482. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +105 -0
  483. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +290 -0
  484. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +53 -0
  485. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +99 -0
  486. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +41 -0
  487. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +79 -0
  488. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +66 -0
  489. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +200 -0
  490. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +56 -0
  491. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +115 -0
  492. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +46 -0
  493. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +103 -0
  494. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +49 -0
  495. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +127 -0
  496. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +68 -0
  497. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +240 -0
  498. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +49 -0
  499. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +121 -0
  500. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +73 -0
  501. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +187 -0
  502. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +207 -0
  503. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +878 -0
  504. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +52 -0
  505. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +143 -0
  506. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +65 -0
  507. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +218 -0
  508. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +46 -0
  509. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +103 -0
  510. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +84 -0
  511. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +55 -0
  512. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +127 -0
  513. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +50 -0
  514. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +309 -0
  515. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
  516. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +43 -0
  517. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +40 -0
  518. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +53 -0
  519. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +40 -0
  520. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +49 -0
  521. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +35 -0
  522. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +46 -0
  523. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +35 -0
  524. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +46 -0
  525. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +35 -0
  526. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +142 -0
  527. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +40 -0
  528. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +51 -0
  529. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +35 -0
  530. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +48 -0
  531. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
  532. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +38 -0
  533. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
  534. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +222 -0
  535. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
  536. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +393 -0
  537. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +120 -0
  538. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +98 -0
  539. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
  540. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +557 -0
  541. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +155 -0
  542. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +51 -0
  543. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
  544. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +138 -0
  545. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
  546. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +206 -0
  547. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +105 -0
  548. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +112 -0
  549. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
  550. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +54 -0
  551. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
  552. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +267 -0
  553. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +150 -0
  554. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +168 -0
  555. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +65 -0
  556. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +53 -0
  557. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
  558. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +47 -0
  559. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +35 -0
  560. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +53 -0
  561. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +40 -0
  562. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +235 -0
  563. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
  564. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +228 -0
  565. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +75 -0
  566. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +53 -0
  567. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
  568. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +298 -0
  569. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +110 -0
  570. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +41 -0
  571. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
  572. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +55 -0
  573. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
  574. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +57 -0
  575. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
  576. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +70 -0
  577. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
  578. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +49 -0
  579. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
  580. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +99 -0
  581. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
  582. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +128 -0
  583. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +60 -0
  584. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +136 -0
  585. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
  586. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +48 -0
  587. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
  588. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +197 -0
  589. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +60 -0
  590. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +190 -0
  591. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
  592. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +88 -0
  593. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
  594. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +63 -0
  595. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
  596. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +69 -0
  597. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +35 -0
  598. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +125 -0
  599. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
  600. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +134 -0
  601. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +75 -0
  602. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +190 -0
  603. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +70 -0
  604. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +115 -0
  605. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +45 -0
  606. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +896 -0
  607. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +295 -0
  608. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +77 -0
  609. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
  610. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +188 -0
  611. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +85 -0
  612. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +54 -0
  613. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +35 -0
  614. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +57 -0
  615. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +35 -0
  616. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +57 -0
  617. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
  618. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +72 -0
  619. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +35 -0
  620. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +99 -0
  621. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +35 -0
  622. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +52 -0
  623. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +35 -0
  624. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +71 -0
  625. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +40 -0
  626. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +57 -0
  627. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +30 -0
  628. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +75 -0
  629. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +40 -0
  630. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +77 -0
  631. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +35 -0
  632. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +50 -0
  633. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  634. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +92 -0
  635. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
  636. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +117 -0
  637. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
  638. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +59 -0
  639. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +40 -0
  640. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +78 -0
  641. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
  642. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +551 -0
  643. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +130 -0
  644. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
  645. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
  646. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +210 -0
  647. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +65 -0
  648. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +91 -0
  649. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
  650. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +254 -0
  651. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +65 -0
  652. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +58 -0
  653. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +40 -0
  654. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +58 -0
  655. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
  656. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +128 -0
  657. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +65 -0
  658. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +76 -0
  659. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
  660. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +153 -0
  661. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +55 -0
  662. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +46 -0
  663. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +35 -0
  664. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +56 -0
  665. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
  666. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +52 -0
  667. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +50 -0
  668. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +61 -0
  669. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
  670. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +54 -0
  671. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
  672. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +52 -0
  673. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
  674. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +51 -0
  675. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
  676. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +70 -0
  677. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
  678. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +65 -0
  679. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
  680. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +58 -0
  681. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
  682. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +75 -0
  683. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
  684. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +78 -0
  685. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
  686. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +85 -0
  687. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
  688. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +53 -0
  689. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +45 -0
  690. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +36 -0
  691. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +30 -0
  692. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +94 -0
  693. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +35 -0
  694. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +54 -0
  695. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
  696. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +48 -0
  697. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
  698. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +38 -0
  699. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +30 -0
  700. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +44 -0
  701. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
  702. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +57 -0
  703. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +35 -0
  704. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
  705. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
  706. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +154 -0
  707. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +95 -0
  708. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +153 -0
  709. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +100 -0
  710. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +52 -0
  711. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
  712. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +39 -0
  713. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +35 -0
  714. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +34 -0
  715. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
  716. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +329 -0
  717. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
  718. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +35 -0
  719. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
  720. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +32 -0
  721. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
  722. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +54 -0
  723. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
  724. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +35 -0
  725. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
  726. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +45 -0
  727. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
  728. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +37 -0
  729. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
  730. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +67 -0
  731. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +50 -0
  732. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +99 -0
  733. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +75 -0
  734. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +62 -0
  735. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
  736. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +47 -0
  737. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
  738. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +34 -0
  739. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
  740. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +46 -0
  741. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
  742. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +39 -0
  743. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
  744. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +283 -0
  745. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
  746. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +63 -0
  747. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +45 -0
  748. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +47 -0
  749. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +35 -0
  750. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +35 -0
  751. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +30 -0
  752. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +64 -0
  753. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +50 -0
  754. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +40 -0
  755. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +35 -0
  756. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +38 -0
  757. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  758. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +56 -0
  759. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  760. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +39 -0
  761. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  762. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +41 -0
  763. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +35 -0
  764. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +45 -0
  765. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  766. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +61 -0
  767. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  768. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +46 -0
  769. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  770. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +126 -0
  771. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +80 -0
  772. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +40 -0
  773. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +40 -0
  774. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +52 -0
  775. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +40 -0
  776. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +40 -0
  777. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +35 -0
  778. data/src/core/ext/xds/certificate_provider_factory.h +61 -0
  779. data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
  780. data/src/core/ext/xds/certificate_provider_registry.h +57 -0
  781. data/src/core/ext/xds/certificate_provider_store.cc +95 -0
  782. data/src/core/ext/xds/certificate_provider_store.h +121 -0
  783. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
  784. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
  785. data/src/core/ext/xds/upb_utils.h +67 -0
  786. data/src/core/ext/xds/xds_api.cc +730 -0
  787. data/src/core/ext/xds/xds_api.h +191 -0
  788. data/src/core/ext/xds/xds_bootstrap.cc +570 -0
  789. data/src/core/ext/xds/xds_bootstrap.h +143 -0
  790. data/src/core/ext/xds/xds_certificate_provider.cc +407 -0
  791. data/src/core/ext/xds/xds_certificate_provider.h +159 -0
  792. data/src/core/ext/xds/xds_channel_args.h +32 -0
  793. data/src/core/ext/xds/xds_channel_stack_modifier.cc +109 -0
  794. data/src/core/ext/xds/xds_channel_stack_modifier.h +53 -0
  795. data/src/core/ext/xds/xds_client.cc +2512 -0
  796. data/src/core/ext/xds/xds_client.h +348 -0
  797. data/src/core/ext/xds/xds_client_stats.cc +160 -0
  798. data/src/core/ext/xds/xds_client_stats.h +241 -0
  799. data/src/core/ext/xds/xds_cluster.cc +453 -0
  800. data/src/core/ext/xds/xds_cluster.h +108 -0
  801. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +142 -0
  802. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +79 -0
  803. data/src/core/ext/xds/xds_common_types.cc +388 -0
  804. data/src/core/ext/xds/xds_common_types.h +95 -0
  805. data/src/core/ext/xds/xds_endpoint.cc +371 -0
  806. data/src/core/ext/xds/xds_endpoint.h +135 -0
  807. data/src/core/ext/xds/xds_http_fault_filter.cc +227 -0
  808. data/src/core/ext/xds/xds_http_fault_filter.h +64 -0
  809. data/src/core/ext/xds/xds_http_filters.cc +122 -0
  810. data/src/core/ext/xds/xds_http_filters.h +133 -0
  811. data/src/core/ext/xds/xds_http_rbac_filter.cc +563 -0
  812. data/src/core/ext/xds/xds_http_rbac_filter.h +54 -0
  813. data/src/core/ext/xds/xds_listener.cc +1039 -0
  814. data/src/core/ext/xds/xds_listener.h +220 -0
  815. data/src/core/ext/xds/xds_resource_type.cc +33 -0
  816. data/src/core/ext/xds/xds_resource_type.h +98 -0
  817. data/src/core/ext/xds/xds_resource_type_impl.h +87 -0
  818. data/src/core/ext/xds/xds_route_config.cc +1122 -0
  819. data/src/core/ext/xds/xds_route_config.h +218 -0
  820. data/src/core/ext/xds/xds_routing.cc +250 -0
  821. data/src/core/ext/xds/xds_routing.h +101 -0
  822. data/src/core/ext/xds/xds_server_config_fetcher.cc +1314 -0
  823. data/src/core/lib/address_utils/parse_address.cc +340 -0
  824. data/src/core/lib/address_utils/parse_address.h +82 -0
  825. data/src/core/lib/address_utils/sockaddr_utils.cc +409 -0
  826. data/src/core/lib/address_utils/sockaddr_utils.h +95 -0
  827. data/src/core/lib/avl/avl.h +452 -88
  828. data/src/core/lib/backoff/backoff.cc +9 -38
  829. data/src/core/lib/backoff/backoff.h +11 -11
  830. data/src/core/lib/channel/call_finalization.h +86 -0
  831. data/src/core/lib/channel/call_tracer.h +88 -0
  832. data/src/core/lib/channel/channel_args.cc +182 -24
  833. data/src/core/lib/channel/channel_args.h +214 -2
  834. data/src/core/lib/channel/channel_args_preconditioning.cc +42 -0
  835. data/src/core/lib/channel/channel_args_preconditioning.h +61 -0
  836. data/src/core/lib/channel/channel_stack.cc +37 -15
  837. data/src/core/lib/channel/channel_stack.h +57 -16
  838. data/src/core/lib/channel/channel_stack_builder.cc +24 -283
  839. data/src/core/lib/channel/channel_stack_builder.h +118 -157
  840. data/src/core/lib/channel/channel_stack_builder_impl.cc +102 -0
  841. data/src/core/lib/channel/channel_stack_builder_impl.h +48 -0
  842. data/src/core/lib/channel/channel_trace.cc +14 -18
  843. data/src/core/lib/channel/channel_trace.h +3 -2
  844. data/src/core/lib/channel/channelz.cc +191 -137
  845. data/src/core/lib/channel/channelz.h +76 -53
  846. data/src/core/lib/channel/channelz_registry.cc +37 -19
  847. data/src/core/lib/channel/channelz_registry.h +4 -2
  848. data/src/core/lib/channel/connected_channel.cc +14 -10
  849. data/src/core/lib/channel/connected_channel.h +2 -2
  850. data/src/core/lib/channel/context.h +14 -0
  851. data/src/core/lib/channel/handshaker.cc +14 -54
  852. data/src/core/lib/channel/handshaker.h +10 -28
  853. data/src/core/lib/channel/handshaker_factory.h +10 -2
  854. data/src/core/lib/channel/handshaker_registry.cc +15 -70
  855. data/src/core/lib/channel/handshaker_registry.h +29 -12
  856. data/src/core/lib/channel/promise_based_filter.cc +1002 -0
  857. data/src/core/lib/channel/promise_based_filter.h +437 -0
  858. data/src/core/lib/channel/status_util.cc +12 -2
  859. data/src/core/lib/channel/status_util.h +11 -2
  860. data/src/core/lib/compression/compression.cc +22 -110
  861. data/src/core/lib/compression/compression_internal.cc +139 -202
  862. data/src/core/lib/compression/compression_internal.h +67 -71
  863. data/src/core/lib/compression/message_compress.cc +13 -13
  864. data/src/core/lib/compression/message_compress.h +2 -2
  865. data/src/core/lib/config/core_configuration.cc +104 -0
  866. data/src/core/lib/config/core_configuration.h +196 -0
  867. data/src/core/lib/debug/stats.cc +1 -1
  868. data/src/core/lib/debug/stats.h +4 -3
  869. data/src/core/lib/debug/stats_data.cc +17 -19
  870. data/src/core/lib/debug/stats_data.h +6 -8
  871. data/src/core/lib/debug/trace.cc +1 -0
  872. data/src/core/lib/debug/trace.h +4 -3
  873. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +46 -0
  874. data/src/core/lib/event_engine/channel_args_endpoint_config.h +42 -0
  875. data/src/core/lib/event_engine/default_event_engine_factory.cc +27 -0
  876. data/src/core/lib/event_engine/event_engine.cc +52 -0
  877. data/src/core/lib/event_engine/event_engine_factory.h +36 -0
  878. data/src/core/lib/event_engine/memory_allocator.cc +66 -0
  879. data/src/core/lib/event_engine/resolved_address.cc +39 -0
  880. data/src/core/lib/event_engine/sockaddr.cc +40 -0
  881. data/src/core/lib/event_engine/sockaddr.h +44 -0
  882. data/src/core/lib/gpr/alloc.cc +7 -5
  883. data/src/core/lib/gpr/atm.cc +1 -1
  884. data/src/core/lib/gpr/cpu_iphone.cc +10 -2
  885. data/src/core/lib/gpr/cpu_posix.cc +1 -1
  886. data/src/core/lib/gpr/env_linux.cc +1 -2
  887. data/src/core/lib/gpr/env_posix.cc +2 -3
  888. data/src/core/lib/gpr/log.cc +61 -19
  889. data/src/core/lib/gpr/log_android.cc +3 -2
  890. data/src/core/lib/gpr/log_linux.cc +30 -13
  891. data/src/core/lib/gpr/log_posix.cc +25 -10
  892. data/src/core/lib/gpr/log_windows.cc +18 -4
  893. data/src/core/lib/gpr/murmur_hash.cc +5 -3
  894. data/src/core/lib/gpr/spinlock.h +10 -2
  895. data/src/core/lib/gpr/string.cc +35 -33
  896. data/src/core/lib/gpr/string.h +11 -10
  897. data/src/core/lib/gpr/sync.cc +6 -6
  898. data/src/core/lib/gpr/sync_abseil.cc +10 -12
  899. data/src/core/lib/gpr/sync_posix.cc +6 -11
  900. data/src/core/lib/gpr/sync_windows.cc +2 -2
  901. data/src/core/lib/gpr/time.cc +17 -15
  902. data/src/core/lib/gpr/time_precise.cc +5 -2
  903. data/src/core/lib/gpr/time_precise.h +6 -2
  904. data/src/core/lib/gpr/time_windows.cc +3 -2
  905. data/src/core/lib/gpr/tls.h +126 -36
  906. data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
  907. data/src/core/lib/gpr/useful.h +97 -31
  908. data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
  909. data/src/core/lib/gprpp/atomic_utils.h +47 -0
  910. data/src/core/lib/gprpp/bitset.h +207 -0
  911. data/src/core/lib/gprpp/capture.h +76 -0
  912. data/src/core/lib/gprpp/chunked_vector.h +253 -0
  913. data/src/core/lib/gprpp/construct_destruct.h +39 -0
  914. data/src/core/lib/gprpp/cpp_impl_of.h +49 -0
  915. data/src/core/lib/gprpp/debug_location.h +2 -0
  916. data/src/core/lib/gprpp/dual_ref_counted.h +330 -0
  917. data/src/core/lib/gprpp/examine_stack.cc +43 -0
  918. data/src/core/lib/gprpp/examine_stack.h +46 -0
  919. data/src/core/lib/gprpp/fork.cc +16 -14
  920. data/src/core/lib/gprpp/fork.h +4 -4
  921. data/src/core/lib/gprpp/global_config.h +1 -2
  922. data/src/core/lib/gprpp/global_config_env.cc +18 -16
  923. data/src/core/lib/gprpp/global_config_env.h +2 -2
  924. data/src/core/lib/gprpp/global_config_generic.h +2 -2
  925. data/src/core/lib/gprpp/manual_constructor.h +12 -10
  926. data/src/core/lib/gprpp/match.h +73 -0
  927. data/src/core/lib/gprpp/memory.h +9 -3
  928. data/src/core/lib/gprpp/mpscq.cc +9 -9
  929. data/src/core/lib/gprpp/mpscq.h +6 -5
  930. data/src/core/lib/gprpp/orphanable.h +11 -15
  931. data/src/core/lib/gprpp/overload.h +59 -0
  932. data/src/core/lib/gprpp/ref_counted.h +125 -86
  933. data/src/core/lib/gprpp/ref_counted_ptr.h +166 -7
  934. data/src/core/lib/gprpp/single_set_ptr.h +87 -0
  935. data/src/core/lib/gprpp/stat.h +38 -0
  936. data/src/core/lib/gprpp/stat_posix.cc +49 -0
  937. data/src/core/lib/gprpp/stat_windows.cc +48 -0
  938. data/src/core/lib/gprpp/status_helper.cc +435 -0
  939. data/src/core/lib/gprpp/status_helper.h +181 -0
  940. data/src/core/lib/gprpp/sync.h +106 -43
  941. data/src/core/lib/gprpp/table.h +434 -0
  942. data/src/core/lib/gprpp/thd.h +3 -3
  943. data/src/core/lib/gprpp/thd_posix.cc +47 -42
  944. data/src/core/lib/gprpp/thd_windows.cc +7 -12
  945. data/src/core/lib/gprpp/time.cc +198 -0
  946. data/src/core/lib/gprpp/time.h +292 -0
  947. data/src/core/lib/gprpp/time_util.cc +77 -0
  948. data/src/core/lib/gprpp/time_util.h +42 -0
  949. data/src/core/lib/http/format_request.cc +29 -25
  950. data/src/core/lib/http/format_request.h +8 -6
  951. data/src/core/lib/http/httpcli.cc +304 -211
  952. data/src/core/lib/http/httpcli.h +183 -86
  953. data/src/core/lib/http/httpcli_security_connector.cc +75 -85
  954. data/src/core/lib/http/httpcli_ssl_credentials.h +37 -0
  955. data/src/core/lib/http/parser.cc +145 -54
  956. data/src/core/lib/http/parser.h +20 -6
  957. data/src/core/lib/iomgr/buffer_list.cc +16 -17
  958. data/src/core/lib/iomgr/buffer_list.h +23 -25
  959. data/src/core/lib/iomgr/call_combiner.cc +60 -25
  960. data/src/core/lib/iomgr/call_combiner.h +12 -14
  961. data/src/core/lib/iomgr/cfstream_handle.cc +7 -6
  962. data/src/core/lib/iomgr/cfstream_handle.h +1 -1
  963. data/src/core/lib/iomgr/closure.h +33 -12
  964. data/src/core/lib/iomgr/combiner.cc +48 -37
  965. data/src/core/lib/iomgr/combiner.h +3 -2
  966. data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
  967. data/src/core/lib/iomgr/endpoint.cc +6 -6
  968. data/src/core/lib/iomgr/endpoint.h +10 -9
  969. data/src/core/lib/iomgr/endpoint_cfstream.cc +56 -60
  970. data/src/core/lib/iomgr/endpoint_cfstream.h +4 -4
  971. data/src/core/lib/iomgr/endpoint_pair.h +1 -0
  972. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +32 -0
  973. data/src/core/lib/iomgr/endpoint_pair_posix.cc +19 -17
  974. data/src/core/lib/iomgr/endpoint_pair_windows.cc +5 -6
  975. data/src/core/lib/iomgr/error.cc +287 -111
  976. data/src/core/lib/iomgr/error.h +278 -114
  977. data/src/core/lib/iomgr/error_cfstream.cc +17 -10
  978. data/src/core/lib/iomgr/error_cfstream.h +2 -2
  979. data/src/core/lib/iomgr/error_internal.h +7 -2
  980. data/src/core/lib/iomgr/ev_apple.cc +19 -15
  981. data/src/core/lib/iomgr/ev_apple.h +1 -1
  982. data/src/core/lib/iomgr/ev_epoll1_linux.cc +64 -64
  983. data/src/core/lib/iomgr/ev_poll_posix.cc +82 -79
  984. data/src/core/lib/iomgr/ev_posix.cc +21 -22
  985. data/src/core/lib/iomgr/ev_posix.h +9 -9
  986. data/src/core/lib/iomgr/event_engine/closure.cc +77 -0
  987. data/src/core/lib/iomgr/event_engine/closure.h +42 -0
  988. data/src/core/lib/iomgr/event_engine/endpoint.cc +172 -0
  989. data/src/core/lib/iomgr/event_engine/endpoint.h +52 -0
  990. data/src/core/lib/iomgr/event_engine/iomgr.cc +85 -0
  991. data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
  992. data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
  993. data/src/core/lib/iomgr/event_engine/promise.h +51 -0
  994. data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +47 -0
  995. data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +37 -0
  996. data/src/core/lib/iomgr/event_engine/resolver.cc +133 -0
  997. data/src/core/lib/iomgr/event_engine/resolver.h +56 -0
  998. data/src/core/lib/iomgr/event_engine/tcp.cc +296 -0
  999. data/src/core/lib/iomgr/event_engine/timer.cc +62 -0
  1000. data/src/core/lib/iomgr/exec_ctx.cc +30 -99
  1001. data/src/core/lib/iomgr/exec_ctx.h +42 -63
  1002. data/src/core/lib/iomgr/executor/mpmcqueue.cc +15 -16
  1003. data/src/core/lib/iomgr/executor/mpmcqueue.h +11 -15
  1004. data/src/core/lib/iomgr/executor/threadpool.cc +4 -5
  1005. data/src/core/lib/iomgr/executor/threadpool.h +8 -7
  1006. data/src/core/lib/iomgr/executor.cc +37 -45
  1007. data/src/core/lib/iomgr/executor.h +4 -4
  1008. data/src/core/lib/iomgr/fork_posix.cc +2 -1
  1009. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  1010. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  1011. data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
  1012. data/src/core/lib/iomgr/iocp_windows.cc +10 -9
  1013. data/src/core/lib/iomgr/iocp_windows.h +1 -1
  1014. data/src/core/lib/iomgr/iomgr.cc +6 -4
  1015. data/src/core/lib/iomgr/iomgr.h +3 -3
  1016. data/src/core/lib/iomgr/iomgr_internal.cc +8 -12
  1017. data/src/core/lib/iomgr/iomgr_internal.h +6 -5
  1018. data/src/core/lib/iomgr/iomgr_posix.cc +5 -4
  1019. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +44 -15
  1020. data/src/core/lib/iomgr/iomgr_windows.cc +4 -5
  1021. data/src/core/lib/iomgr/load_file.cc +6 -6
  1022. data/src/core/lib/iomgr/load_file.h +2 -2
  1023. data/src/core/lib/iomgr/lockfree_event.cc +38 -15
  1024. data/src/core/lib/iomgr/lockfree_event.h +2 -2
  1025. data/src/core/lib/iomgr/polling_entity.cc +2 -2
  1026. data/src/core/lib/iomgr/polling_entity.h +6 -0
  1027. data/src/core/lib/iomgr/pollset.cc +5 -5
  1028. data/src/core/lib/iomgr/pollset.h +9 -9
  1029. data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
  1030. data/src/core/lib/iomgr/pollset_windows.cc +6 -6
  1031. data/src/core/lib/iomgr/port.h +9 -37
  1032. data/src/core/lib/iomgr/python_util.h +6 -5
  1033. data/src/core/lib/iomgr/resolve_address.cc +10 -24
  1034. data/src/core/lib/iomgr/resolve_address.h +48 -43
  1035. data/src/core/lib/iomgr/resolve_address_impl.h +59 -0
  1036. data/src/core/lib/iomgr/resolve_address_posix.cc +91 -83
  1037. data/src/core/lib/iomgr/resolve_address_posix.h +47 -0
  1038. data/src/core/lib/iomgr/resolve_address_windows.cc +106 -89
  1039. data/src/core/lib/iomgr/resolve_address_windows.h +47 -0
  1040. data/src/core/lib/iomgr/resolved_address.h +39 -0
  1041. data/src/core/lib/iomgr/sockaddr.h +2 -1
  1042. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +62 -0
  1043. data/src/core/lib/iomgr/socket_factory_posix.cc +8 -7
  1044. data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
  1045. data/src/core/lib/iomgr/socket_mutator.cc +20 -6
  1046. data/src/core/lib/iomgr/socket_mutator.h +27 -3
  1047. data/src/core/lib/iomgr/socket_utils_common_posix.cc +124 -99
  1048. data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
  1049. data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
  1050. data/src/core/lib/iomgr/socket_utils_posix.h +22 -22
  1051. data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
  1052. data/src/core/lib/iomgr/socket_windows.cc +4 -5
  1053. data/src/core/lib/iomgr/tcp_client.cc +4 -4
  1054. data/src/core/lib/iomgr/tcp_client.h +5 -2
  1055. data/src/core/lib/iomgr/tcp_client_cfstream.cc +19 -37
  1056. data/src/core/lib/iomgr/tcp_client_posix.cc +51 -67
  1057. data/src/core/lib/iomgr/tcp_client_posix.h +7 -6
  1058. data/src/core/lib/iomgr/tcp_client_windows.cc +21 -21
  1059. data/src/core/lib/iomgr/tcp_posix.cc +256 -209
  1060. data/src/core/lib/iomgr/tcp_posix.h +17 -12
  1061. data/src/core/lib/iomgr/tcp_server.cc +9 -10
  1062. data/src/core/lib/iomgr/tcp_server.h +21 -17
  1063. data/src/core/lib/iomgr/tcp_server_posix.cc +98 -86
  1064. data/src/core/lib/iomgr/tcp_server_utils_posix.h +36 -32
  1065. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +28 -27
  1066. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +14 -19
  1067. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  1068. data/src/core/lib/iomgr/tcp_server_windows.cc +38 -41
  1069. data/src/core/lib/iomgr/tcp_windows.cc +56 -57
  1070. data/src/core/lib/iomgr/tcp_windows.h +3 -3
  1071. data/src/core/lib/iomgr/timer.cc +3 -2
  1072. data/src/core/lib/iomgr/timer.h +17 -8
  1073. data/src/core/lib/iomgr/timer_generic.cc +129 -139
  1074. data/src/core/lib/iomgr/timer_generic.h +1 -0
  1075. data/src/core/lib/iomgr/timer_heap.cc +2 -3
  1076. data/src/core/lib/iomgr/timer_manager.cc +19 -18
  1077. data/src/core/lib/iomgr/unix_sockets_posix.cc +33 -41
  1078. data/src/core/lib/iomgr/unix_sockets_posix.h +9 -6
  1079. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +15 -11
  1080. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
  1081. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +2 -1
  1082. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +8 -9
  1083. data/src/core/lib/iomgr/wakeup_fd_posix.cc +4 -3
  1084. data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
  1085. data/src/core/lib/iomgr/work_serializer.cc +120 -44
  1086. data/src/core/lib/iomgr/work_serializer.h +33 -5
  1087. data/src/core/lib/json/json.h +13 -3
  1088. data/src/core/lib/json/json_reader.cc +112 -70
  1089. data/src/core/lib/json/json_util.cc +126 -0
  1090. data/src/core/lib/json/json_util.h +154 -0
  1091. data/src/core/lib/json/json_writer.cc +2 -4
  1092. data/src/core/lib/matchers/matchers.cc +327 -0
  1093. data/src/core/lib/matchers/matchers.h +160 -0
  1094. data/src/core/lib/profiling/basic_timers.cc +8 -6
  1095. data/src/core/lib/profiling/stap_timers.cc +2 -2
  1096. data/src/core/lib/promise/activity.cc +121 -0
  1097. data/src/core/lib/promise/activity.h +540 -0
  1098. data/src/core/lib/promise/arena_promise.h +188 -0
  1099. data/src/core/lib/promise/call_push_pull.h +144 -0
  1100. data/src/core/lib/promise/context.h +86 -0
  1101. data/src/core/lib/promise/detail/basic_seq.h +496 -0
  1102. data/src/core/lib/promise/detail/promise_factory.h +189 -0
  1103. data/src/core/lib/promise/detail/promise_like.h +85 -0
  1104. data/src/core/lib/promise/detail/status.h +50 -0
  1105. data/src/core/lib/promise/detail/switch.h +1455 -0
  1106. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +48 -0
  1107. data/src/core/lib/promise/intra_activity_waiter.h +49 -0
  1108. data/src/core/lib/promise/latch.h +104 -0
  1109. data/src/core/lib/promise/loop.h +134 -0
  1110. data/src/core/lib/promise/map.h +88 -0
  1111. data/src/core/lib/promise/poll.h +66 -0
  1112. data/src/core/lib/promise/promise.h +95 -0
  1113. data/src/core/lib/promise/race.h +84 -0
  1114. data/src/core/lib/promise/seq.h +89 -0
  1115. data/src/core/lib/promise/sleep.cc +74 -0
  1116. data/src/core/lib/promise/sleep.h +66 -0
  1117. data/src/core/lib/promise/try_seq.h +157 -0
  1118. data/src/core/lib/resolver/resolver.cc +79 -0
  1119. data/src/core/lib/resolver/resolver.h +135 -0
  1120. data/src/core/lib/resolver/resolver_factory.h +76 -0
  1121. data/src/core/lib/resolver/resolver_registry.cc +156 -0
  1122. data/src/core/lib/resolver/resolver_registry.h +113 -0
  1123. data/src/core/lib/resolver/server_address.cc +170 -0
  1124. data/src/core/lib/resolver/server_address.h +144 -0
  1125. data/src/core/lib/resource_quota/api.cc +83 -0
  1126. data/src/core/lib/resource_quota/api.h +40 -0
  1127. data/src/core/lib/resource_quota/arena.cc +107 -0
  1128. data/src/core/lib/resource_quota/arena.h +142 -0
  1129. data/src/core/lib/resource_quota/memory_quota.cc +478 -0
  1130. data/src/core/lib/resource_quota/memory_quota.h +457 -0
  1131. data/src/core/lib/resource_quota/resource_quota.cc +33 -0
  1132. data/src/core/lib/resource_quota/resource_quota.h +66 -0
  1133. data/src/core/lib/resource_quota/thread_quota.cc +43 -0
  1134. data/src/core/lib/resource_quota/thread_quota.h +57 -0
  1135. data/src/core/lib/resource_quota/trace.cc +19 -0
  1136. data/src/core/lib/resource_quota/trace.h +24 -0
  1137. data/src/core/lib/security/authorization/authorization_engine.h +44 -0
  1138. data/src/core/lib/security/authorization/authorization_policy_provider.h +40 -0
  1139. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
  1140. data/src/core/lib/security/authorization/evaluate_args.cc +212 -0
  1141. data/src/core/lib/security/authorization/evaluate_args.h +92 -0
  1142. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +60 -0
  1143. data/src/core/lib/security/authorization/grpc_authorization_engine.h +62 -0
  1144. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +106 -0
  1145. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +50 -0
  1146. data/src/core/lib/security/authorization/matchers.cc +227 -0
  1147. data/src/core/lib/security/authorization/matchers.h +211 -0
  1148. data/src/core/lib/security/authorization/rbac_policy.cc +442 -0
  1149. data/src/core/lib/security/authorization/rbac_policy.h +171 -0
  1150. data/src/core/lib/security/context/security_context.cc +19 -13
  1151. data/src/core/lib/security/context/security_context.h +12 -3
  1152. data/src/core/lib/security/credentials/alts/alts_credentials.cc +8 -6
  1153. data/src/core/lib/security/credentials/alts/alts_credentials.h +11 -1
  1154. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  1155. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
  1156. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
  1157. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
  1158. data/src/core/lib/security/credentials/call_creds_util.cc +87 -0
  1159. data/src/core/lib/security/credentials/call_creds_util.h +42 -0
  1160. data/src/core/lib/security/credentials/channel_creds_registry.h +97 -0
  1161. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +70 -0
  1162. data/src/core/lib/security/credentials/composite/composite_credentials.cc +28 -86
  1163. data/src/core/lib/security/credentials/composite/composite_credentials.h +23 -10
  1164. data/src/core/lib/security/credentials/credentials.cc +18 -17
  1165. data/src/core/lib/security/credentials/credentials.h +92 -90
  1166. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +419 -0
  1167. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +82 -0
  1168. data/src/core/lib/security/credentials/external/aws_request_signer.cc +214 -0
  1169. data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
  1170. data/src/core/lib/security/credentials/external/external_account_credentials.cc +544 -0
  1171. data/src/core/lib/security/credentials/external/external_account_credentials.h +118 -0
  1172. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
  1173. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +49 -0
  1174. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +230 -0
  1175. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +61 -0
  1176. data/src/core/lib/security/credentials/fake/fake_credentials.cc +26 -29
  1177. data/src/core/lib/security/credentials/fake/fake_credentials.h +22 -21
  1178. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -7
  1179. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +169 -82
  1180. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +9 -3
  1181. data/src/core/lib/security/credentials/iam/iam_credentials.cc +23 -29
  1182. data/src/core/lib/security/credentials/iam/iam_credentials.h +15 -9
  1183. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +63 -0
  1184. data/src/core/lib/security/credentials/insecure/insecure_credentials.h +57 -0
  1185. data/src/core/lib/security/credentials/jwt/json_token.cc +10 -12
  1186. data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
  1187. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +61 -53
  1188. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +31 -18
  1189. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +70 -62
  1190. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -4
  1191. data/src/core/lib/security/credentials/local/local_credentials.cc +8 -7
  1192. data/src/core/lib/security/credentials/local/local_credentials.h +11 -1
  1193. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +216 -251
  1194. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +67 -38
  1195. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +100 -158
  1196. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +56 -27
  1197. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +36 -22
  1198. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +26 -6
  1199. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +348 -0
  1200. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +217 -0
  1201. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +454 -0
  1202. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +195 -0
  1203. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +209 -0
  1204. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +145 -0
  1205. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +62 -184
  1206. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +98 -294
  1207. data/src/core/lib/security/credentials/tls/tls_credentials.cc +40 -21
  1208. data/src/core/lib/security/credentials/tls/tls_credentials.h +9 -3
  1209. data/src/core/lib/security/credentials/tls/tls_utils.cc +123 -0
  1210. data/src/core/lib/security/credentials/tls/tls_utils.h +51 -0
  1211. data/src/core/lib/security/credentials/xds/xds_credentials.cc +237 -0
  1212. data/src/core/lib/security/credentials/xds/xds_credentials.h +100 -0
  1213. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +23 -19
  1214. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +3 -3
  1215. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +37 -43
  1216. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +0 -2
  1217. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +111 -0
  1218. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +92 -0
  1219. data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
  1220. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
  1221. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +5 -6
  1222. data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
  1223. data/src/core/lib/security/security_connector/local/local_security_connector.cc +35 -27
  1224. data/src/core/lib/security/security_connector/security_connector.cc +14 -18
  1225. data/src/core/lib/security/security_connector/security_connector.h +38 -27
  1226. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +43 -32
  1227. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +6 -2
  1228. data/src/core/lib/security/security_connector/ssl_utils.cc +119 -65
  1229. data/src/core/lib/security/security_connector/ssl_utils.h +40 -40
  1230. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +646 -423
  1231. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +187 -104
  1232. data/src/core/lib/security/transport/auth_filters.h +37 -8
  1233. data/src/core/lib/security/transport/client_auth_filter.cc +102 -358
  1234. data/src/core/lib/security/transport/secure_endpoint.cc +214 -149
  1235. data/src/core/lib/security/transport/secure_endpoint.h +2 -1
  1236. data/src/core/lib/security/transport/security_handshaker.cc +172 -94
  1237. data/src/core/lib/security/transport/security_handshaker.h +2 -1
  1238. data/src/core/lib/security/transport/server_auth_filter.cc +58 -47
  1239. data/src/core/lib/security/transport/tsi_error.cc +5 -6
  1240. data/src/core/lib/security/transport/tsi_error.h +2 -1
  1241. data/src/core/lib/security/util/json_util.cc +10 -13
  1242. data/src/core/lib/security/util/json_util.h +2 -1
  1243. data/src/core/lib/service_config/service_config.h +82 -0
  1244. data/src/core/lib/service_config/service_config_call_data.h +72 -0
  1245. data/src/core/lib/service_config/service_config_impl.cc +230 -0
  1246. data/src/core/lib/service_config/service_config_impl.h +125 -0
  1247. data/src/core/lib/service_config/service_config_parser.cc +93 -0
  1248. data/src/core/lib/service_config/service_config_parser.h +106 -0
  1249. data/src/core/lib/slice/percent_encoding.cc +84 -97
  1250. data/src/core/lib/slice/percent_encoding.h +23 -28
  1251. data/src/core/lib/slice/slice.cc +111 -181
  1252. data/src/core/lib/slice/slice.h +384 -0
  1253. data/src/core/lib/slice/slice_api.cc +39 -0
  1254. data/src/core/lib/slice/slice_buffer.cc +12 -8
  1255. data/src/core/lib/slice/slice_internal.h +17 -277
  1256. data/src/core/lib/slice/slice_refcount.cc +35 -0
  1257. data/src/core/lib/slice/slice_refcount.h +46 -0
  1258. data/src/core/lib/slice/slice_refcount_base.h +61 -0
  1259. data/src/core/lib/slice/slice_split.cc +100 -0
  1260. data/src/core/lib/slice/slice_split.h +40 -0
  1261. data/src/core/lib/slice/slice_string_helpers.cc +0 -83
  1262. data/src/core/lib/slice/slice_string_helpers.h +0 -11
  1263. data/src/core/lib/surface/api_trace.cc +2 -1
  1264. data/src/core/lib/surface/api_trace.h +1 -0
  1265. data/src/core/lib/surface/builtins.cc +49 -0
  1266. data/src/core/lib/surface/builtins.h +26 -0
  1267. data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
  1268. data/src/core/lib/surface/call.cc +1171 -1248
  1269. data/src/core/lib/surface/call.h +16 -24
  1270. data/src/core/lib/surface/call_details.cc +10 -10
  1271. data/src/core/lib/surface/call_log_batch.cc +2 -2
  1272. data/src/core/lib/surface/channel.cc +96 -135
  1273. data/src/core/lib/surface/channel.h +31 -22
  1274. data/src/core/lib/surface/channel_init.cc +22 -76
  1275. data/src/core/lib/surface/channel_init.h +44 -40
  1276. data/src/core/lib/surface/channel_ping.cc +2 -3
  1277. data/src/core/lib/surface/channel_stack_type.cc +2 -1
  1278. data/src/core/lib/surface/completion_queue.cc +154 -162
  1279. data/src/core/lib/surface/completion_queue.h +18 -17
  1280. data/src/core/lib/surface/completion_queue_factory.cc +3 -3
  1281. data/src/core/lib/surface/completion_queue_factory.h +1 -0
  1282. data/src/core/lib/surface/event_string.cc +1 -0
  1283. data/src/core/lib/surface/init.cc +121 -83
  1284. data/src/core/lib/surface/init.h +10 -4
  1285. data/src/core/lib/surface/lame_client.cc +80 -72
  1286. data/src/core/lib/surface/lame_client.h +5 -0
  1287. data/src/core/lib/surface/metadata_array.cc +2 -2
  1288. data/src/core/lib/surface/server.cc +1142 -1373
  1289. data/src/core/lib/surface/server.h +467 -71
  1290. data/src/core/lib/surface/validate_metadata.cc +55 -24
  1291. data/src/core/lib/surface/validate_metadata.h +6 -2
  1292. data/src/core/lib/surface/version.cc +2 -2
  1293. data/src/core/lib/transport/bdp_estimator.cc +11 -12
  1294. data/src/core/lib/transport/bdp_estimator.h +4 -3
  1295. data/src/core/lib/transport/byte_stream.cc +11 -5
  1296. data/src/core/lib/transport/byte_stream.h +12 -11
  1297. data/src/core/lib/transport/connectivity_state.cc +27 -19
  1298. data/src/core/lib/transport/connectivity_state.h +28 -14
  1299. data/src/core/lib/transport/error_utils.cc +73 -21
  1300. data/src/core/lib/transport/error_utils.h +17 -4
  1301. data/src/core/lib/transport/metadata_batch.h +1355 -152
  1302. data/src/core/lib/transport/parsed_metadata.cc +37 -0
  1303. data/src/core/lib/transport/parsed_metadata.h +401 -0
  1304. data/src/core/lib/transport/pid_controller.cc +4 -4
  1305. data/src/core/lib/transport/status_conversion.cc +2 -2
  1306. data/src/core/lib/transport/status_conversion.h +1 -1
  1307. data/src/core/lib/transport/timeout_encoding.cc +208 -71
  1308. data/src/core/lib/transport/timeout_encoding.h +40 -10
  1309. data/src/core/lib/transport/transport.cc +18 -36
  1310. data/src/core/lib/transport/transport.h +129 -15
  1311. data/src/core/lib/transport/transport_impl.h +14 -0
  1312. data/src/core/lib/transport/transport_op_string.cc +13 -35
  1313. data/src/core/lib/uri/uri_parser.cc +305 -254
  1314. data/src/core/lib/uri/uri_parser.h +92 -38
  1315. data/src/core/plugin_registry/grpc_plugin_registry.cc +76 -68
  1316. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +85 -0
  1317. data/src/core/tsi/alts/crypt/aes_gcm.cc +6 -3
  1318. data/src/core/tsi/alts/crypt/gsec.cc +5 -4
  1319. data/src/core/tsi/alts/crypt/gsec.h +5 -0
  1320. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +13 -12
  1321. data/src/core/tsi/alts/frame_protector/frame_handler.cc +18 -17
  1322. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +77 -68
  1323. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
  1324. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +9 -1
  1325. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +103 -64
  1326. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
  1327. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
  1328. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -2
  1329. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +1 -1
  1330. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +5 -5
  1331. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +2 -2
  1332. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
  1333. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
  1334. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
  1335. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +6 -6
  1336. data/src/core/tsi/fake_transport_security.cc +32 -12
  1337. data/src/core/tsi/local_transport_security.cc +46 -87
  1338. data/src/core/tsi/local_transport_security.h +6 -10
  1339. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +141 -0
  1340. data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +81 -0
  1341. data/src/core/tsi/ssl/session_cache/ssl_session.h +2 -4
  1342. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  1343. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +20 -55
  1344. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +9 -9
  1345. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
  1346. data/src/core/tsi/ssl_transport_security.cc +422 -129
  1347. data/src/core/tsi/ssl_transport_security.h +68 -16
  1348. data/src/core/tsi/transport_security.cc +25 -11
  1349. data/src/core/tsi/transport_security.h +16 -1
  1350. data/src/core/tsi/transport_security_grpc.h +1 -0
  1351. data/src/core/tsi/transport_security_interface.h +34 -1
  1352. data/src/ruby/bin/math_services_pb.rb +5 -5
  1353. data/src/ruby/ext/grpc/extconf.rb +34 -11
  1354. data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
  1355. data/src/ruby/ext/grpc/rb_call.c +8 -7
  1356. data/src/ruby/ext/grpc/rb_call.h +4 -0
  1357. data/src/ruby/ext/grpc/rb_call_credentials.c +62 -17
  1358. data/src/ruby/ext/grpc/rb_channel.c +24 -10
  1359. data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
  1360. data/src/ruby/ext/grpc/rb_channel_credentials.c +24 -5
  1361. data/src/ruby/ext/grpc/rb_channel_credentials.h +5 -0
  1362. data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
  1363. data/src/ruby/ext/grpc/rb_compression_options.c +6 -5
  1364. data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
  1365. data/src/ruby/ext/grpc/rb_event_thread.c +4 -2
  1366. data/src/ruby/ext/grpc/rb_grpc.c +9 -4
  1367. data/src/ruby/ext/grpc/rb_grpc.h +1 -0
  1368. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +76 -48
  1369. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +130 -88
  1370. data/src/ruby/ext/grpc/rb_server.c +26 -10
  1371. data/src/ruby/ext/grpc/rb_server_credentials.c +22 -6
  1372. data/src/ruby/ext/grpc/rb_server_credentials.h +5 -0
  1373. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +218 -0
  1374. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +37 -0
  1375. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +170 -0
  1376. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +37 -0
  1377. data/src/ruby/lib/grpc/generic/active_call.rb +7 -1
  1378. data/src/ruby/lib/grpc/generic/client_stub.rb +5 -3
  1379. data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
  1380. data/src/ruby/lib/grpc/grpc.rb +1 -1
  1381. data/src/ruby/lib/grpc/version.rb +1 -1
  1382. data/src/ruby/pb/generate_proto_ruby.sh +1 -0
  1383. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +3 -3
  1384. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +40 -0
  1385. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +1 -0
  1386. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +50 -16
  1387. data/src/ruby/pb/test/client.rb +769 -0
  1388. data/src/ruby/pb/test/server.rb +252 -0
  1389. data/src/ruby/pb/test/xds_client.rb +415 -0
  1390. data/src/ruby/spec/call_spec.rb +1 -1
  1391. data/src/ruby/spec/channel_credentials_spec.rb +42 -0
  1392. data/src/ruby/spec/channel_spec.rb +17 -6
  1393. data/src/ruby/spec/client_auth_spec.rb +27 -1
  1394. data/src/ruby/spec/client_server_spec.rb +1 -1
  1395. data/src/ruby/spec/errors_spec.rb +1 -1
  1396. data/src/ruby/spec/generic/active_call_spec.rb +21 -10
  1397. data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
  1398. data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
  1399. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  1400. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +2 -0
  1401. data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
  1402. data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
  1403. data/src/ruby/spec/pb/codegen/package_option_spec.rb +27 -7
  1404. data/src/ruby/spec/server_credentials_spec.rb +25 -0
  1405. data/src/ruby/spec/server_spec.rb +22 -0
  1406. data/src/ruby/spec/support/services.rb +10 -4
  1407. data/src/ruby/spec/user_agent_spec.rb +74 -0
  1408. data/third_party/abseil-cpp/absl/algorithm/container.h +1774 -0
  1409. data/third_party/abseil-cpp/absl/base/attributes.h +169 -55
  1410. data/third_party/abseil-cpp/absl/base/call_once.h +3 -10
  1411. data/third_party/abseil-cpp/absl/base/casts.h +9 -6
  1412. data/third_party/abseil-cpp/absl/base/config.h +150 -49
  1413. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +417 -335
  1414. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +169 -0
  1415. data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
  1416. data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
  1417. data/third_party/abseil-cpp/absl/base/internal/fast_type_id.h +48 -0
  1418. data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
  1419. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
  1420. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
  1421. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +31 -4
  1422. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +35 -33
  1423. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +17 -5
  1424. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +36 -40
  1425. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +36 -31
  1426. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
  1427. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +11 -3
  1428. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
  1429. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +13 -11
  1430. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
  1431. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +97 -5
  1432. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
  1433. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +9 -6
  1434. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +58 -52
  1435. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
  1436. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
  1437. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
  1438. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +17 -3
  1439. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +7 -7
  1440. data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
  1441. data/third_party/abseil-cpp/absl/base/macros.h +47 -109
  1442. data/third_party/abseil-cpp/absl/base/optimization.h +69 -6
  1443. data/third_party/abseil-cpp/absl/base/options.h +31 -4
  1444. data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
  1445. data/third_party/abseil-cpp/absl/base/port.h +0 -1
  1446. data/third_party/abseil-cpp/absl/base/thread_annotations.h +95 -40
  1447. data/third_party/abseil-cpp/absl/container/fixed_array.h +527 -0
  1448. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
  1449. data/third_party/abseil-cpp/absl/container/inlined_vector.h +141 -134
  1450. data/third_party/abseil-cpp/absl/container/internal/common.h +206 -0
  1451. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +34 -9
  1452. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +460 -0
  1453. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +163 -0
  1454. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +208 -0
  1455. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
  1456. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +190 -0
  1457. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +281 -0
  1458. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +31 -0
  1459. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +50 -0
  1460. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +469 -429
  1461. data/third_party/abseil-cpp/absl/container/internal/layout.h +743 -0
  1462. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +198 -0
  1463. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +67 -0
  1464. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +2034 -0
  1465. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +139 -0
  1466. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
  1467. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1959 -0
  1468. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
  1469. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +383 -0
  1470. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +138 -0
  1471. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +199 -0
  1472. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +134 -0
  1473. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +87 -0
  1474. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_emscripten-inl.inc +110 -0
  1475. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +108 -0
  1476. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +253 -0
  1477. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +234 -0
  1478. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
  1479. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +93 -0
  1480. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +364 -0
  1481. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +153 -0
  1482. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +191 -0
  1483. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
  1484. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +142 -0
  1485. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
  1486. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +38 -0
  1487. data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
  1488. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
  1489. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1574 -0
  1490. data/third_party/abseil-cpp/absl/debugging/symbolize_emscripten.inc +72 -0
  1491. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
  1492. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
  1493. data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
  1494. data/third_party/abseil-cpp/absl/functional/function_ref.h +142 -0
  1495. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
  1496. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
  1497. data/third_party/abseil-cpp/absl/hash/hash.h +347 -0
  1498. data/third_party/abseil-cpp/absl/hash/internal/city.cc +349 -0
  1499. data/third_party/abseil-cpp/absl/hash/internal/city.h +78 -0
  1500. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +69 -0
  1501. data/third_party/abseil-cpp/absl/hash/internal/hash.h +1096 -0
  1502. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +123 -0
  1503. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.h +50 -0
  1504. data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
  1505. data/third_party/abseil-cpp/absl/meta/type_traits.h +49 -11
  1506. data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
  1507. data/third_party/abseil-cpp/absl/numeric/int128.cc +16 -37
  1508. data/third_party/abseil-cpp/absl/numeric/int128.h +159 -85
  1509. data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +19 -25
  1510. data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +73 -70
  1511. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
  1512. data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
  1513. data/third_party/abseil-cpp/absl/profiling/internal/exponential_biased.cc +93 -0
  1514. data/third_party/abseil-cpp/absl/profiling/internal/exponential_biased.h +130 -0
  1515. data/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h +230 -0
  1516. data/third_party/abseil-cpp/absl/random/bernoulli_distribution.h +200 -0
  1517. data/third_party/abseil-cpp/absl/random/beta_distribution.h +427 -0
  1518. data/third_party/abseil-cpp/absl/random/discrete_distribution.cc +98 -0
  1519. data/third_party/abseil-cpp/absl/random/discrete_distribution.h +247 -0
  1520. data/third_party/abseil-cpp/absl/random/distributions.h +452 -0
  1521. data/third_party/abseil-cpp/absl/random/exponential_distribution.h +165 -0
  1522. data/third_party/abseil-cpp/absl/random/gaussian_distribution.cc +104 -0
  1523. data/third_party/abseil-cpp/absl/random/gaussian_distribution.h +275 -0
  1524. data/third_party/abseil-cpp/absl/random/internal/distribution_caller.h +92 -0
  1525. data/third_party/abseil-cpp/absl/random/internal/fast_uniform_bits.h +268 -0
  1526. data/third_party/abseil-cpp/absl/random/internal/fastmath.h +57 -0
  1527. data/third_party/abseil-cpp/absl/random/internal/generate_real.h +144 -0
  1528. data/third_party/abseil-cpp/absl/random/internal/iostream_state_saver.h +245 -0
  1529. data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +150 -0
  1530. data/third_party/abseil-cpp/absl/random/internal/pcg_engine.h +308 -0
  1531. data/third_party/abseil-cpp/absl/random/internal/platform.h +171 -0
  1532. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.cc +253 -0
  1533. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.h +131 -0
  1534. data/third_party/abseil-cpp/absl/random/internal/randen.cc +91 -0
  1535. data/third_party/abseil-cpp/absl/random/internal/randen.h +102 -0
  1536. data/third_party/abseil-cpp/absl/random/internal/randen_detect.cc +221 -0
  1537. data/third_party/abseil-cpp/absl/random/internal/randen_detect.h +33 -0
  1538. data/third_party/abseil-cpp/absl/random/internal/randen_engine.h +239 -0
  1539. data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.cc +526 -0
  1540. data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.h +50 -0
  1541. data/third_party/abseil-cpp/absl/random/internal/randen_round_keys.cc +462 -0
  1542. data/third_party/abseil-cpp/absl/random/internal/randen_slow.cc +471 -0
  1543. data/third_party/abseil-cpp/absl/random/internal/randen_slow.h +40 -0
  1544. data/third_party/abseil-cpp/absl/random/internal/randen_traits.h +88 -0
  1545. data/third_party/abseil-cpp/absl/random/internal/salted_seed_seq.h +167 -0
  1546. data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +267 -0
  1547. data/third_party/abseil-cpp/absl/random/internal/seed_material.h +104 -0
  1548. data/third_party/abseil-cpp/absl/random/internal/traits.h +101 -0
  1549. data/third_party/abseil-cpp/absl/random/internal/uniform_helper.h +244 -0
  1550. data/third_party/abseil-cpp/absl/random/internal/wide_multiply.h +111 -0
  1551. data/third_party/abseil-cpp/absl/random/log_uniform_int_distribution.h +257 -0
  1552. data/third_party/abseil-cpp/absl/random/poisson_distribution.h +258 -0
  1553. data/third_party/abseil-cpp/absl/random/random.h +189 -0
  1554. data/third_party/abseil-cpp/absl/random/seed_gen_exception.cc +46 -0
  1555. data/third_party/abseil-cpp/absl/random/seed_gen_exception.h +55 -0
  1556. data/third_party/abseil-cpp/absl/random/seed_sequences.cc +29 -0
  1557. data/third_party/abseil-cpp/absl/random/seed_sequences.h +110 -0
  1558. data/third_party/abseil-cpp/absl/random/uniform_int_distribution.h +275 -0
  1559. data/third_party/abseil-cpp/absl/random/uniform_real_distribution.h +202 -0
  1560. data/third_party/abseil-cpp/absl/random/zipf_distribution.h +271 -0
  1561. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +69 -0
  1562. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +396 -0
  1563. data/third_party/abseil-cpp/absl/status/status.cc +444 -0
  1564. data/third_party/abseil-cpp/absl/status/status.h +882 -0
  1565. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +38 -0
  1566. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
  1567. data/third_party/abseil-cpp/absl/status/statusor.cc +103 -0
  1568. data/third_party/abseil-cpp/absl/status/statusor.h +770 -0
  1569. data/third_party/abseil-cpp/absl/strings/charconv.cc +10 -10
  1570. data/third_party/abseil-cpp/absl/strings/charconv.h +3 -2
  1571. data/third_party/abseil-cpp/absl/strings/cord.cc +2047 -0
  1572. data/third_party/abseil-cpp/absl/strings/cord.h +1521 -0
  1573. data/third_party/abseil-cpp/absl/strings/escaping.cc +13 -13
  1574. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
  1575. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
  1576. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
  1577. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +9 -9
  1578. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +89 -0
  1579. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +620 -0
  1580. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +1128 -0
  1581. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h +939 -0
  1582. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.cc +185 -0
  1583. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.h +265 -0
  1584. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.cc +68 -0
  1585. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.h +211 -0
  1586. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.cc +129 -0
  1587. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.h +50 -0
  1588. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
  1589. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +771 -0
  1590. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +607 -0
  1591. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +118 -0
  1592. data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.cc +96 -0
  1593. data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h +85 -0
  1594. data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.cc +139 -0
  1595. data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h +131 -0
  1596. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +445 -0
  1597. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.h +298 -0
  1598. data/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h +87 -0
  1599. data/third_party/abseil-cpp/absl/strings/internal/cordz_update_scope.h +71 -0
  1600. data/third_party/abseil-cpp/absl/strings/internal/cordz_update_tracker.h +121 -0
  1601. data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +48 -2
  1602. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +236 -136
  1603. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +158 -64
  1604. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +19 -6
  1605. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +30 -22
  1606. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +21 -14
  1607. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +37 -13
  1608. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +183 -153
  1609. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +1017 -87
  1610. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +17 -3
  1611. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
  1612. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +82 -77
  1613. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +51 -27
  1614. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +49 -74
  1615. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
  1616. data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
  1617. data/third_party/abseil-cpp/absl/strings/match.h +16 -6
  1618. data/third_party/abseil-cpp/absl/strings/numbers.cc +133 -5
  1619. data/third_party/abseil-cpp/absl/strings/numbers.h +44 -10
  1620. data/third_party/abseil-cpp/absl/strings/str_cat.cc +8 -8
  1621. data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
  1622. data/third_party/abseil-cpp/absl/strings/str_format.h +290 -15
  1623. data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
  1624. data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
  1625. data/third_party/abseil-cpp/absl/strings/str_split.h +39 -4
  1626. data/third_party/abseil-cpp/absl/strings/string_view.cc +16 -21
  1627. data/third_party/abseil-cpp/absl/strings/string_view.h +143 -55
  1628. data/third_party/abseil-cpp/absl/strings/substitute.cc +7 -6
  1629. data/third_party/abseil-cpp/absl/strings/substitute.h +109 -81
  1630. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
  1631. data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
  1632. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +67 -0
  1633. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +101 -0
  1634. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
  1635. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
  1636. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
  1637. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +698 -0
  1638. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
  1639. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +156 -0
  1640. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
  1641. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
  1642. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +428 -0
  1643. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +155 -0
  1644. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2751 -0
  1645. data/third_party/abseil-cpp/absl/synchronization/mutex.h +1082 -0
  1646. data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
  1647. data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
  1648. data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -11
  1649. data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
  1650. data/third_party/abseil-cpp/absl/time/clock.h +2 -2
  1651. data/third_party/abseil-cpp/absl/time/duration.cc +93 -61
  1652. data/third_party/abseil-cpp/absl/time/format.cc +43 -36
  1653. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +33 -27
  1654. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +97 -22
  1655. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
  1656. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +1 -1
  1657. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
  1658. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +2 -1
  1659. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
  1660. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
  1661. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +219 -150
  1662. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
  1663. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +15 -8
  1664. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +49 -0
  1665. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +3 -3
  1666. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +1 -1
  1667. data/third_party/abseil-cpp/absl/time/time.cc +4 -3
  1668. data/third_party/abseil-cpp/absl/time/time.h +107 -75
  1669. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +1 -1
  1670. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
  1671. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
  1672. data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
  1673. data/third_party/abseil-cpp/absl/types/optional.h +9 -9
  1674. data/third_party/abseil-cpp/absl/types/span.h +51 -38
  1675. data/third_party/abseil-cpp/absl/types/variant.h +866 -0
  1676. data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
  1677. data/third_party/address_sorting/address_sorting_posix.c +1 -0
  1678. data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
  1679. data/third_party/boringssl-with-bazel/err_data.c +775 -721
  1680. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +72 -59
  1681. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +22 -23
  1682. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
  1683. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +5 -5
  1684. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +6 -1
  1685. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +6 -6
  1686. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +16 -23
  1687. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +70 -57
  1688. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  1689. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
  1690. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +650 -0
  1691. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +106 -153
  1692. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +6 -6
  1693. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +23 -11
  1694. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +3 -42
  1695. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
  1696. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +74 -68
  1697. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
  1698. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +25 -29
  1699. data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
  1700. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +6 -1
  1701. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
  1702. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +224 -0
  1703. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +79 -354
  1704. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +327 -281
  1705. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +15 -26
  1706. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +20 -75
  1707. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +8 -8
  1708. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +3 -2
  1709. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
  1710. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +24 -8
  1711. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
  1712. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
  1713. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
  1714. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
  1715. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
  1716. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
  1717. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
  1718. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  1719. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +156 -0
  1720. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  1721. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +11 -10
  1722. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
  1723. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +68 -45
  1724. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +38 -47
  1725. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +49 -65
  1726. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  1727. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
  1728. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +101 -3
  1729. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +120 -273
  1730. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
  1731. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  1732. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
  1733. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
  1734. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
  1735. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
  1736. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  1737. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +272 -0
  1738. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +31 -3
  1739. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +30 -43
  1740. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
  1741. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
  1742. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  1743. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
  1744. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
  1745. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
  1746. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +13 -0
  1747. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +161 -2
  1748. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
  1749. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +32 -34
  1750. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
  1751. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +4 -1
  1752. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  1753. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +28 -12
  1754. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
  1755. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +26 -5
  1756. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
  1757. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +5 -9
  1758. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +44 -16
  1759. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +208 -37
  1760. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +10 -11
  1761. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +1 -3
  1762. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  1763. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +456 -0
  1764. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +11 -0
  1765. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
  1766. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
  1767. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +16 -0
  1768. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -2
  1769. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -5
  1770. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
  1771. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
  1772. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
  1773. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
  1774. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
  1775. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +105 -95
  1776. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
  1777. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +56 -72
  1778. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +56 -73
  1779. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
  1780. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
  1781. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
  1782. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
  1783. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
  1784. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
  1785. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
  1786. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +30 -9
  1787. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +123 -44
  1788. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +30 -20
  1789. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
  1790. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +80 -43
  1791. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +120 -62
  1792. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
  1793. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +238 -18
  1794. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +93 -107
  1795. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +91 -113
  1796. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +50 -86
  1797. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +618 -0
  1798. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
  1799. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
  1800. data/third_party/boringssl-with-bazel/src/crypto/internal.h +125 -0
  1801. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
  1802. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
  1803. data/third_party/boringssl-with-bazel/src/crypto/mem.c +75 -24
  1804. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +10 -6
  1805. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
  1806. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
  1807. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
  1808. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
  1809. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
  1810. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
  1811. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +38 -4
  1812. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +156 -15
  1813. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -1
  1814. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +1 -1
  1815. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +132 -54
  1816. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +11 -8
  1817. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  1818. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  1819. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +5 -1
  1820. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +59 -22
  1821. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
  1822. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
  1823. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
  1824. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +5 -1
  1825. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
  1826. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
  1827. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +6 -6
  1828. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  1829. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
  1830. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +110 -70
  1831. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +348 -423
  1832. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +217 -79
  1833. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
  1834. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
  1835. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +11 -1
  1836. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +5 -21
  1837. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
  1838. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
  1839. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +351 -13
  1840. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
  1841. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +20 -5
  1842. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +13 -8
  1843. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
  1844. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -180
  1845. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +7 -2
  1846. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
  1847. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +24 -47
  1848. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +24 -39
  1849. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +29 -23
  1850. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -5
  1851. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +2 -1
  1852. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +52 -89
  1853. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +67 -12
  1854. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +9 -4
  1855. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
  1856. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +29 -26
  1857. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +82 -113
  1858. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +54 -74
  1859. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +99 -25
  1860. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -12
  1861. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
  1862. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -19
  1863. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +13 -26
  1864. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
  1865. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +52 -28
  1866. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
  1867. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +49 -59
  1868. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  1869. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +21 -172
  1870. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
  1871. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +25 -0
  1872. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
  1873. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +75 -15
  1874. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +5 -2
  1875. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
  1876. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +244 -11
  1877. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +2 -1
  1878. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +7 -5
  1879. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +1 -1
  1880. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +2 -1
  1881. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +1 -1
  1882. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +5 -4
  1883. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +27 -8
  1884. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +43 -32
  1885. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +6 -3
  1886. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -28
  1887. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +10 -13
  1888. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -2
  1889. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +7 -1
  1890. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +42 -22
  1891. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  1892. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
  1893. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +48 -40
  1894. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
  1895. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
  1896. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +15 -14
  1897. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +128 -42
  1898. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +8 -7
  1899. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +86 -44
  1900. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +25 -4
  1901. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
  1902. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +119 -0
  1903. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +1801 -673
  1904. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +5 -179
  1905. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +67 -15
  1906. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +8 -0
  1907. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +7 -1
  1908. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  1909. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
  1910. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +32 -7
  1911. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
  1912. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +42 -7
  1913. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
  1914. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
  1915. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +25 -5
  1916. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
  1917. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +66 -32
  1918. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +19 -2
  1919. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +27 -41
  1920. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +20 -2
  1921. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +12 -27
  1922. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +41 -10
  1923. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
  1924. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +108 -75
  1925. data/third_party/boringssl-with-bazel/src/include/openssl/evp_errors.h +99 -0
  1926. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
  1927. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +350 -0
  1928. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
  1929. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
  1930. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +12 -3
  1931. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +26 -6
  1932. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
  1933. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +194 -146
  1934. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +42 -18
  1935. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +15 -2
  1936. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +7 -1
  1937. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -2
  1938. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +128 -91
  1939. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +39 -16
  1940. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +570 -144
  1941. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +53 -38
  1942. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +43 -24
  1943. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2041 -829
  1944. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +16 -679
  1945. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +642 -452
  1946. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
  1947. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +16 -18
  1948. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
  1949. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1084 -0
  1950. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +4325 -0
  1951. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +336 -25
  1952. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +108 -53
  1953. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +317 -221
  1954. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +187 -36
  1955. data/third_party/boringssl-with-bazel/src/ssl/internal.h +554 -173
  1956. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
  1957. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -2
  1958. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
  1959. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +55 -15
  1960. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +7 -12
  1961. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +10 -11
  1962. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +34 -31
  1963. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +167 -110
  1964. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
  1965. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +147 -138
  1966. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
  1967. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +12 -17
  1968. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +16 -8
  1969. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +28 -23
  1970. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +47 -28
  1971. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +80 -36
  1972. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +316 -211
  1973. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +160 -91
  1974. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +398 -145
  1975. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
  1976. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
  1977. data/third_party/cares/cares/include/ares.h +742 -0
  1978. data/third_party/cares/cares/include/ares_dns.h +112 -0
  1979. data/third_party/cares/cares/{ares_rules.h → include/ares_rules.h} +0 -0
  1980. data/third_party/cares/cares/include/ares_version.h +24 -0
  1981. data/third_party/cares/cares/src/lib/ares__close_sockets.c +61 -0
  1982. data/third_party/cares/cares/src/lib/ares__get_hostent.c +260 -0
  1983. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +260 -0
  1984. data/third_party/cares/cares/{ares__read_line.c → src/lib/ares__read_line.c} +0 -0
  1985. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +264 -0
  1986. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +499 -0
  1987. data/third_party/cares/cares/{ares__timeval.c → src/lib/ares__timeval.c} +0 -0
  1988. data/third_party/cares/cares/src/lib/ares_android.c +444 -0
  1989. data/third_party/cares/cares/src/lib/ares_android.h +27 -0
  1990. data/third_party/cares/cares/{ares_cancel.c → src/lib/ares_cancel.c} +0 -0
  1991. data/third_party/cares/cares/src/lib/ares_create_query.c +197 -0
  1992. data/third_party/cares/cares/src/lib/ares_data.c +240 -0
  1993. data/third_party/cares/cares/src/lib/ares_data.h +74 -0
  1994. data/third_party/cares/cares/{ares_destroy.c → src/lib/ares_destroy.c} +0 -0
  1995. data/third_party/cares/cares/src/lib/ares_expand_name.c +300 -0
  1996. data/third_party/cares/cares/src/lib/ares_expand_string.c +67 -0
  1997. data/third_party/cares/cares/{ares_fds.c → src/lib/ares_fds.c} +0 -0
  1998. data/third_party/cares/cares/src/lib/ares_free_hostent.c +43 -0
  1999. data/third_party/cares/cares/{ares_free_string.c → src/lib/ares_free_string.c} +0 -0
  2000. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +59 -0
  2001. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +772 -0
  2002. data/third_party/cares/cares/src/lib/ares_getenv.c +28 -0
  2003. data/third_party/cares/cares/{ares_getenv.h → src/lib/ares_getenv.h} +0 -0
  2004. data/third_party/cares/cares/src/lib/ares_gethostbyaddr.c +287 -0
  2005. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +534 -0
  2006. data/third_party/cares/cares/src/lib/ares_getnameinfo.c +447 -0
  2007. data/third_party/cares/cares/{ares_getsock.c → src/lib/ares_getsock.c} +0 -0
  2008. data/third_party/cares/cares/{ares_inet_net_pton.h → src/lib/ares_inet_net_pton.h} +0 -0
  2009. data/third_party/cares/cares/src/lib/ares_init.c +2654 -0
  2010. data/third_party/cares/cares/{ares_iphlpapi.h → src/lib/ares_iphlpapi.h} +0 -0
  2011. data/third_party/cares/cares/src/lib/ares_ipv6.h +85 -0
  2012. data/third_party/cares/cares/src/lib/ares_library_init.c +200 -0
  2013. data/third_party/cares/cares/src/lib/ares_library_init.h +43 -0
  2014. data/third_party/cares/cares/{ares_llist.c → src/lib/ares_llist.c} +0 -0
  2015. data/third_party/cares/cares/{ares_llist.h → src/lib/ares_llist.h} +0 -0
  2016. data/third_party/cares/cares/{ares_mkquery.c → src/lib/ares_mkquery.c} +0 -0
  2017. data/third_party/cares/cares/src/lib/ares_nameser.h +482 -0
  2018. data/third_party/cares/cares/{ares_nowarn.c → src/lib/ares_nowarn.c} +0 -0
  2019. data/third_party/cares/cares/{ares_nowarn.h → src/lib/ares_nowarn.h} +0 -0
  2020. data/third_party/cares/cares/{ares_options.c → src/lib/ares_options.c} +0 -0
  2021. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +209 -0
  2022. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +212 -0
  2023. data/third_party/cares/cares/src/lib/ares_parse_caa_reply.c +199 -0
  2024. data/third_party/cares/cares/src/lib/ares_parse_mx_reply.c +164 -0
  2025. data/third_party/cares/cares/src/lib/ares_parse_naptr_reply.c +183 -0
  2026. data/third_party/cares/cares/src/lib/ares_parse_ns_reply.c +177 -0
  2027. data/third_party/cares/cares/src/lib/ares_parse_ptr_reply.c +228 -0
  2028. data/third_party/cares/cares/src/lib/ares_parse_soa_reply.c +179 -0
  2029. data/third_party/cares/cares/src/lib/ares_parse_srv_reply.c +168 -0
  2030. data/third_party/cares/cares/src/lib/ares_parse_txt_reply.c +214 -0
  2031. data/third_party/cares/cares/{ares_platform.c → src/lib/ares_platform.c} +0 -0
  2032. data/third_party/cares/cares/{ares_platform.h → src/lib/ares_platform.h} +0 -0
  2033. data/third_party/cares/cares/src/lib/ares_private.h +423 -0
  2034. data/third_party/cares/cares/src/lib/ares_process.c +1548 -0
  2035. data/third_party/cares/cares/src/lib/ares_query.c +180 -0
  2036. data/third_party/cares/cares/src/lib/ares_search.c +321 -0
  2037. data/third_party/cares/cares/src/lib/ares_send.c +131 -0
  2038. data/third_party/cares/cares/src/lib/ares_setup.h +220 -0
  2039. data/third_party/cares/cares/{ares_strcasecmp.c → src/lib/ares_strcasecmp.c} +0 -0
  2040. data/third_party/cares/cares/{ares_strcasecmp.h → src/lib/ares_strcasecmp.h} +0 -0
  2041. data/third_party/cares/cares/{ares_strdup.c → src/lib/ares_strdup.c} +0 -0
  2042. data/third_party/cares/cares/{ares_strdup.h → src/lib/ares_strdup.h} +0 -0
  2043. data/third_party/cares/cares/{ares_strerror.c → src/lib/ares_strerror.c} +0 -0
  2044. data/third_party/cares/cares/src/lib/ares_strsplit.c +178 -0
  2045. data/third_party/cares/cares/{ares_strsplit.h → src/lib/ares_strsplit.h} +0 -0
  2046. data/third_party/cares/cares/{ares_timeout.c → src/lib/ares_timeout.c} +0 -0
  2047. data/third_party/cares/cares/{ares_version.c → src/lib/ares_version.c} +0 -0
  2048. data/third_party/cares/cares/{ares_writev.c → src/lib/ares_writev.c} +0 -0
  2049. data/third_party/cares/cares/src/lib/ares_writev.h +36 -0
  2050. data/third_party/cares/cares/{bitncmp.c → src/lib/bitncmp.c} +0 -0
  2051. data/third_party/cares/cares/{bitncmp.h → src/lib/bitncmp.h} +0 -0
  2052. data/third_party/cares/cares/src/lib/config-dos.h +115 -0
  2053. data/third_party/cares/cares/{config-win32.h → src/lib/config-win32.h} +0 -0
  2054. data/third_party/cares/cares/src/lib/inet_net_pton.c +444 -0
  2055. data/third_party/cares/cares/src/lib/inet_ntop.c +201 -0
  2056. data/third_party/cares/cares/{setup_once.h → src/lib/setup_once.h} +0 -0
  2057. data/third_party/cares/cares/{windows_port.c → src/lib/windows_port.c} +0 -0
  2058. data/third_party/re2/re2/bitmap256.h +117 -0
  2059. data/third_party/re2/re2/bitstate.cc +385 -0
  2060. data/third_party/re2/re2/compile.cc +1261 -0
  2061. data/third_party/re2/re2/dfa.cc +2118 -0
  2062. data/third_party/re2/re2/filtered_re2.cc +137 -0
  2063. data/third_party/re2/re2/filtered_re2.h +114 -0
  2064. data/third_party/re2/re2/mimics_pcre.cc +197 -0
  2065. data/third_party/re2/re2/nfa.cc +713 -0
  2066. data/third_party/re2/re2/onepass.cc +623 -0
  2067. data/third_party/re2/re2/parse.cc +2483 -0
  2068. data/third_party/re2/re2/perl_groups.cc +119 -0
  2069. data/third_party/re2/re2/pod_array.h +55 -0
  2070. data/third_party/re2/re2/prefilter.cc +711 -0
  2071. data/third_party/re2/re2/prefilter.h +108 -0
  2072. data/third_party/re2/re2/prefilter_tree.cc +407 -0
  2073. data/third_party/re2/re2/prefilter_tree.h +139 -0
  2074. data/third_party/re2/re2/prog.cc +1166 -0
  2075. data/third_party/re2/re2/prog.h +455 -0
  2076. data/third_party/re2/re2/re2.cc +1331 -0
  2077. data/third_party/re2/re2/re2.h +1017 -0
  2078. data/third_party/re2/re2/regexp.cc +987 -0
  2079. data/third_party/re2/re2/regexp.h +665 -0
  2080. data/third_party/re2/re2/set.cc +176 -0
  2081. data/third_party/re2/re2/set.h +85 -0
  2082. data/third_party/re2/re2/simplify.cc +665 -0
  2083. data/third_party/re2/re2/sparse_array.h +392 -0
  2084. data/third_party/re2/re2/sparse_set.h +264 -0
  2085. data/third_party/re2/re2/stringpiece.cc +65 -0
  2086. data/third_party/re2/re2/stringpiece.h +210 -0
  2087. data/third_party/re2/re2/tostring.cc +351 -0
  2088. data/third_party/re2/re2/unicode_casefold.cc +582 -0
  2089. data/third_party/re2/re2/unicode_casefold.h +78 -0
  2090. data/third_party/re2/re2/unicode_groups.cc +6269 -0
  2091. data/third_party/re2/re2/unicode_groups.h +67 -0
  2092. data/third_party/re2/re2/walker-inl.h +246 -0
  2093. data/third_party/re2/util/benchmark.h +156 -0
  2094. data/third_party/re2/util/flags.h +26 -0
  2095. data/third_party/re2/util/logging.h +109 -0
  2096. data/third_party/re2/util/malloc_counter.h +19 -0
  2097. data/third_party/re2/util/mix.h +41 -0
  2098. data/third_party/re2/util/mutex.h +148 -0
  2099. data/third_party/re2/util/pcre.cc +1025 -0
  2100. data/third_party/re2/util/pcre.h +681 -0
  2101. data/third_party/re2/util/rune.cc +260 -0
  2102. data/third_party/re2/util/strutil.cc +149 -0
  2103. data/third_party/re2/util/strutil.h +21 -0
  2104. data/third_party/re2/util/test.h +50 -0
  2105. data/third_party/re2/util/utf.h +44 -0
  2106. data/third_party/re2/util/util.h +42 -0
  2107. data/third_party/upb/third_party/utf8_range/naive.c +92 -0
  2108. data/third_party/upb/third_party/utf8_range/range2-neon.c +157 -0
  2109. data/third_party/upb/third_party/utf8_range/range2-sse.c +170 -0
  2110. data/third_party/upb/third_party/utf8_range/utf8_range.h +9 -0
  2111. data/third_party/upb/upb/decode.c +997 -481
  2112. data/third_party/upb/upb/decode.h +79 -6
  2113. data/third_party/upb/upb/decode_fast.c +1055 -0
  2114. data/third_party/upb/upb/decode_fast.h +153 -0
  2115. data/third_party/upb/upb/decode_internal.h +211 -0
  2116. data/third_party/upb/upb/def.c +3261 -0
  2117. data/third_party/upb/upb/def.h +409 -0
  2118. data/third_party/upb/upb/def.hpp +438 -0
  2119. data/third_party/upb/upb/encode.c +459 -233
  2120. data/third_party/upb/upb/encode.h +56 -6
  2121. data/third_party/upb/upb/json_encode.c +776 -0
  2122. data/third_party/upb/upb/json_encode.h +62 -0
  2123. data/third_party/upb/upb/msg.c +387 -70
  2124. data/third_party/upb/upb/msg.h +90 -45
  2125. data/third_party/upb/upb/msg_internal.h +831 -0
  2126. data/third_party/upb/upb/port_def.inc +195 -84
  2127. data/third_party/upb/upb/port_undef.inc +48 -7
  2128. data/third_party/upb/upb/reflection.c +480 -0
  2129. data/third_party/upb/upb/reflection.h +220 -0
  2130. data/third_party/upb/upb/reflection.hpp +37 -0
  2131. data/third_party/upb/upb/table.c +441 -428
  2132. data/third_party/upb/upb/table_internal.h +385 -0
  2133. data/third_party/upb/upb/text_encode.c +472 -0
  2134. data/third_party/upb/upb/text_encode.h +64 -0
  2135. data/third_party/upb/upb/upb.c +255 -154
  2136. data/third_party/upb/upb/upb.h +235 -226
  2137. data/third_party/upb/upb/upb.hpp +115 -0
  2138. data/third_party/upb/upb/upb_internal.h +68 -0
  2139. data/third_party/xxhash/xxhash.h +5580 -0
  2140. data/third_party/zlib/crc32.c +966 -292
  2141. data/third_party/zlib/crc32.h +9441 -436
  2142. data/third_party/zlib/deflate.c +78 -30
  2143. data/third_party/zlib/deflate.h +12 -15
  2144. data/third_party/zlib/gzguts.h +3 -2
  2145. data/third_party/zlib/gzlib.c +5 -3
  2146. data/third_party/zlib/gzread.c +5 -7
  2147. data/third_party/zlib/gzwrite.c +25 -13
  2148. data/third_party/zlib/infback.c +2 -1
  2149. data/third_party/zlib/inffast.c +14 -14
  2150. data/third_party/zlib/inflate.c +39 -8
  2151. data/third_party/zlib/inflate.h +3 -2
  2152. data/third_party/zlib/inftrees.c +3 -3
  2153. data/third_party/zlib/trees.c +27 -48
  2154. data/third_party/zlib/zlib.h +123 -100
  2155. data/third_party/zlib/zutil.c +2 -2
  2156. data/third_party/zlib/zutil.h +12 -9
  2157. metadata +1175 -359
  2158. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +0 -45
  2159. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +0 -121
  2160. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -938
  2161. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -528
  2162. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -834
  2163. data/src/core/ext/filters/client_channel/parse_address.cc +0 -238
  2164. data/src/core/ext/filters/client_channel/parse_address.h +0 -53
  2165. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -484
  2166. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -177
  2167. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
  2168. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
  2169. data/src/core/ext/filters/client_channel/resolver.cc +0 -85
  2170. data/src/core/ext/filters/client_channel/resolver.h +0 -144
  2171. data/src/core/ext/filters/client_channel/resolver_factory.h +0 -73
  2172. data/src/core/ext/filters/client_channel/resolver_registry.cc +0 -197
  2173. data/src/core/ext/filters/client_channel/resolver_registry.h +0 -89
  2174. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -348
  2175. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -123
  2176. data/src/core/ext/filters/client_channel/server_address.cc +0 -48
  2177. data/src/core/ext/filters/client_channel/server_address.h +0 -90
  2178. data/src/core/ext/filters/client_channel/service_config.cc +0 -221
  2179. data/src/core/ext/filters/client_channel/service_config.h +0 -123
  2180. data/src/core/ext/filters/client_channel/service_config_call_data.h +0 -68
  2181. data/src/core/ext/filters/client_channel/service_config_parser.cc +0 -87
  2182. data/src/core/ext/filters/client_channel/service_config_parser.h +0 -89
  2183. data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -1906
  2184. data/src/core/ext/filters/client_channel/xds/xds_api.h +0 -280
  2185. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +0 -342
  2186. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +0 -88
  2187. data/src/core/ext/filters/client_channel/xds/xds_channel.h +0 -46
  2188. data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +0 -26
  2189. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +0 -106
  2190. data/src/core/ext/filters/client_channel/xds/xds_client.cc +0 -2367
  2191. data/src/core/ext/filters/client_channel/xds/xds_client.h +0 -309
  2192. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +0 -115
  2193. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +0 -211
  2194. data/src/core/ext/filters/client_idle/client_idle_filter.cc +0 -440
  2195. data/src/core/ext/filters/max_age/max_age_filter.cc +0 -556
  2196. data/src/core/ext/filters/max_age/max_age_filter.h +0 -26
  2197. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +0 -210
  2198. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +0 -27
  2199. data/src/core/ext/filters/workarounds/workaround_utils.cc +0 -53
  2200. data/src/core/ext/filters/workarounds/workaround_utils.h +0 -39
  2201. data/src/core/ext/transport/chttp2/client/authority.cc +0 -42
  2202. data/src/core/ext/transport/chttp2/client/authority.h +0 -36
  2203. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +0 -112
  2204. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +0 -79
  2205. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +0 -225
  2206. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +0 -45
  2207. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +0 -75
  2208. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +0 -86
  2209. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +0 -37
  2210. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -246
  2211. data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
  2212. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +0 -66
  2213. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +0 -58
  2214. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
  2215. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -35
  2216. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
  2217. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -418
  2218. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
  2219. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -197
  2220. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
  2221. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -378
  2222. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +0 -28
  2223. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -53
  2224. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
  2225. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -218
  2226. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +0 -35
  2227. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
  2228. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +0 -55
  2229. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -305
  2230. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
  2231. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1447
  2232. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
  2233. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -328
  2234. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +0 -35
  2235. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -78
  2236. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
  2237. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -897
  2238. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
  2239. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -322
  2240. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
  2241. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -72
  2242. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
  2243. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -642
  2244. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
  2245. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -673
  2246. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +0 -36
  2247. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
  2248. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
  2249. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -518
  2250. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +0 -34
  2251. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -89
  2252. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
  2253. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -392
  2254. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +0 -31
  2255. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -53
  2256. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
  2257. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -33
  2258. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
  2259. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -266
  2260. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
  2261. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -324
  2262. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
  2263. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -240
  2264. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +0 -31
  2265. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -53
  2266. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
  2267. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -33
  2268. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
  2269. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -527
  2270. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
  2271. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -112
  2272. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
  2273. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -399
  2274. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +0 -30
  2275. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -53
  2276. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
  2277. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -33
  2278. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
  2279. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -3032
  2280. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
  2281. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -199
  2282. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
  2283. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -134
  2284. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +0 -28
  2285. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -53
  2286. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
  2287. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -725
  2288. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
  2289. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1132
  2290. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +0 -33
  2291. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
  2292. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
  2293. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
  2294. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +0 -24
  2295. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -50
  2296. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
  2297. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -134
  2298. data/src/core/ext/upb-generated/envoy/type/http.upb.c +0 -17
  2299. data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -36
  2300. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
  2301. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -144
  2302. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
  2303. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
  2304. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
  2305. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
  2306. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +0 -39
  2307. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -87
  2308. data/src/core/ext/upb-generated/envoy/type/range.upb.c +0 -50
  2309. data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -112
  2310. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +0 -29
  2311. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -62
  2312. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
  2313. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -249
  2314. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
  2315. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -30
  2316. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +0 -58
  2317. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +0 -144
  2318. data/src/core/lib/avl/avl.cc +0 -306
  2319. data/src/core/lib/compression/algorithm_metadata.h +0 -61
  2320. data/src/core/lib/compression/compression_args.cc +0 -134
  2321. data/src/core/lib/compression/compression_args.h +0 -56
  2322. data/src/core/lib/compression/stream_compression.cc +0 -80
  2323. data/src/core/lib/compression/stream_compression.h +0 -116
  2324. data/src/core/lib/compression/stream_compression_gzip.cc +0 -230
  2325. data/src/core/lib/compression/stream_compression_gzip.h +0 -28
  2326. data/src/core/lib/compression/stream_compression_identity.cc +0 -92
  2327. data/src/core/lib/compression/stream_compression_identity.h +0 -29
  2328. data/src/core/lib/gpr/arena.h +0 -47
  2329. data/src/core/lib/gpr/tls_gcc.h +0 -52
  2330. data/src/core/lib/gpr/tls_msvc.h +0 -52
  2331. data/src/core/lib/gpr/tls_pthread.cc +0 -30
  2332. data/src/core/lib/gpr/tls_pthread.h +0 -56
  2333. data/src/core/lib/gprpp/arena.cc +0 -103
  2334. data/src/core/lib/gprpp/arena.h +0 -120
  2335. data/src/core/lib/gprpp/atomic.h +0 -104
  2336. data/src/core/lib/gprpp/map.h +0 -53
  2337. data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
  2338. data/src/core/lib/iomgr/ev_epollex_linux.cc +0 -1656
  2339. data/src/core/lib/iomgr/ev_epollex_linux.h +0 -30
  2340. data/src/core/lib/iomgr/iomgr_custom.cc +0 -79
  2341. data/src/core/lib/iomgr/iomgr_custom.h +0 -49
  2342. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
  2343. data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
  2344. data/src/core/lib/iomgr/is_epollexclusive_available.cc +0 -105
  2345. data/src/core/lib/iomgr/is_epollexclusive_available.h +0 -36
  2346. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -87
  2347. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
  2348. data/src/core/lib/iomgr/pollset_custom.cc +0 -106
  2349. data/src/core/lib/iomgr/pollset_custom.h +0 -35
  2350. data/src/core/lib/iomgr/pollset_set_custom.cc +0 -48
  2351. data/src/core/lib/iomgr/pollset_set_custom.h +0 -26
  2352. data/src/core/lib/iomgr/pollset_uv.cc +0 -93
  2353. data/src/core/lib/iomgr/pollset_uv.h +0 -32
  2354. data/src/core/lib/iomgr/resolve_address_custom.cc +0 -173
  2355. data/src/core/lib/iomgr/resolve_address_custom.h +0 -45
  2356. data/src/core/lib/iomgr/resource_quota.cc +0 -1013
  2357. data/src/core/lib/iomgr/resource_quota.h +0 -177
  2358. data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
  2359. data/src/core/lib/iomgr/sockaddr_utils.cc +0 -293
  2360. data/src/core/lib/iomgr/sockaddr_utils.h +0 -79
  2361. data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
  2362. data/src/core/lib/iomgr/sys_epoll_wrapper.h +0 -30
  2363. data/src/core/lib/iomgr/tcp_client_custom.cc +0 -163
  2364. data/src/core/lib/iomgr/tcp_custom.cc +0 -370
  2365. data/src/core/lib/iomgr/tcp_custom.h +0 -84
  2366. data/src/core/lib/iomgr/tcp_server_custom.cc +0 -485
  2367. data/src/core/lib/iomgr/tcp_uv.cc +0 -419
  2368. data/src/core/lib/iomgr/timer_custom.cc +0 -95
  2369. data/src/core/lib/iomgr/timer_custom.h +0 -43
  2370. data/src/core/lib/iomgr/timer_uv.cc +0 -66
  2371. data/src/core/lib/iomgr/udp_server.cc +0 -747
  2372. data/src/core/lib/iomgr/udp_server.h +0 -101
  2373. data/src/core/lib/security/credentials/credentials_metadata.cc +0 -62
  2374. data/src/core/lib/security/transport/target_authority_table.cc +0 -75
  2375. data/src/core/lib/security/transport/target_authority_table.h +0 -40
  2376. data/src/core/lib/slice/slice_hash_table.h +0 -199
  2377. data/src/core/lib/slice/slice_intern.cc +0 -375
  2378. data/src/core/lib/slice/slice_utils.h +0 -200
  2379. data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
  2380. data/src/core/lib/surface/init_secure.cc +0 -81
  2381. data/src/core/lib/transport/metadata.cc +0 -679
  2382. data/src/core/lib/transport/metadata.h +0 -446
  2383. data/src/core/lib/transport/metadata_batch.cc +0 -392
  2384. data/src/core/lib/transport/static_metadata.cc +0 -1230
  2385. data/src/core/lib/transport/static_metadata.h +0 -597
  2386. data/src/core/lib/transport/status_metadata.cc +0 -61
  2387. data/src/core/lib/transport/status_metadata.h +0 -48
  2388. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
  2389. data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -218
  2390. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +0 -104
  2391. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +0 -93
  2392. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +0 -533
  2393. data/third_party/boringssl-with-bazel/src/crypto/dh/params.c +0 -93
  2394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
  2395. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +0 -653
  2396. data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
  2397. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +0 -116
  2398. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +0 -217
  2399. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
  2400. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
  2401. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +0 -3870
  2402. data/third_party/cares/cares/ares.h +0 -670
  2403. data/third_party/cares/cares/ares__close_sockets.c +0 -61
  2404. data/third_party/cares/cares/ares__get_hostent.c +0 -261
  2405. data/third_party/cares/cares/ares_create_query.c +0 -206
  2406. data/third_party/cares/cares/ares_data.c +0 -222
  2407. data/third_party/cares/cares/ares_data.h +0 -72
  2408. data/third_party/cares/cares/ares_dns.h +0 -103
  2409. data/third_party/cares/cares/ares_expand_name.c +0 -209
  2410. data/third_party/cares/cares/ares_expand_string.c +0 -70
  2411. data/third_party/cares/cares/ares_free_hostent.c +0 -41
  2412. data/third_party/cares/cares/ares_getenv.c +0 -30
  2413. data/third_party/cares/cares/ares_gethostbyaddr.c +0 -294
  2414. data/third_party/cares/cares/ares_gethostbyname.c +0 -529
  2415. data/third_party/cares/cares/ares_getnameinfo.c +0 -453
  2416. data/third_party/cares/cares/ares_getopt.c +0 -122
  2417. data/third_party/cares/cares/ares_getopt.h +0 -53
  2418. data/third_party/cares/cares/ares_init.c +0 -2615
  2419. data/third_party/cares/cares/ares_ipv6.h +0 -78
  2420. data/third_party/cares/cares/ares_library_init.c +0 -195
  2421. data/third_party/cares/cares/ares_library_init.h +0 -43
  2422. data/third_party/cares/cares/ares_parse_a_reply.c +0 -264
  2423. data/third_party/cares/cares/ares_parse_aaaa_reply.c +0 -264
  2424. data/third_party/cares/cares/ares_parse_mx_reply.c +0 -170
  2425. data/third_party/cares/cares/ares_parse_naptr_reply.c +0 -194
  2426. data/third_party/cares/cares/ares_parse_ns_reply.c +0 -183
  2427. data/third_party/cares/cares/ares_parse_ptr_reply.c +0 -221
  2428. data/third_party/cares/cares/ares_parse_soa_reply.c +0 -133
  2429. data/third_party/cares/cares/ares_parse_srv_reply.c +0 -179
  2430. data/third_party/cares/cares/ares_parse_txt_reply.c +0 -220
  2431. data/third_party/cares/cares/ares_private.h +0 -382
  2432. data/third_party/cares/cares/ares_process.c +0 -1473
  2433. data/third_party/cares/cares/ares_query.c +0 -186
  2434. data/third_party/cares/cares/ares_search.c +0 -323
  2435. data/third_party/cares/cares/ares_send.c +0 -137
  2436. data/third_party/cares/cares/ares_setup.h +0 -217
  2437. data/third_party/cares/cares/ares_strsplit.c +0 -174
  2438. data/third_party/cares/cares/ares_version.h +0 -24
  2439. data/third_party/cares/cares/inet_net_pton.c +0 -450
  2440. data/third_party/cares/cares/inet_ntop.c +0 -207
  2441. data/third_party/upb/upb/generated_util.h +0 -105
  2442. data/third_party/upb/upb/port.c +0 -26
  2443. data/third_party/upb/upb/table.int.h +0 -507
@@ -1,3870 +0,0 @@
1
- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
- * All rights reserved.
3
- *
4
- * This package is an SSL implementation written
5
- * by Eric Young (eay@cryptsoft.com).
6
- * The implementation was written so as to conform with Netscapes SSL.
7
- *
8
- * This library is free for commercial and non-commercial use as long as
9
- * the following conditions are aheared to. The following conditions
10
- * apply to all code found in this distribution, be it the RC4, RSA,
11
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
- * included with this distribution is covered by the same copyright terms
13
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
- *
15
- * Copyright remains Eric Young's, and as such any Copyright notices in
16
- * the code are not to be removed.
17
- * If this package is used in a product, Eric Young should be given attribution
18
- * as the author of the parts of the library used.
19
- * This can be in the form of a textual message at program startup or
20
- * in documentation (online or textual) provided with the package.
21
- *
22
- * Redistribution and use in source and binary forms, with or without
23
- * modification, are permitted provided that the following conditions
24
- * are met:
25
- * 1. Redistributions of source code must retain the copyright
26
- * notice, this list of conditions and the following disclaimer.
27
- * 2. Redistributions in binary form must reproduce the above copyright
28
- * notice, this list of conditions and the following disclaimer in the
29
- * documentation and/or other materials provided with the distribution.
30
- * 3. All advertising materials mentioning features or use of this software
31
- * must display the following acknowledgement:
32
- * "This product includes cryptographic software written by
33
- * Eric Young (eay@cryptsoft.com)"
34
- * The word 'cryptographic' can be left out if the rouines from the library
35
- * being used are not cryptographic related :-).
36
- * 4. If you include any Windows specific code (or a derivative thereof) from
37
- * the apps directory (application code) you must include an acknowledgement:
38
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
- *
40
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
- * SUCH DAMAGE.
51
- *
52
- * The licence and distribution terms for any publically available version or
53
- * derivative of this code cannot be changed. i.e. this code cannot simply be
54
- * copied and put under another distribution licence
55
- * [including the GNU Public Licence.]
56
- */
57
- /* ====================================================================
58
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59
- *
60
- * Redistribution and use in source and binary forms, with or without
61
- * modification, are permitted provided that the following conditions
62
- * are met:
63
- *
64
- * 1. Redistributions of source code must retain the above copyright
65
- * notice, this list of conditions and the following disclaimer.
66
- *
67
- * 2. Redistributions in binary form must reproduce the above copyright
68
- * notice, this list of conditions and the following disclaimer in
69
- * the documentation and/or other materials provided with the
70
- * distribution.
71
- *
72
- * 3. All advertising materials mentioning features or use of this
73
- * software must display the following acknowledgment:
74
- * "This product includes software developed by the OpenSSL Project
75
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76
- *
77
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78
- * endorse or promote products derived from this software without
79
- * prior written permission. For written permission, please contact
80
- * openssl-core@openssl.org.
81
- *
82
- * 5. Products derived from this software may not be called "OpenSSL"
83
- * nor may "OpenSSL" appear in their names without prior written
84
- * permission of the OpenSSL Project.
85
- *
86
- * 6. Redistributions of any form whatsoever must retain the following
87
- * acknowledgment:
88
- * "This product includes software developed by the OpenSSL Project
89
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90
- *
91
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102
- * OF THE POSSIBILITY OF SUCH DAMAGE.
103
- * ====================================================================
104
- *
105
- * This product includes cryptographic software written by Eric Young
106
- * (eay@cryptsoft.com). This product includes software written by Tim
107
- * Hudson (tjh@cryptsoft.com). */
108
-
109
- #include <openssl/ssl.h>
110
-
111
- #include <assert.h>
112
- #include <limits.h>
113
- #include <stdlib.h>
114
- #include <string.h>
115
-
116
- #include <utility>
117
-
118
- #include <openssl/bytestring.h>
119
- #include <openssl/chacha.h>
120
- #include <openssl/digest.h>
121
- #include <openssl/err.h>
122
- #include <openssl/evp.h>
123
- #include <openssl/hmac.h>
124
- #include <openssl/mem.h>
125
- #include <openssl/nid.h>
126
- #include <openssl/rand.h>
127
-
128
- #include "internal.h"
129
- #include "../crypto/internal.h"
130
-
131
-
132
- BSSL_NAMESPACE_BEGIN
133
-
134
- static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
135
-
136
- static int compare_uint16_t(const void *p1, const void *p2) {
137
- uint16_t u1 = *((const uint16_t *)p1);
138
- uint16_t u2 = *((const uint16_t *)p2);
139
- if (u1 < u2) {
140
- return -1;
141
- } else if (u1 > u2) {
142
- return 1;
143
- } else {
144
- return 0;
145
- }
146
- }
147
-
148
- // Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
149
- // more than one extension of the same type in a ClientHello or ServerHello.
150
- // This function does an initial scan over the extensions block to filter those
151
- // out.
152
- static bool tls1_check_duplicate_extensions(const CBS *cbs) {
153
- // First pass: count the extensions.
154
- size_t num_extensions = 0;
155
- CBS extensions = *cbs;
156
- while (CBS_len(&extensions) > 0) {
157
- uint16_t type;
158
- CBS extension;
159
-
160
- if (!CBS_get_u16(&extensions, &type) ||
161
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
162
- return false;
163
- }
164
-
165
- num_extensions++;
166
- }
167
-
168
- if (num_extensions == 0) {
169
- return true;
170
- }
171
-
172
- Array<uint16_t> extension_types;
173
- if (!extension_types.Init(num_extensions)) {
174
- return false;
175
- }
176
-
177
- // Second pass: gather the extension types.
178
- extensions = *cbs;
179
- for (size_t i = 0; i < extension_types.size(); i++) {
180
- CBS extension;
181
-
182
- if (!CBS_get_u16(&extensions, &extension_types[i]) ||
183
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
184
- // This should not happen.
185
- return false;
186
- }
187
- }
188
- assert(CBS_len(&extensions) == 0);
189
-
190
- // Sort the extensions and make sure there are no duplicates.
191
- qsort(extension_types.data(), extension_types.size(), sizeof(uint16_t),
192
- compare_uint16_t);
193
- for (size_t i = 1; i < num_extensions; i++) {
194
- if (extension_types[i - 1] == extension_types[i]) {
195
- return false;
196
- }
197
- }
198
-
199
- return true;
200
- }
201
-
202
- static bool is_post_quantum_group(uint16_t id) {
203
- return id == SSL_CURVE_CECPQ2;
204
- }
205
-
206
- bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
207
- const SSLMessage &msg) {
208
- OPENSSL_memset(out, 0, sizeof(*out));
209
- out->ssl = const_cast<SSL *>(ssl);
210
- out->client_hello = CBS_data(&msg.body);
211
- out->client_hello_len = CBS_len(&msg.body);
212
-
213
- CBS client_hello, random, session_id;
214
- CBS_init(&client_hello, out->client_hello, out->client_hello_len);
215
- if (!CBS_get_u16(&client_hello, &out->version) ||
216
- !CBS_get_bytes(&client_hello, &random, SSL3_RANDOM_SIZE) ||
217
- !CBS_get_u8_length_prefixed(&client_hello, &session_id) ||
218
- CBS_len(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
219
- return false;
220
- }
221
-
222
- out->random = CBS_data(&random);
223
- out->random_len = CBS_len(&random);
224
- out->session_id = CBS_data(&session_id);
225
- out->session_id_len = CBS_len(&session_id);
226
-
227
- // Skip past DTLS cookie
228
- if (SSL_is_dtls(out->ssl)) {
229
- CBS cookie;
230
- if (!CBS_get_u8_length_prefixed(&client_hello, &cookie) ||
231
- CBS_len(&cookie) > DTLS1_COOKIE_LENGTH) {
232
- return false;
233
- }
234
- }
235
-
236
- CBS cipher_suites, compression_methods;
237
- if (!CBS_get_u16_length_prefixed(&client_hello, &cipher_suites) ||
238
- CBS_len(&cipher_suites) < 2 || (CBS_len(&cipher_suites) & 1) != 0 ||
239
- !CBS_get_u8_length_prefixed(&client_hello, &compression_methods) ||
240
- CBS_len(&compression_methods) < 1) {
241
- return false;
242
- }
243
-
244
- out->cipher_suites = CBS_data(&cipher_suites);
245
- out->cipher_suites_len = CBS_len(&cipher_suites);
246
- out->compression_methods = CBS_data(&compression_methods);
247
- out->compression_methods_len = CBS_len(&compression_methods);
248
-
249
- // If the ClientHello ends here then it's valid, but doesn't have any
250
- // extensions.
251
- if (CBS_len(&client_hello) == 0) {
252
- out->extensions = NULL;
253
- out->extensions_len = 0;
254
- return true;
255
- }
256
-
257
- // Extract extensions and check it is valid.
258
- CBS extensions;
259
- if (!CBS_get_u16_length_prefixed(&client_hello, &extensions) ||
260
- !tls1_check_duplicate_extensions(&extensions) ||
261
- CBS_len(&client_hello) != 0) {
262
- return false;
263
- }
264
-
265
- out->extensions = CBS_data(&extensions);
266
- out->extensions_len = CBS_len(&extensions);
267
-
268
- return true;
269
- }
270
-
271
- bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
272
- CBS *out, uint16_t extension_type) {
273
- CBS extensions;
274
- CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
275
- while (CBS_len(&extensions) != 0) {
276
- // Decode the next extension.
277
- uint16_t type;
278
- CBS extension;
279
- if (!CBS_get_u16(&extensions, &type) ||
280
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
281
- return false;
282
- }
283
-
284
- if (type == extension_type) {
285
- *out = extension;
286
- return true;
287
- }
288
- }
289
-
290
- return false;
291
- }
292
-
293
- static const uint16_t kDefaultGroups[] = {
294
- SSL_CURVE_X25519,
295
- SSL_CURVE_SECP256R1,
296
- SSL_CURVE_SECP384R1,
297
- };
298
-
299
- Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) {
300
- if (!hs->config->supported_group_list.empty()) {
301
- return hs->config->supported_group_list;
302
- }
303
- return Span<const uint16_t>(kDefaultGroups);
304
- }
305
-
306
- bool tls1_get_shared_group(SSL_HANDSHAKE *hs, uint16_t *out_group_id) {
307
- SSL *const ssl = hs->ssl;
308
- assert(ssl->server);
309
-
310
- // Clients are not required to send a supported_groups extension. In this
311
- // case, the server is free to pick any group it likes. See RFC 4492,
312
- // section 4, paragraph 3.
313
- //
314
- // However, in the interests of compatibility, we will skip ECDH if the
315
- // client didn't send an extension because we can't be sure that they'll
316
- // support our favoured group. Thus we do not special-case an emtpy
317
- // |peer_supported_group_list|.
318
-
319
- Span<const uint16_t> groups = tls1_get_grouplist(hs);
320
- Span<const uint16_t> pref, supp;
321
- if (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
322
- pref = groups;
323
- supp = hs->peer_supported_group_list;
324
- } else {
325
- pref = hs->peer_supported_group_list;
326
- supp = groups;
327
- }
328
-
329
- for (uint16_t pref_group : pref) {
330
- for (uint16_t supp_group : supp) {
331
- if (pref_group == supp_group &&
332
- // CECPQ2(b) doesn't fit in the u8-length-prefixed ECPoint field in
333
- // TLS 1.2 and below.
334
- (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
335
- !is_post_quantum_group(pref_group))) {
336
- *out_group_id = pref_group;
337
- return true;
338
- }
339
- }
340
- }
341
-
342
- return false;
343
- }
344
-
345
- bool tls1_set_curves(Array<uint16_t> *out_group_ids, Span<const int> curves) {
346
- Array<uint16_t> group_ids;
347
- if (!group_ids.Init(curves.size())) {
348
- return false;
349
- }
350
-
351
- for (size_t i = 0; i < curves.size(); i++) {
352
- if (!ssl_nid_to_group_id(&group_ids[i], curves[i])) {
353
- return false;
354
- }
355
- }
356
-
357
- *out_group_ids = std::move(group_ids);
358
- return true;
359
- }
360
-
361
- bool tls1_set_curves_list(Array<uint16_t> *out_group_ids, const char *curves) {
362
- // Count the number of curves in the list.
363
- size_t count = 0;
364
- const char *ptr = curves, *col;
365
- do {
366
- col = strchr(ptr, ':');
367
- count++;
368
- if (col) {
369
- ptr = col + 1;
370
- }
371
- } while (col);
372
-
373
- Array<uint16_t> group_ids;
374
- if (!group_ids.Init(count)) {
375
- return false;
376
- }
377
-
378
- size_t i = 0;
379
- ptr = curves;
380
- do {
381
- col = strchr(ptr, ':');
382
- if (!ssl_name_to_group_id(&group_ids[i++], ptr,
383
- col ? (size_t)(col - ptr) : strlen(ptr))) {
384
- return false;
385
- }
386
- if (col) {
387
- ptr = col + 1;
388
- }
389
- } while (col);
390
-
391
- assert(i == count);
392
- *out_group_ids = std::move(group_ids);
393
- return true;
394
- }
395
-
396
- bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
397
- if (is_post_quantum_group(group_id) &&
398
- ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
399
- // CECPQ2(b) requires TLS 1.3.
400
- return false;
401
- }
402
-
403
- for (uint16_t supported : tls1_get_grouplist(hs)) {
404
- if (supported == group_id) {
405
- return true;
406
- }
407
- }
408
-
409
- return false;
410
- }
411
-
412
- // kVerifySignatureAlgorithms is the default list of accepted signature
413
- // algorithms for verifying.
414
- static const uint16_t kVerifySignatureAlgorithms[] = {
415
- // List our preferred algorithms first.
416
- SSL_SIGN_ECDSA_SECP256R1_SHA256,
417
- SSL_SIGN_RSA_PSS_RSAE_SHA256,
418
- SSL_SIGN_RSA_PKCS1_SHA256,
419
-
420
- // Larger hashes are acceptable.
421
- SSL_SIGN_ECDSA_SECP384R1_SHA384,
422
- SSL_SIGN_RSA_PSS_RSAE_SHA384,
423
- SSL_SIGN_RSA_PKCS1_SHA384,
424
-
425
- SSL_SIGN_RSA_PSS_RSAE_SHA512,
426
- SSL_SIGN_RSA_PKCS1_SHA512,
427
-
428
- // For now, SHA-1 is still accepted but least preferable.
429
- SSL_SIGN_RSA_PKCS1_SHA1,
430
- };
431
-
432
- // kSignSignatureAlgorithms is the default list of supported signature
433
- // algorithms for signing.
434
- static const uint16_t kSignSignatureAlgorithms[] = {
435
- // List our preferred algorithms first.
436
- SSL_SIGN_ED25519,
437
- SSL_SIGN_ECDSA_SECP256R1_SHA256,
438
- SSL_SIGN_RSA_PSS_RSAE_SHA256,
439
- SSL_SIGN_RSA_PKCS1_SHA256,
440
-
441
- // If needed, sign larger hashes.
442
- //
443
- // TODO(davidben): Determine which of these may be pruned.
444
- SSL_SIGN_ECDSA_SECP384R1_SHA384,
445
- SSL_SIGN_RSA_PSS_RSAE_SHA384,
446
- SSL_SIGN_RSA_PKCS1_SHA384,
447
-
448
- SSL_SIGN_ECDSA_SECP521R1_SHA512,
449
- SSL_SIGN_RSA_PSS_RSAE_SHA512,
450
- SSL_SIGN_RSA_PKCS1_SHA512,
451
-
452
- // If the peer supports nothing else, sign with SHA-1.
453
- SSL_SIGN_ECDSA_SHA1,
454
- SSL_SIGN_RSA_PKCS1_SHA1,
455
- };
456
-
457
- static Span<const uint16_t> tls12_get_verify_sigalgs(const SSL_HANDSHAKE *hs) {
458
- if (hs->config->verify_sigalgs.empty()) {
459
- return Span<const uint16_t>(kVerifySignatureAlgorithms);
460
- }
461
- return hs->config->verify_sigalgs;
462
- }
463
-
464
- bool tls12_add_verify_sigalgs(const SSL_HANDSHAKE *hs, CBB *out) {
465
- for (uint16_t sigalg : tls12_get_verify_sigalgs(hs)) {
466
- if (!CBB_add_u16(out, sigalg)) {
467
- return false;
468
- }
469
- }
470
- return true;
471
- }
472
-
473
- bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
474
- uint16_t sigalg) {
475
- for (uint16_t verify_sigalg : tls12_get_verify_sigalgs(hs)) {
476
- if (verify_sigalg == sigalg) {
477
- return true;
478
- }
479
- }
480
-
481
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
482
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
483
- return false;
484
- }
485
-
486
- // tls_extension represents a TLS extension that is handled internally. The
487
- // |init| function is called for each handshake, before any other functions of
488
- // the extension. Then the add and parse callbacks are called as needed.
489
- //
490
- // The parse callbacks receive a |CBS| that contains the contents of the
491
- // extension (i.e. not including the type and length bytes). If an extension is
492
- // not received then the parse callbacks will be called with a NULL CBS so that
493
- // they can do any processing needed to handle the absence of an extension.
494
- //
495
- // The add callbacks receive a |CBB| to which the extension can be appended but
496
- // the function is responsible for appending the type and length bytes too.
497
- //
498
- // All callbacks return true for success and false for error. If a parse
499
- // function returns zero then a fatal alert with value |*out_alert| will be
500
- // sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent.
501
- struct tls_extension {
502
- uint16_t value;
503
- void (*init)(SSL_HANDSHAKE *hs);
504
-
505
- bool (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out);
506
- bool (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
507
- CBS *contents);
508
-
509
- bool (*parse_clienthello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
510
- CBS *contents);
511
- bool (*add_serverhello)(SSL_HANDSHAKE *hs, CBB *out);
512
- };
513
-
514
- static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
515
- CBS *contents) {
516
- if (contents != NULL) {
517
- // Servers MUST NOT send this extension.
518
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
519
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
520
- return false;
521
- }
522
-
523
- return true;
524
- }
525
-
526
- static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
527
- CBS *contents) {
528
- // This extension from the client is handled elsewhere.
529
- return true;
530
- }
531
-
532
- static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
533
- return true;
534
- }
535
-
536
- // Server name indication (SNI).
537
- //
538
- // https://tools.ietf.org/html/rfc6066#section-3.
539
-
540
- static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
541
- SSL *const ssl = hs->ssl;
542
- if (ssl->hostname == nullptr) {
543
- return true;
544
- }
545
-
546
- CBB contents, server_name_list, name;
547
- if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
548
- !CBB_add_u16_length_prefixed(out, &contents) ||
549
- !CBB_add_u16_length_prefixed(&contents, &server_name_list) ||
550
- !CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name) ||
551
- !CBB_add_u16_length_prefixed(&server_name_list, &name) ||
552
- !CBB_add_bytes(&name, (const uint8_t *)ssl->hostname.get(),
553
- strlen(ssl->hostname.get())) ||
554
- !CBB_flush(out)) {
555
- return false;
556
- }
557
-
558
- return true;
559
- }
560
-
561
- static bool ext_sni_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
562
- CBS *contents) {
563
- // The server may acknowledge SNI with an empty extension. We check the syntax
564
- // but otherwise ignore this signal.
565
- return contents == NULL || CBS_len(contents) == 0;
566
- }
567
-
568
- static bool ext_sni_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
569
- CBS *contents) {
570
- // SNI has already been parsed earlier in the handshake. See |extract_sni|.
571
- return true;
572
- }
573
-
574
- static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
575
- if (hs->ssl->s3->session_reused ||
576
- !hs->should_ack_sni) {
577
- return true;
578
- }
579
-
580
- if (!CBB_add_u16(out, TLSEXT_TYPE_server_name) ||
581
- !CBB_add_u16(out, 0 /* length */)) {
582
- return false;
583
- }
584
-
585
- return true;
586
- }
587
-
588
-
589
- // Renegotiation indication.
590
- //
591
- // https://tools.ietf.org/html/rfc5746
592
-
593
- static bool ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
594
- SSL *const ssl = hs->ssl;
595
- // Renegotiation indication is not necessary in TLS 1.3.
596
- if (hs->min_version >= TLS1_3_VERSION) {
597
- return true;
598
- }
599
-
600
- assert(ssl->s3->initial_handshake_complete ==
601
- (ssl->s3->previous_client_finished_len != 0));
602
-
603
- CBB contents, prev_finished;
604
- if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
605
- !CBB_add_u16_length_prefixed(out, &contents) ||
606
- !CBB_add_u8_length_prefixed(&contents, &prev_finished) ||
607
- !CBB_add_bytes(&prev_finished, ssl->s3->previous_client_finished,
608
- ssl->s3->previous_client_finished_len) ||
609
- !CBB_flush(out)) {
610
- return false;
611
- }
612
-
613
- return true;
614
- }
615
-
616
- static bool ext_ri_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
617
- CBS *contents) {
618
- SSL *const ssl = hs->ssl;
619
- if (contents != NULL && ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
620
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
621
- return false;
622
- }
623
-
624
- // Servers may not switch between omitting the extension and supporting it.
625
- // See RFC 5746, sections 3.5 and 4.2.
626
- if (ssl->s3->initial_handshake_complete &&
627
- (contents != NULL) != ssl->s3->send_connection_binding) {
628
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
629
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
630
- return false;
631
- }
632
-
633
- if (contents == NULL) {
634
- // Strictly speaking, if we want to avoid an attack we should *always* see
635
- // RI even on initial ServerHello because the client doesn't see any
636
- // renegotiation during an attack. However this would mean we could not
637
- // connect to any server which doesn't support RI.
638
- //
639
- // OpenSSL has |SSL_OP_LEGACY_SERVER_CONNECT| to control this, but in
640
- // practical terms every client sets it so it's just assumed here.
641
- return true;
642
- }
643
-
644
- const size_t expected_len = ssl->s3->previous_client_finished_len +
645
- ssl->s3->previous_server_finished_len;
646
-
647
- // Check for logic errors
648
- assert(!expected_len || ssl->s3->previous_client_finished_len);
649
- assert(!expected_len || ssl->s3->previous_server_finished_len);
650
- assert(ssl->s3->initial_handshake_complete ==
651
- (ssl->s3->previous_client_finished_len != 0));
652
- assert(ssl->s3->initial_handshake_complete ==
653
- (ssl->s3->previous_server_finished_len != 0));
654
-
655
- // Parse out the extension contents.
656
- CBS renegotiated_connection;
657
- if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
658
- CBS_len(contents) != 0) {
659
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
660
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
661
- return false;
662
- }
663
-
664
- // Check that the extension matches.
665
- if (CBS_len(&renegotiated_connection) != expected_len) {
666
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
667
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
668
- return false;
669
- }
670
-
671
- const uint8_t *d = CBS_data(&renegotiated_connection);
672
- bool ok = CRYPTO_memcmp(d, ssl->s3->previous_client_finished,
673
- ssl->s3->previous_client_finished_len) == 0;
674
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
675
- ok = true;
676
- #endif
677
- if (!ok) {
678
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
679
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
680
- return false;
681
- }
682
- d += ssl->s3->previous_client_finished_len;
683
-
684
- ok = CRYPTO_memcmp(d, ssl->s3->previous_server_finished,
685
- ssl->s3->previous_server_finished_len) == 0;
686
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
687
- ok = true;
688
- #endif
689
- if (!ok) {
690
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
691
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
692
- return false;
693
- }
694
- ssl->s3->send_connection_binding = true;
695
-
696
- return true;
697
- }
698
-
699
- static bool ext_ri_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
700
- CBS *contents) {
701
- SSL *const ssl = hs->ssl;
702
- // Renegotiation isn't supported as a server so this function should never be
703
- // called after the initial handshake.
704
- assert(!ssl->s3->initial_handshake_complete);
705
-
706
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
707
- return true;
708
- }
709
-
710
- if (contents == NULL) {
711
- return true;
712
- }
713
-
714
- CBS renegotiated_connection;
715
- if (!CBS_get_u8_length_prefixed(contents, &renegotiated_connection) ||
716
- CBS_len(contents) != 0) {
717
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_ENCODING_ERR);
718
- return false;
719
- }
720
-
721
- // Check that the extension matches. We do not support renegotiation as a
722
- // server, so this must be empty.
723
- if (CBS_len(&renegotiated_connection) != 0) {
724
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_MISMATCH);
725
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
726
- return false;
727
- }
728
-
729
- ssl->s3->send_connection_binding = true;
730
-
731
- return true;
732
- }
733
-
734
- static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
735
- SSL *const ssl = hs->ssl;
736
- // Renegotiation isn't supported as a server so this function should never be
737
- // called after the initial handshake.
738
- assert(!ssl->s3->initial_handshake_complete);
739
-
740
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
741
- return true;
742
- }
743
-
744
- if (!CBB_add_u16(out, TLSEXT_TYPE_renegotiate) ||
745
- !CBB_add_u16(out, 1 /* length */) ||
746
- !CBB_add_u8(out, 0 /* empty renegotiation info */)) {
747
- return false;
748
- }
749
-
750
- return true;
751
- }
752
-
753
-
754
- // Extended Master Secret.
755
- //
756
- // https://tools.ietf.org/html/rfc7627
757
-
758
- static bool ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
759
- // Extended master secret is not necessary in TLS 1.3.
760
- if (hs->min_version >= TLS1_3_VERSION) {
761
- return true;
762
- }
763
-
764
- if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
765
- !CBB_add_u16(out, 0 /* length */)) {
766
- return false;
767
- }
768
-
769
- return true;
770
- }
771
-
772
- static bool ext_ems_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
773
- CBS *contents) {
774
- SSL *const ssl = hs->ssl;
775
-
776
- if (contents != NULL) {
777
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
778
- CBS_len(contents) != 0) {
779
- return false;
780
- }
781
-
782
- hs->extended_master_secret = true;
783
- }
784
-
785
- // Whether EMS is negotiated may not change on renegotiation.
786
- if (ssl->s3->established_session != nullptr &&
787
- hs->extended_master_secret !=
788
- !!ssl->s3->established_session->extended_master_secret) {
789
- OPENSSL_PUT_ERROR(SSL, SSL_R_RENEGOTIATION_EMS_MISMATCH);
790
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
791
- return false;
792
- }
793
-
794
- return true;
795
- }
796
-
797
- static bool ext_ems_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
798
- CBS *contents) {
799
- if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
800
- return true;
801
- }
802
-
803
- if (contents == NULL) {
804
- return true;
805
- }
806
-
807
- if (CBS_len(contents) != 0) {
808
- return false;
809
- }
810
-
811
- hs->extended_master_secret = true;
812
- return true;
813
- }
814
-
815
- static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
816
- if (!hs->extended_master_secret) {
817
- return true;
818
- }
819
-
820
- if (!CBB_add_u16(out, TLSEXT_TYPE_extended_master_secret) ||
821
- !CBB_add_u16(out, 0 /* length */)) {
822
- return false;
823
- }
824
-
825
- return true;
826
- }
827
-
828
-
829
- // Session tickets.
830
- //
831
- // https://tools.ietf.org/html/rfc5077
832
-
833
- static bool ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
834
- SSL *const ssl = hs->ssl;
835
- // TLS 1.3 uses a different ticket extension.
836
- if (hs->min_version >= TLS1_3_VERSION ||
837
- SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
838
- return true;
839
- }
840
-
841
- Span<const uint8_t> ticket;
842
-
843
- // Renegotiation does not participate in session resumption. However, still
844
- // advertise the extension to avoid potentially breaking servers which carry
845
- // over the state from the previous handshake, such as OpenSSL servers
846
- // without upstream's 3c3f0259238594d77264a78944d409f2127642c4.
847
- if (!ssl->s3->initial_handshake_complete &&
848
- ssl->session != nullptr &&
849
- !ssl->session->ticket.empty() &&
850
- // Don't send TLS 1.3 session tickets in the ticket extension.
851
- ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) {
852
- ticket = ssl->session->ticket;
853
- }
854
-
855
- CBB ticket_cbb;
856
- if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
857
- !CBB_add_u16_length_prefixed(out, &ticket_cbb) ||
858
- !CBB_add_bytes(&ticket_cbb, ticket.data(), ticket.size()) ||
859
- !CBB_flush(out)) {
860
- return false;
861
- }
862
-
863
- return true;
864
- }
865
-
866
- static bool ext_ticket_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
867
- CBS *contents) {
868
- SSL *const ssl = hs->ssl;
869
- if (contents == NULL) {
870
- return true;
871
- }
872
-
873
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
874
- return false;
875
- }
876
-
877
- // If |SSL_OP_NO_TICKET| is set then no extension will have been sent and
878
- // this function should never be called, even if the server tries to send the
879
- // extension.
880
- assert((SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0);
881
-
882
- if (CBS_len(contents) != 0) {
883
- return false;
884
- }
885
-
886
- hs->ticket_expected = true;
887
- return true;
888
- }
889
-
890
- static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
891
- if (!hs->ticket_expected) {
892
- return true;
893
- }
894
-
895
- // If |SSL_OP_NO_TICKET| is set, |ticket_expected| should never be true.
896
- assert((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) == 0);
897
-
898
- if (!CBB_add_u16(out, TLSEXT_TYPE_session_ticket) ||
899
- !CBB_add_u16(out, 0 /* length */)) {
900
- return false;
901
- }
902
-
903
- return true;
904
- }
905
-
906
-
907
- // Signature Algorithms.
908
- //
909
- // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
910
-
911
- static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
912
- if (hs->max_version < TLS1_2_VERSION) {
913
- return true;
914
- }
915
-
916
- CBB contents, sigalgs_cbb;
917
- if (!CBB_add_u16(out, TLSEXT_TYPE_signature_algorithms) ||
918
- !CBB_add_u16_length_prefixed(out, &contents) ||
919
- !CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
920
- !tls12_add_verify_sigalgs(hs, &sigalgs_cbb) ||
921
- !CBB_flush(out)) {
922
- return false;
923
- }
924
-
925
- return true;
926
- }
927
-
928
- static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
929
- CBS *contents) {
930
- hs->peer_sigalgs.Reset();
931
- if (contents == NULL) {
932
- return true;
933
- }
934
-
935
- CBS supported_signature_algorithms;
936
- if (!CBS_get_u16_length_prefixed(contents, &supported_signature_algorithms) ||
937
- CBS_len(contents) != 0 ||
938
- !tls1_parse_peer_sigalgs(hs, &supported_signature_algorithms)) {
939
- return false;
940
- }
941
-
942
- return true;
943
- }
944
-
945
-
946
- // OCSP Stapling.
947
- //
948
- // https://tools.ietf.org/html/rfc6066#section-8
949
-
950
- static bool ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
951
- if (!hs->config->ocsp_stapling_enabled) {
952
- return true;
953
- }
954
-
955
- CBB contents;
956
- if (!CBB_add_u16(out, TLSEXT_TYPE_status_request) ||
957
- !CBB_add_u16_length_prefixed(out, &contents) ||
958
- !CBB_add_u8(&contents, TLSEXT_STATUSTYPE_ocsp) ||
959
- !CBB_add_u16(&contents, 0 /* empty responder ID list */) ||
960
- !CBB_add_u16(&contents, 0 /* empty request extensions */) ||
961
- !CBB_flush(out)) {
962
- return false;
963
- }
964
-
965
- return true;
966
- }
967
-
968
- static bool ext_ocsp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
969
- CBS *contents) {
970
- SSL *const ssl = hs->ssl;
971
- if (contents == NULL) {
972
- return true;
973
- }
974
-
975
- // TLS 1.3 OCSP responses are included in the Certificate extensions.
976
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
977
- return false;
978
- }
979
-
980
- // OCSP stapling is forbidden on non-certificate ciphers.
981
- if (CBS_len(contents) != 0 ||
982
- !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
983
- return false;
984
- }
985
-
986
- // Note this does not check for resumption in TLS 1.2. Sending
987
- // status_request here does not make sense, but OpenSSL does so and the
988
- // specification does not say anything. Tolerate it but ignore it.
989
-
990
- hs->certificate_status_expected = true;
991
- return true;
992
- }
993
-
994
- static bool ext_ocsp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
995
- CBS *contents) {
996
- if (contents == NULL) {
997
- return true;
998
- }
999
-
1000
- uint8_t status_type;
1001
- if (!CBS_get_u8(contents, &status_type)) {
1002
- return false;
1003
- }
1004
-
1005
- // We cannot decide whether OCSP stapling will occur yet because the correct
1006
- // SSL_CTX might not have been selected.
1007
- hs->ocsp_stapling_requested = status_type == TLSEXT_STATUSTYPE_ocsp;
1008
-
1009
- return true;
1010
- }
1011
-
1012
- static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1013
- SSL *const ssl = hs->ssl;
1014
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION ||
1015
- !hs->ocsp_stapling_requested || hs->config->cert->ocsp_response == NULL ||
1016
- ssl->s3->session_reused ||
1017
- !ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
1018
- return true;
1019
- }
1020
-
1021
- hs->certificate_status_expected = true;
1022
-
1023
- return CBB_add_u16(out, TLSEXT_TYPE_status_request) &&
1024
- CBB_add_u16(out, 0 /* length */);
1025
- }
1026
-
1027
-
1028
- // Next protocol negotiation.
1029
- //
1030
- // https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html
1031
-
1032
- static bool ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1033
- SSL *const ssl = hs->ssl;
1034
- if (ssl->s3->initial_handshake_complete ||
1035
- ssl->ctx->next_proto_select_cb == NULL ||
1036
- SSL_is_dtls(ssl)) {
1037
- return true;
1038
- }
1039
-
1040
- if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
1041
- !CBB_add_u16(out, 0 /* length */)) {
1042
- return false;
1043
- }
1044
-
1045
- return true;
1046
- }
1047
-
1048
- static bool ext_npn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1049
- CBS *contents) {
1050
- SSL *const ssl = hs->ssl;
1051
- if (contents == NULL) {
1052
- return true;
1053
- }
1054
-
1055
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1056
- return false;
1057
- }
1058
-
1059
- // If any of these are false then we should never have sent the NPN
1060
- // extension in the ClientHello and thus this function should never have been
1061
- // called.
1062
- assert(!ssl->s3->initial_handshake_complete);
1063
- assert(!SSL_is_dtls(ssl));
1064
- assert(ssl->ctx->next_proto_select_cb != NULL);
1065
-
1066
- if (!ssl->s3->alpn_selected.empty()) {
1067
- // NPN and ALPN may not be negotiated in the same connection.
1068
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1069
- OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
1070
- return false;
1071
- }
1072
-
1073
- const uint8_t *const orig_contents = CBS_data(contents);
1074
- const size_t orig_len = CBS_len(contents);
1075
-
1076
- while (CBS_len(contents) != 0) {
1077
- CBS proto;
1078
- if (!CBS_get_u8_length_prefixed(contents, &proto) ||
1079
- CBS_len(&proto) == 0) {
1080
- return false;
1081
- }
1082
- }
1083
-
1084
- uint8_t *selected;
1085
- uint8_t selected_len;
1086
- if (ssl->ctx->next_proto_select_cb(
1087
- ssl, &selected, &selected_len, orig_contents, orig_len,
1088
- ssl->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK ||
1089
- !ssl->s3->next_proto_negotiated.CopyFrom(
1090
- MakeConstSpan(selected, selected_len))) {
1091
- *out_alert = SSL_AD_INTERNAL_ERROR;
1092
- return false;
1093
- }
1094
-
1095
- hs->next_proto_neg_seen = true;
1096
- return true;
1097
- }
1098
-
1099
- static bool ext_npn_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1100
- CBS *contents) {
1101
- SSL *const ssl = hs->ssl;
1102
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1103
- return true;
1104
- }
1105
-
1106
- if (contents != NULL && CBS_len(contents) != 0) {
1107
- return false;
1108
- }
1109
-
1110
- if (contents == NULL ||
1111
- ssl->s3->initial_handshake_complete ||
1112
- ssl->ctx->next_protos_advertised_cb == NULL ||
1113
- SSL_is_dtls(ssl)) {
1114
- return true;
1115
- }
1116
-
1117
- hs->next_proto_neg_seen = true;
1118
- return true;
1119
- }
1120
-
1121
- static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1122
- SSL *const ssl = hs->ssl;
1123
- // |next_proto_neg_seen| might have been cleared when an ALPN extension was
1124
- // parsed.
1125
- if (!hs->next_proto_neg_seen) {
1126
- return true;
1127
- }
1128
-
1129
- const uint8_t *npa;
1130
- unsigned npa_len;
1131
-
1132
- if (ssl->ctx->next_protos_advertised_cb(
1133
- ssl, &npa, &npa_len, ssl->ctx->next_protos_advertised_cb_arg) !=
1134
- SSL_TLSEXT_ERR_OK) {
1135
- hs->next_proto_neg_seen = false;
1136
- return true;
1137
- }
1138
-
1139
- CBB contents;
1140
- if (!CBB_add_u16(out, TLSEXT_TYPE_next_proto_neg) ||
1141
- !CBB_add_u16_length_prefixed(out, &contents) ||
1142
- !CBB_add_bytes(&contents, npa, npa_len) ||
1143
- !CBB_flush(out)) {
1144
- return false;
1145
- }
1146
-
1147
- return true;
1148
- }
1149
-
1150
-
1151
- // Signed certificate timestamps.
1152
- //
1153
- // https://tools.ietf.org/html/rfc6962#section-3.3.1
1154
-
1155
- static bool ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1156
- if (!hs->config->signed_cert_timestamps_enabled) {
1157
- return true;
1158
- }
1159
-
1160
- if (!CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) ||
1161
- !CBB_add_u16(out, 0 /* length */)) {
1162
- return false;
1163
- }
1164
-
1165
- return true;
1166
- }
1167
-
1168
- static bool ext_sct_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1169
- CBS *contents) {
1170
- SSL *const ssl = hs->ssl;
1171
- if (contents == NULL) {
1172
- return true;
1173
- }
1174
-
1175
- // TLS 1.3 SCTs are included in the Certificate extensions.
1176
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1177
- *out_alert = SSL_AD_DECODE_ERROR;
1178
- return false;
1179
- }
1180
-
1181
- // If this is false then we should never have sent the SCT extension in the
1182
- // ClientHello and thus this function should never have been called.
1183
- assert(hs->config->signed_cert_timestamps_enabled);
1184
-
1185
- if (!ssl_is_sct_list_valid(contents)) {
1186
- *out_alert = SSL_AD_DECODE_ERROR;
1187
- return false;
1188
- }
1189
-
1190
- // Session resumption uses the original session information. The extension
1191
- // should not be sent on resumption, but RFC 6962 did not make it a
1192
- // requirement, so tolerate this.
1193
- //
1194
- // TODO(davidben): Enforce this anyway.
1195
- if (!ssl->s3->session_reused) {
1196
- hs->new_session->signed_cert_timestamp_list.reset(
1197
- CRYPTO_BUFFER_new_from_CBS(contents, ssl->ctx->pool));
1198
- if (hs->new_session->signed_cert_timestamp_list == nullptr) {
1199
- *out_alert = SSL_AD_INTERNAL_ERROR;
1200
- return false;
1201
- }
1202
- }
1203
-
1204
- return true;
1205
- }
1206
-
1207
- static bool ext_sct_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1208
- CBS *contents) {
1209
- if (contents == NULL) {
1210
- return true;
1211
- }
1212
-
1213
- if (CBS_len(contents) != 0) {
1214
- return false;
1215
- }
1216
-
1217
- hs->scts_requested = true;
1218
- return true;
1219
- }
1220
-
1221
- static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1222
- SSL *const ssl = hs->ssl;
1223
- // The extension shouldn't be sent when resuming sessions.
1224
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION || ssl->s3->session_reused ||
1225
- hs->config->cert->signed_cert_timestamp_list == NULL) {
1226
- return true;
1227
- }
1228
-
1229
- CBB contents;
1230
- return CBB_add_u16(out, TLSEXT_TYPE_certificate_timestamp) &&
1231
- CBB_add_u16_length_prefixed(out, &contents) &&
1232
- CBB_add_bytes(
1233
- &contents,
1234
- CRYPTO_BUFFER_data(
1235
- hs->config->cert->signed_cert_timestamp_list.get()),
1236
- CRYPTO_BUFFER_len(
1237
- hs->config->cert->signed_cert_timestamp_list.get())) &&
1238
- CBB_flush(out);
1239
- }
1240
-
1241
-
1242
- // Application-level Protocol Negotiation.
1243
- //
1244
- // https://tools.ietf.org/html/rfc7301
1245
-
1246
- static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1247
- SSL *const ssl = hs->ssl;
1248
- if (hs->config->alpn_client_proto_list.empty() ||
1249
- ssl->s3->initial_handshake_complete) {
1250
- return true;
1251
- }
1252
-
1253
- CBB contents, proto_list;
1254
- if (!CBB_add_u16(out, TLSEXT_TYPE_application_layer_protocol_negotiation) ||
1255
- !CBB_add_u16_length_prefixed(out, &contents) ||
1256
- !CBB_add_u16_length_prefixed(&contents, &proto_list) ||
1257
- !CBB_add_bytes(&proto_list, hs->config->alpn_client_proto_list.data(),
1258
- hs->config->alpn_client_proto_list.size()) ||
1259
- !CBB_flush(out)) {
1260
- return false;
1261
- }
1262
-
1263
- return true;
1264
- }
1265
-
1266
- static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1267
- CBS *contents) {
1268
- SSL *const ssl = hs->ssl;
1269
- if (contents == NULL) {
1270
- return true;
1271
- }
1272
-
1273
- assert(!ssl->s3->initial_handshake_complete);
1274
- assert(!hs->config->alpn_client_proto_list.empty());
1275
-
1276
- if (hs->next_proto_neg_seen) {
1277
- // NPN and ALPN may not be negotiated in the same connection.
1278
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1279
- OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_BOTH_NPN_AND_ALPN);
1280
- return false;
1281
- }
1282
-
1283
- // The extension data consists of a ProtocolNameList which must have
1284
- // exactly one ProtocolName. Each of these is length-prefixed.
1285
- CBS protocol_name_list, protocol_name;
1286
- if (!CBS_get_u16_length_prefixed(contents, &protocol_name_list) ||
1287
- CBS_len(contents) != 0 ||
1288
- !CBS_get_u8_length_prefixed(&protocol_name_list, &protocol_name) ||
1289
- // Empty protocol names are forbidden.
1290
- CBS_len(&protocol_name) == 0 ||
1291
- CBS_len(&protocol_name_list) != 0) {
1292
- return false;
1293
- }
1294
-
1295
- if (!ssl_is_alpn_protocol_allowed(hs, protocol_name)) {
1296
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1297
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1298
- return false;
1299
- }
1300
-
1301
- if (!ssl->s3->alpn_selected.CopyFrom(protocol_name)) {
1302
- *out_alert = SSL_AD_INTERNAL_ERROR;
1303
- return false;
1304
- }
1305
-
1306
- return true;
1307
- }
1308
-
1309
- bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs,
1310
- Span<const uint8_t> protocol) {
1311
- if (hs->config->alpn_client_proto_list.empty()) {
1312
- return false;
1313
- }
1314
-
1315
- if (hs->ssl->ctx->allow_unknown_alpn_protos) {
1316
- return true;
1317
- }
1318
-
1319
- // Check that the protocol name is one of the ones we advertised.
1320
- CBS client_protocol_name_list =
1321
- MakeConstSpan(hs->config->alpn_client_proto_list),
1322
- client_protocol_name;
1323
- while (CBS_len(&client_protocol_name_list) > 0) {
1324
- if (!CBS_get_u8_length_prefixed(&client_protocol_name_list,
1325
- &client_protocol_name)) {
1326
- return false;
1327
- }
1328
-
1329
- if (client_protocol_name == protocol) {
1330
- return true;
1331
- }
1332
- }
1333
-
1334
- return false;
1335
- }
1336
-
1337
- bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1338
- const SSL_CLIENT_HELLO *client_hello) {
1339
- SSL *const ssl = hs->ssl;
1340
- CBS contents;
1341
- if (ssl->ctx->alpn_select_cb == NULL ||
1342
- !ssl_client_hello_get_extension(
1343
- client_hello, &contents,
1344
- TLSEXT_TYPE_application_layer_protocol_negotiation)) {
1345
- // Ignore ALPN if not configured or no extension was supplied.
1346
- return true;
1347
- }
1348
-
1349
- // ALPN takes precedence over NPN.
1350
- hs->next_proto_neg_seen = false;
1351
-
1352
- CBS protocol_name_list;
1353
- if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
1354
- CBS_len(&contents) != 0 ||
1355
- CBS_len(&protocol_name_list) < 2) {
1356
- OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
1357
- *out_alert = SSL_AD_DECODE_ERROR;
1358
- return false;
1359
- }
1360
-
1361
- // Validate the protocol list.
1362
- CBS protocol_name_list_copy = protocol_name_list;
1363
- while (CBS_len(&protocol_name_list_copy) > 0) {
1364
- CBS protocol_name;
1365
-
1366
- if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
1367
- // Empty protocol names are forbidden.
1368
- CBS_len(&protocol_name) == 0) {
1369
- OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
1370
- *out_alert = SSL_AD_DECODE_ERROR;
1371
- return false;
1372
- }
1373
- }
1374
-
1375
- const uint8_t *selected;
1376
- uint8_t selected_len;
1377
- if (ssl->ctx->alpn_select_cb(
1378
- ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
1379
- CBS_len(&protocol_name_list),
1380
- ssl->ctx->alpn_select_cb_arg) == SSL_TLSEXT_ERR_OK) {
1381
- if (selected_len == 0) {
1382
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1383
- *out_alert = SSL_AD_INTERNAL_ERROR;
1384
- return false;
1385
- }
1386
- if (!ssl->s3->alpn_selected.CopyFrom(
1387
- MakeConstSpan(selected, selected_len))) {
1388
- *out_alert = SSL_AD_INTERNAL_ERROR;
1389
- return false;
1390
- }
1391
- }
1392
-
1393
- return true;
1394
- }
1395
-
1396
- static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1397
- SSL *const ssl = hs->ssl;
1398
- if (ssl->s3->alpn_selected.empty()) {
1399
- return true;
1400
- }
1401
-
1402
- CBB contents, proto_list, proto;
1403
- if (!CBB_add_u16(out, TLSEXT_TYPE_application_layer_protocol_negotiation) ||
1404
- !CBB_add_u16_length_prefixed(out, &contents) ||
1405
- !CBB_add_u16_length_prefixed(&contents, &proto_list) ||
1406
- !CBB_add_u8_length_prefixed(&proto_list, &proto) ||
1407
- !CBB_add_bytes(&proto, ssl->s3->alpn_selected.data(),
1408
- ssl->s3->alpn_selected.size()) ||
1409
- !CBB_flush(out)) {
1410
- return false;
1411
- }
1412
-
1413
- return true;
1414
- }
1415
-
1416
-
1417
- // Channel ID.
1418
- //
1419
- // https://tools.ietf.org/html/draft-balfanz-tls-channelid-01
1420
-
1421
- static void ext_channel_id_init(SSL_HANDSHAKE *hs) {
1422
- hs->ssl->s3->channel_id_valid = false;
1423
- }
1424
-
1425
- static bool ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1426
- SSL *const ssl = hs->ssl;
1427
- if (!hs->config->channel_id_enabled || SSL_is_dtls(ssl)) {
1428
- return true;
1429
- }
1430
-
1431
- if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
1432
- !CBB_add_u16(out, 0 /* length */)) {
1433
- return false;
1434
- }
1435
-
1436
- return true;
1437
- }
1438
-
1439
- static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
1440
- uint8_t *out_alert,
1441
- CBS *contents) {
1442
- SSL *const ssl = hs->ssl;
1443
- if (contents == NULL) {
1444
- return true;
1445
- }
1446
-
1447
- assert(!SSL_is_dtls(ssl));
1448
- assert(hs->config->channel_id_enabled);
1449
-
1450
- if (CBS_len(contents) != 0) {
1451
- return false;
1452
- }
1453
-
1454
- ssl->s3->channel_id_valid = true;
1455
- return true;
1456
- }
1457
-
1458
- static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
1459
- uint8_t *out_alert,
1460
- CBS *contents) {
1461
- SSL *const ssl = hs->ssl;
1462
- if (contents == NULL || !hs->config->channel_id_enabled || SSL_is_dtls(ssl)) {
1463
- return true;
1464
- }
1465
-
1466
- if (CBS_len(contents) != 0) {
1467
- return false;
1468
- }
1469
-
1470
- ssl->s3->channel_id_valid = true;
1471
- return true;
1472
- }
1473
-
1474
- static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1475
- SSL *const ssl = hs->ssl;
1476
- if (!ssl->s3->channel_id_valid) {
1477
- return true;
1478
- }
1479
-
1480
- if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
1481
- !CBB_add_u16(out, 0 /* length */)) {
1482
- return false;
1483
- }
1484
-
1485
- return true;
1486
- }
1487
-
1488
-
1489
- // Secure Real-time Transport Protocol (SRTP) extension.
1490
- //
1491
- // https://tools.ietf.org/html/rfc5764
1492
-
1493
-
1494
- static void ext_srtp_init(SSL_HANDSHAKE *hs) {
1495
- hs->ssl->s3->srtp_profile = NULL;
1496
- }
1497
-
1498
- static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1499
- SSL *const ssl = hs->ssl;
1500
- STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
1501
- if (profiles == NULL ||
1502
- sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0) {
1503
- return true;
1504
- }
1505
-
1506
- CBB contents, profile_ids;
1507
- if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
1508
- !CBB_add_u16_length_prefixed(out, &contents) ||
1509
- !CBB_add_u16_length_prefixed(&contents, &profile_ids)) {
1510
- return false;
1511
- }
1512
-
1513
- for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
1514
- if (!CBB_add_u16(&profile_ids, profile->id)) {
1515
- return false;
1516
- }
1517
- }
1518
-
1519
- if (!CBB_add_u8(&contents, 0 /* empty use_mki value */) ||
1520
- !CBB_flush(out)) {
1521
- return false;
1522
- }
1523
-
1524
- return true;
1525
- }
1526
-
1527
- static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1528
- CBS *contents) {
1529
- SSL *const ssl = hs->ssl;
1530
- if (contents == NULL) {
1531
- return true;
1532
- }
1533
-
1534
- // The extension consists of a u16-prefixed profile ID list containing a
1535
- // single uint16_t profile ID, then followed by a u8-prefixed srtp_mki field.
1536
- //
1537
- // See https://tools.ietf.org/html/rfc5764#section-4.1.1
1538
- CBS profile_ids, srtp_mki;
1539
- uint16_t profile_id;
1540
- if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
1541
- !CBS_get_u16(&profile_ids, &profile_id) ||
1542
- CBS_len(&profile_ids) != 0 ||
1543
- !CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
1544
- CBS_len(contents) != 0) {
1545
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1546
- return false;
1547
- }
1548
-
1549
- if (CBS_len(&srtp_mki) != 0) {
1550
- // Must be no MKI, since we never offer one.
1551
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_MKI_VALUE);
1552
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1553
- return false;
1554
- }
1555
-
1556
- STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
1557
-
1558
- // Check to see if the server gave us something we support (and presumably
1559
- // offered).
1560
- for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
1561
- if (profile->id == profile_id) {
1562
- ssl->s3->srtp_profile = profile;
1563
- return true;
1564
- }
1565
- }
1566
-
1567
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1568
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1569
- return false;
1570
- }
1571
-
1572
- static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1573
- CBS *contents) {
1574
- SSL *const ssl = hs->ssl;
1575
- if (contents == NULL) {
1576
- return true;
1577
- }
1578
-
1579
- CBS profile_ids, srtp_mki;
1580
- if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
1581
- CBS_len(&profile_ids) < 2 ||
1582
- !CBS_get_u8_length_prefixed(contents, &srtp_mki) ||
1583
- CBS_len(contents) != 0) {
1584
- OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
1585
- return false;
1586
- }
1587
- // Discard the MKI value for now.
1588
-
1589
- const STACK_OF(SRTP_PROTECTION_PROFILE) *server_profiles =
1590
- SSL_get_srtp_profiles(ssl);
1591
-
1592
- // Pick the server's most preferred profile.
1593
- for (const SRTP_PROTECTION_PROFILE *server_profile : server_profiles) {
1594
- CBS profile_ids_tmp;
1595
- CBS_init(&profile_ids_tmp, CBS_data(&profile_ids), CBS_len(&profile_ids));
1596
-
1597
- while (CBS_len(&profile_ids_tmp) > 0) {
1598
- uint16_t profile_id;
1599
- if (!CBS_get_u16(&profile_ids_tmp, &profile_id)) {
1600
- return false;
1601
- }
1602
-
1603
- if (server_profile->id == profile_id) {
1604
- ssl->s3->srtp_profile = server_profile;
1605
- return true;
1606
- }
1607
- }
1608
- }
1609
-
1610
- return true;
1611
- }
1612
-
1613
- static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1614
- SSL *const ssl = hs->ssl;
1615
- if (ssl->s3->srtp_profile == NULL) {
1616
- return true;
1617
- }
1618
-
1619
- CBB contents, profile_ids;
1620
- if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
1621
- !CBB_add_u16_length_prefixed(out, &contents) ||
1622
- !CBB_add_u16_length_prefixed(&contents, &profile_ids) ||
1623
- !CBB_add_u16(&profile_ids, ssl->s3->srtp_profile->id) ||
1624
- !CBB_add_u8(&contents, 0 /* empty MKI */) ||
1625
- !CBB_flush(out)) {
1626
- return false;
1627
- }
1628
-
1629
- return true;
1630
- }
1631
-
1632
-
1633
- // EC point formats.
1634
- //
1635
- // https://tools.ietf.org/html/rfc4492#section-5.1.2
1636
-
1637
- static bool ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
1638
- CBB contents, formats;
1639
- if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
1640
- !CBB_add_u16_length_prefixed(out, &contents) ||
1641
- !CBB_add_u8_length_prefixed(&contents, &formats) ||
1642
- !CBB_add_u8(&formats, TLSEXT_ECPOINTFORMAT_uncompressed) ||
1643
- !CBB_flush(out)) {
1644
- return false;
1645
- }
1646
-
1647
- return true;
1648
- }
1649
-
1650
- static bool ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1651
- // The point format extension is unnecessary in TLS 1.3.
1652
- if (hs->min_version >= TLS1_3_VERSION) {
1653
- return true;
1654
- }
1655
-
1656
- return ext_ec_point_add_extension(hs, out);
1657
- }
1658
-
1659
- static bool ext_ec_point_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1660
- CBS *contents) {
1661
- if (contents == NULL) {
1662
- return true;
1663
- }
1664
-
1665
- if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
1666
- return false;
1667
- }
1668
-
1669
- CBS ec_point_format_list;
1670
- if (!CBS_get_u8_length_prefixed(contents, &ec_point_format_list) ||
1671
- CBS_len(contents) != 0) {
1672
- return false;
1673
- }
1674
-
1675
- // Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
1676
- // point format.
1677
- if (OPENSSL_memchr(CBS_data(&ec_point_format_list),
1678
- TLSEXT_ECPOINTFORMAT_uncompressed,
1679
- CBS_len(&ec_point_format_list)) == NULL) {
1680
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1681
- return false;
1682
- }
1683
-
1684
- return true;
1685
- }
1686
-
1687
- static bool ext_ec_point_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1688
- CBS *contents) {
1689
- if (ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
1690
- return true;
1691
- }
1692
-
1693
- return ext_ec_point_parse_serverhello(hs, out_alert, contents);
1694
- }
1695
-
1696
- static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1697
- SSL *const ssl = hs->ssl;
1698
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
1699
- return true;
1700
- }
1701
-
1702
- const uint32_t alg_k = hs->new_cipher->algorithm_mkey;
1703
- const uint32_t alg_a = hs->new_cipher->algorithm_auth;
1704
- const bool using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
1705
-
1706
- if (!using_ecc) {
1707
- return true;
1708
- }
1709
-
1710
- return ext_ec_point_add_extension(hs, out);
1711
- }
1712
-
1713
-
1714
- // Pre Shared Key
1715
- //
1716
- // https://tools.ietf.org/html/rfc8446#section-4.2.11
1717
-
1718
- static size_t ext_pre_shared_key_clienthello_length(SSL_HANDSHAKE *hs) {
1719
- SSL *const ssl = hs->ssl;
1720
- if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr ||
1721
- ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) {
1722
- return 0;
1723
- }
1724
-
1725
- size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session.get()));
1726
- return 15 + ssl->session->ticket.size() + binder_len;
1727
- }
1728
-
1729
- static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1730
- SSL *const ssl = hs->ssl;
1731
- hs->needs_psk_binder = false;
1732
- if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr ||
1733
- ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION) {
1734
- return true;
1735
- }
1736
-
1737
- // Per RFC 8446 section 4.1.4, skip offering the session if the selected
1738
- // cipher in HelloRetryRequest does not match. This avoids performing the
1739
- // transcript hash transformation for multiple hashes.
1740
- if (ssl->s3 && ssl->s3->used_hello_retry_request &&
1741
- ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
1742
- return true;
1743
- }
1744
-
1745
- struct OPENSSL_timeval now;
1746
- ssl_get_current_time(ssl, &now);
1747
- uint32_t ticket_age = 1000 * (now.tv_sec - ssl->session->time);
1748
- uint32_t obfuscated_ticket_age = ticket_age + ssl->session->ticket_age_add;
1749
-
1750
- // Fill in a placeholder zero binder of the appropriate length. It will be
1751
- // computed and filled in later after length prefixes are computed.
1752
- uint8_t zero_binder[EVP_MAX_MD_SIZE] = {0};
1753
- size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session.get()));
1754
-
1755
- CBB contents, identity, ticket, binders, binder;
1756
- if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
1757
- !CBB_add_u16_length_prefixed(out, &contents) ||
1758
- !CBB_add_u16_length_prefixed(&contents, &identity) ||
1759
- !CBB_add_u16_length_prefixed(&identity, &ticket) ||
1760
- !CBB_add_bytes(&ticket, ssl->session->ticket.data(),
1761
- ssl->session->ticket.size()) ||
1762
- !CBB_add_u32(&identity, obfuscated_ticket_age) ||
1763
- !CBB_add_u16_length_prefixed(&contents, &binders) ||
1764
- !CBB_add_u8_length_prefixed(&binders, &binder) ||
1765
- !CBB_add_bytes(&binder, zero_binder, binder_len)) {
1766
- return false;
1767
- }
1768
-
1769
- hs->needs_psk_binder = true;
1770
- return CBB_flush(out);
1771
- }
1772
-
1773
- bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
1774
- uint8_t *out_alert,
1775
- CBS *contents) {
1776
- uint16_t psk_id;
1777
- if (!CBS_get_u16(contents, &psk_id) ||
1778
- CBS_len(contents) != 0) {
1779
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1780
- *out_alert = SSL_AD_DECODE_ERROR;
1781
- return false;
1782
- }
1783
-
1784
- // We only advertise one PSK identity, so the only legal index is zero.
1785
- if (psk_id != 0) {
1786
- OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_NOT_FOUND);
1787
- *out_alert = SSL_AD_UNKNOWN_PSK_IDENTITY;
1788
- return false;
1789
- }
1790
-
1791
- return true;
1792
- }
1793
-
1794
- bool ssl_ext_pre_shared_key_parse_clienthello(
1795
- SSL_HANDSHAKE *hs, CBS *out_ticket, CBS *out_binders,
1796
- uint32_t *out_obfuscated_ticket_age, uint8_t *out_alert,
1797
- const SSL_CLIENT_HELLO *client_hello, CBS *contents) {
1798
- // Verify that the pre_shared_key extension is the last extension in
1799
- // ClientHello.
1800
- if (CBS_data(contents) + CBS_len(contents) !=
1801
- client_hello->extensions + client_hello->extensions_len) {
1802
- OPENSSL_PUT_ERROR(SSL, SSL_R_PRE_SHARED_KEY_MUST_BE_LAST);
1803
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1804
- return false;
1805
- }
1806
-
1807
- // We only process the first PSK identity since we don't support pure PSK.
1808
- CBS identities, binders;
1809
- if (!CBS_get_u16_length_prefixed(contents, &identities) ||
1810
- !CBS_get_u16_length_prefixed(&identities, out_ticket) ||
1811
- !CBS_get_u32(&identities, out_obfuscated_ticket_age) ||
1812
- !CBS_get_u16_length_prefixed(contents, &binders) ||
1813
- CBS_len(&binders) == 0 ||
1814
- CBS_len(contents) != 0) {
1815
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1816
- *out_alert = SSL_AD_DECODE_ERROR;
1817
- return false;
1818
- }
1819
-
1820
- *out_binders = binders;
1821
-
1822
- // Check the syntax of the remaining identities, but do not process them.
1823
- size_t num_identities = 1;
1824
- while (CBS_len(&identities) != 0) {
1825
- CBS unused_ticket;
1826
- uint32_t unused_obfuscated_ticket_age;
1827
- if (!CBS_get_u16_length_prefixed(&identities, &unused_ticket) ||
1828
- !CBS_get_u32(&identities, &unused_obfuscated_ticket_age)) {
1829
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1830
- *out_alert = SSL_AD_DECODE_ERROR;
1831
- return false;
1832
- }
1833
-
1834
- num_identities++;
1835
- }
1836
-
1837
- // Check the syntax of the binders. The value will be checked later if
1838
- // resuming.
1839
- size_t num_binders = 0;
1840
- while (CBS_len(&binders) != 0) {
1841
- CBS binder;
1842
- if (!CBS_get_u8_length_prefixed(&binders, &binder)) {
1843
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1844
- *out_alert = SSL_AD_DECODE_ERROR;
1845
- return false;
1846
- }
1847
-
1848
- num_binders++;
1849
- }
1850
-
1851
- if (num_identities != num_binders) {
1852
- OPENSSL_PUT_ERROR(SSL, SSL_R_PSK_IDENTITY_BINDER_COUNT_MISMATCH);
1853
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
1854
- return false;
1855
- }
1856
-
1857
- return true;
1858
- }
1859
-
1860
- bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
1861
- if (!hs->ssl->s3->session_reused) {
1862
- return true;
1863
- }
1864
-
1865
- CBB contents;
1866
- if (!CBB_add_u16(out, TLSEXT_TYPE_pre_shared_key) ||
1867
- !CBB_add_u16_length_prefixed(out, &contents) ||
1868
- // We only consider the first identity for resumption
1869
- !CBB_add_u16(&contents, 0) ||
1870
- !CBB_flush(out)) {
1871
- return false;
1872
- }
1873
-
1874
- return true;
1875
- }
1876
-
1877
-
1878
- // Pre-Shared Key Exchange Modes
1879
- //
1880
- // https://tools.ietf.org/html/rfc8446#section-4.2.9
1881
-
1882
- static bool ext_psk_key_exchange_modes_add_clienthello(SSL_HANDSHAKE *hs,
1883
- CBB *out) {
1884
- if (hs->max_version < TLS1_3_VERSION) {
1885
- return true;
1886
- }
1887
-
1888
- CBB contents, ke_modes;
1889
- if (!CBB_add_u16(out, TLSEXT_TYPE_psk_key_exchange_modes) ||
1890
- !CBB_add_u16_length_prefixed(out, &contents) ||
1891
- !CBB_add_u8_length_prefixed(&contents, &ke_modes) ||
1892
- !CBB_add_u8(&ke_modes, SSL_PSK_DHE_KE)) {
1893
- return false;
1894
- }
1895
-
1896
- return CBB_flush(out);
1897
- }
1898
-
1899
- static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
1900
- uint8_t *out_alert,
1901
- CBS *contents) {
1902
- if (contents == NULL) {
1903
- return true;
1904
- }
1905
-
1906
- CBS ke_modes;
1907
- if (!CBS_get_u8_length_prefixed(contents, &ke_modes) ||
1908
- CBS_len(&ke_modes) == 0 ||
1909
- CBS_len(contents) != 0) {
1910
- *out_alert = SSL_AD_DECODE_ERROR;
1911
- return false;
1912
- }
1913
-
1914
- // We only support tickets with PSK_DHE_KE.
1915
- hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
1916
- CBS_len(&ke_modes)) != NULL;
1917
-
1918
- return true;
1919
- }
1920
-
1921
-
1922
- // Early Data Indication
1923
- //
1924
- // https://tools.ietf.org/html/rfc8446#section-4.2.10
1925
-
1926
- static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1927
- SSL *const ssl = hs->ssl;
1928
- // The second ClientHello never offers early data, and we must have already
1929
- // filled in |early_data_reason| by this point.
1930
- if (ssl->s3->used_hello_retry_request) {
1931
- assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
1932
- return true;
1933
- }
1934
-
1935
- if (!ssl->enable_early_data) {
1936
- ssl->s3->early_data_reason = ssl_early_data_disabled;
1937
- return true;
1938
- }
1939
-
1940
- if (hs->max_version < TLS1_3_VERSION) {
1941
- // We discard inapplicable sessions, so this is redundant with the session
1942
- // checks below, but we check give a more useful reason.
1943
- ssl->s3->early_data_reason = ssl_early_data_protocol_version;
1944
- return true;
1945
- }
1946
-
1947
- if (ssl->session == nullptr) {
1948
- ssl->s3->early_data_reason = ssl_early_data_no_session_offered;
1949
- return true;
1950
- }
1951
-
1952
- if (ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION ||
1953
- ssl->session->ticket_max_early_data == 0) {
1954
- ssl->s3->early_data_reason = ssl_early_data_unsupported_for_session;
1955
- return true;
1956
- }
1957
-
1958
- // In case ALPN preferences changed since this session was established, avoid
1959
- // reporting a confusing value in |SSL_get0_alpn_selected| and sending early
1960
- // data we know will be rejected.
1961
- if (!ssl->session->early_alpn.empty() &&
1962
- !ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
1963
- ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
1964
- return true;
1965
- }
1966
-
1967
- // |early_data_reason| will be filled in later when the server responds.
1968
- hs->early_data_offered = true;
1969
-
1970
- if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
1971
- !CBB_add_u16(out, 0) ||
1972
- !CBB_flush(out)) {
1973
- return false;
1974
- }
1975
-
1976
- return true;
1977
- }
1978
-
1979
- static bool ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
1980
- uint8_t *out_alert,
1981
- CBS *contents) {
1982
- SSL *const ssl = hs->ssl;
1983
- if (contents == NULL) {
1984
- if (hs->early_data_offered && !ssl->s3->used_hello_retry_request) {
1985
- ssl->s3->early_data_reason = ssl->s3->session_reused
1986
- ? ssl_early_data_peer_declined
1987
- : ssl_early_data_session_not_resumed;
1988
- } else {
1989
- // We already filled in |early_data_reason| when declining to offer 0-RTT
1990
- // or handling the implicit HelloRetryRequest reject.
1991
- assert(ssl->s3->early_data_reason != ssl_early_data_unknown);
1992
- }
1993
- return true;
1994
- }
1995
-
1996
- // If we received an HRR, the second ClientHello never offers early data, so
1997
- // the extensions logic will automatically reject early data extensions as
1998
- // unsolicited. This covered by the ServerAcceptsEarlyDataOnHRR test.
1999
- assert(!ssl->s3->used_hello_retry_request);
2000
-
2001
- if (CBS_len(contents) != 0) {
2002
- *out_alert = SSL_AD_DECODE_ERROR;
2003
- return false;
2004
- }
2005
-
2006
- if (!ssl->s3->session_reused) {
2007
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2008
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
2009
- return false;
2010
- }
2011
-
2012
- ssl->s3->early_data_reason = ssl_early_data_accepted;
2013
- ssl->s3->early_data_accepted = true;
2014
- return true;
2015
- }
2016
-
2017
- static bool ext_early_data_parse_clienthello(SSL_HANDSHAKE *hs,
2018
- uint8_t *out_alert, CBS *contents) {
2019
- SSL *const ssl = hs->ssl;
2020
- if (contents == NULL ||
2021
- ssl_protocol_version(ssl) < TLS1_3_VERSION) {
2022
- return true;
2023
- }
2024
-
2025
- if (CBS_len(contents) != 0) {
2026
- *out_alert = SSL_AD_DECODE_ERROR;
2027
- return false;
2028
- }
2029
-
2030
- hs->early_data_offered = true;
2031
- return true;
2032
- }
2033
-
2034
- static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2035
- if (!hs->ssl->s3->early_data_accepted) {
2036
- return true;
2037
- }
2038
-
2039
- if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
2040
- !CBB_add_u16(out, 0) ||
2041
- !CBB_flush(out)) {
2042
- return false;
2043
- }
2044
-
2045
- return true;
2046
- }
2047
-
2048
-
2049
- // Key Share
2050
- //
2051
- // https://tools.ietf.org/html/rfc8446#section-4.2.8
2052
-
2053
- static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2054
- SSL *const ssl = hs->ssl;
2055
- if (hs->max_version < TLS1_3_VERSION) {
2056
- return true;
2057
- }
2058
-
2059
- CBB contents, kse_bytes;
2060
- if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
2061
- !CBB_add_u16_length_prefixed(out, &contents) ||
2062
- !CBB_add_u16_length_prefixed(&contents, &kse_bytes)) {
2063
- return false;
2064
- }
2065
-
2066
- uint16_t group_id = hs->retry_group;
2067
- uint16_t second_group_id = 0;
2068
- if (ssl->s3 && ssl->s3->used_hello_retry_request) {
2069
- // We received a HelloRetryRequest without a new curve, so there is no new
2070
- // share to append. Leave |hs->key_share| as-is.
2071
- if (group_id == 0 &&
2072
- !CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(),
2073
- hs->key_share_bytes.size())) {
2074
- return false;
2075
- }
2076
- hs->key_share_bytes.Reset();
2077
- if (group_id == 0) {
2078
- return CBB_flush(out);
2079
- }
2080
- } else {
2081
- // Add a fake group. See draft-davidben-tls-grease-01.
2082
- if (ssl->ctx->grease_enabled &&
2083
- (!CBB_add_u16(&kse_bytes,
2084
- ssl_get_grease_value(hs, ssl_grease_group)) ||
2085
- !CBB_add_u16(&kse_bytes, 1 /* length */) ||
2086
- !CBB_add_u8(&kse_bytes, 0 /* one byte key share */))) {
2087
- return false;
2088
- }
2089
-
2090
- // Predict the most preferred group.
2091
- Span<const uint16_t> groups = tls1_get_grouplist(hs);
2092
- if (groups.empty()) {
2093
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_GROUPS_SPECIFIED);
2094
- return false;
2095
- }
2096
-
2097
- group_id = groups[0];
2098
-
2099
- if (is_post_quantum_group(group_id) && groups.size() >= 2) {
2100
- // CECPQ2(b) is not sent as the only initial key share. We'll include the
2101
- // 2nd preference group too to avoid round-trips.
2102
- second_group_id = groups[1];
2103
- assert(second_group_id != group_id);
2104
- }
2105
- }
2106
-
2107
- CBB key_exchange;
2108
- hs->key_shares[0] = SSLKeyShare::Create(group_id);
2109
- if (!hs->key_shares[0] ||
2110
- !CBB_add_u16(&kse_bytes, group_id) ||
2111
- !CBB_add_u16_length_prefixed(&kse_bytes, &key_exchange) ||
2112
- !hs->key_shares[0]->Offer(&key_exchange) ||
2113
- !CBB_flush(&kse_bytes)) {
2114
- return false;
2115
- }
2116
-
2117
- if (second_group_id != 0) {
2118
- hs->key_shares[1] = SSLKeyShare::Create(second_group_id);
2119
- if (!hs->key_shares[1] ||
2120
- !CBB_add_u16(&kse_bytes, second_group_id) ||
2121
- !CBB_add_u16_length_prefixed(&kse_bytes, &key_exchange) ||
2122
- !hs->key_shares[1]->Offer(&key_exchange) ||
2123
- !CBB_flush(&kse_bytes)) {
2124
- return false;
2125
- }
2126
- }
2127
-
2128
- // Save the contents of the extension to repeat it in the second
2129
- // ClientHello.
2130
- if (ssl->s3 && !ssl->s3->used_hello_retry_request &&
2131
- !hs->key_share_bytes.CopyFrom(
2132
- MakeConstSpan(CBB_data(&kse_bytes), CBB_len(&kse_bytes)))) {
2133
- return false;
2134
- }
2135
-
2136
- return CBB_flush(out);
2137
- }
2138
-
2139
- bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
2140
- Array<uint8_t> *out_secret,
2141
- uint8_t *out_alert, CBS *contents) {
2142
- CBS peer_key;
2143
- uint16_t group_id;
2144
- if (!CBS_get_u16(contents, &group_id) ||
2145
- !CBS_get_u16_length_prefixed(contents, &peer_key) ||
2146
- CBS_len(contents) != 0) {
2147
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2148
- *out_alert = SSL_AD_DECODE_ERROR;
2149
- return false;
2150
- }
2151
-
2152
- SSLKeyShare *key_share = hs->key_shares[0].get();
2153
- if (key_share->GroupID() != group_id) {
2154
- if (!hs->key_shares[1] || hs->key_shares[1]->GroupID() != group_id) {
2155
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2156
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
2157
- return false;
2158
- }
2159
- key_share = hs->key_shares[1].get();
2160
- }
2161
-
2162
- if (!key_share->Finish(out_secret, out_alert, peer_key)) {
2163
- *out_alert = SSL_AD_INTERNAL_ERROR;
2164
- return false;
2165
- }
2166
-
2167
- hs->new_session->group_id = group_id;
2168
- hs->key_shares[0].reset();
2169
- hs->key_shares[1].reset();
2170
- return true;
2171
- }
2172
-
2173
- bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
2174
- Array<uint8_t> *out_secret,
2175
- uint8_t *out_alert, CBS *contents) {
2176
- uint16_t group_id;
2177
- CBS key_shares;
2178
- if (!tls1_get_shared_group(hs, &group_id)) {
2179
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
2180
- *out_alert = SSL_AD_HANDSHAKE_FAILURE;
2181
- return false;
2182
- }
2183
-
2184
- if (!CBS_get_u16_length_prefixed(contents, &key_shares) ||
2185
- CBS_len(contents) != 0) {
2186
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2187
- return false;
2188
- }
2189
-
2190
- // Find the corresponding key share.
2191
- CBS peer_key;
2192
- CBS_init(&peer_key, NULL, 0);
2193
- while (CBS_len(&key_shares) > 0) {
2194
- uint16_t id;
2195
- CBS peer_key_tmp;
2196
- if (!CBS_get_u16(&key_shares, &id) ||
2197
- !CBS_get_u16_length_prefixed(&key_shares, &peer_key_tmp) ||
2198
- CBS_len(&peer_key_tmp) == 0) {
2199
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2200
- return false;
2201
- }
2202
-
2203
- if (id == group_id) {
2204
- if (CBS_len(&peer_key) != 0) {
2205
- OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_KEY_SHARE);
2206
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2207
- return false;
2208
- }
2209
-
2210
- peer_key = peer_key_tmp;
2211
- // Continue parsing the structure to keep peers honest.
2212
- }
2213
- }
2214
-
2215
- if (CBS_len(&peer_key) == 0) {
2216
- *out_found = false;
2217
- out_secret->Reset();
2218
- return true;
2219
- }
2220
-
2221
- // Compute the DH secret.
2222
- Array<uint8_t> secret;
2223
- ScopedCBB public_key;
2224
- UniquePtr<SSLKeyShare> key_share = SSLKeyShare::Create(group_id);
2225
- if (!key_share ||
2226
- !CBB_init(public_key.get(), 32) ||
2227
- !key_share->Accept(public_key.get(), &secret, out_alert, peer_key) ||
2228
- !CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
2229
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2230
- return false;
2231
- }
2232
-
2233
- *out_secret = std::move(secret);
2234
- *out_found = true;
2235
- return true;
2236
- }
2237
-
2238
- bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2239
- uint16_t group_id;
2240
- CBB kse_bytes, public_key;
2241
- if (!tls1_get_shared_group(hs, &group_id) ||
2242
- !CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
2243
- !CBB_add_u16_length_prefixed(out, &kse_bytes) ||
2244
- !CBB_add_u16(&kse_bytes, group_id) ||
2245
- !CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
2246
- !CBB_add_bytes(&public_key, hs->ecdh_public_key.data(),
2247
- hs->ecdh_public_key.size()) ||
2248
- !CBB_flush(out)) {
2249
- return false;
2250
- }
2251
-
2252
- hs->ecdh_public_key.Reset();
2253
-
2254
- hs->new_session->group_id = group_id;
2255
- return true;
2256
- }
2257
-
2258
-
2259
- // Supported Versions
2260
- //
2261
- // https://tools.ietf.org/html/rfc8446#section-4.2.1
2262
-
2263
- static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2264
- SSL *const ssl = hs->ssl;
2265
- if (hs->max_version <= TLS1_2_VERSION) {
2266
- return true;
2267
- }
2268
-
2269
- CBB contents, versions;
2270
- if (!CBB_add_u16(out, TLSEXT_TYPE_supported_versions) ||
2271
- !CBB_add_u16_length_prefixed(out, &contents) ||
2272
- !CBB_add_u8_length_prefixed(&contents, &versions)) {
2273
- return false;
2274
- }
2275
-
2276
- // Add a fake version. See draft-davidben-tls-grease-01.
2277
- if (ssl->ctx->grease_enabled &&
2278
- !CBB_add_u16(&versions, ssl_get_grease_value(hs, ssl_grease_version))) {
2279
- return false;
2280
- }
2281
-
2282
- if (!ssl_add_supported_versions(hs, &versions) ||
2283
- !CBB_flush(out)) {
2284
- return false;
2285
- }
2286
-
2287
- return true;
2288
- }
2289
-
2290
-
2291
- // Cookie
2292
- //
2293
- // https://tools.ietf.org/html/rfc8446#section-4.2.2
2294
-
2295
- static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2296
- if (hs->cookie.empty()) {
2297
- return true;
2298
- }
2299
-
2300
- CBB contents, cookie;
2301
- if (!CBB_add_u16(out, TLSEXT_TYPE_cookie) ||
2302
- !CBB_add_u16_length_prefixed(out, &contents) ||
2303
- !CBB_add_u16_length_prefixed(&contents, &cookie) ||
2304
- !CBB_add_bytes(&cookie, hs->cookie.data(), hs->cookie.size()) ||
2305
- !CBB_flush(out)) {
2306
- return false;
2307
- }
2308
-
2309
- // The cookie is no longer needed in memory.
2310
- hs->cookie.Reset();
2311
- return true;
2312
- }
2313
-
2314
-
2315
- // Supported Groups
2316
- //
2317
- // https://tools.ietf.org/html/rfc4492#section-5.1.1
2318
- // https://tools.ietf.org/html/rfc8446#section-4.2.7
2319
-
2320
- static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2321
- SSL *const ssl = hs->ssl;
2322
- CBB contents, groups_bytes;
2323
- if (!CBB_add_u16(out, TLSEXT_TYPE_supported_groups) ||
2324
- !CBB_add_u16_length_prefixed(out, &contents) ||
2325
- !CBB_add_u16_length_prefixed(&contents, &groups_bytes)) {
2326
- return false;
2327
- }
2328
-
2329
- // Add a fake group. See draft-davidben-tls-grease-01.
2330
- if (ssl->ctx->grease_enabled &&
2331
- !CBB_add_u16(&groups_bytes,
2332
- ssl_get_grease_value(hs, ssl_grease_group))) {
2333
- return false;
2334
- }
2335
-
2336
- for (uint16_t group : tls1_get_grouplist(hs)) {
2337
- if (is_post_quantum_group(group) &&
2338
- hs->max_version < TLS1_3_VERSION) {
2339
- continue;
2340
- }
2341
- if (!CBB_add_u16(&groups_bytes, group)) {
2342
- return false;
2343
- }
2344
- }
2345
-
2346
- return CBB_flush(out);
2347
- }
2348
-
2349
- static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
2350
- uint8_t *out_alert,
2351
- CBS *contents) {
2352
- // This extension is not expected to be echoed by servers in TLS 1.2, but some
2353
- // BigIP servers send it nonetheless, so do not enforce this.
2354
- return true;
2355
- }
2356
-
2357
- static bool parse_u16_array(const CBS *cbs, Array<uint16_t> *out) {
2358
- CBS copy = *cbs;
2359
- if ((CBS_len(&copy) & 1) != 0) {
2360
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
2361
- return false;
2362
- }
2363
-
2364
- Array<uint16_t> ret;
2365
- if (!ret.Init(CBS_len(&copy) / 2)) {
2366
- return false;
2367
- }
2368
- for (size_t i = 0; i < ret.size(); i++) {
2369
- if (!CBS_get_u16(&copy, &ret[i])) {
2370
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2371
- return false;
2372
- }
2373
- }
2374
-
2375
- assert(CBS_len(&copy) == 0);
2376
- *out = std::move(ret);
2377
- return 1;
2378
- }
2379
-
2380
- static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
2381
- uint8_t *out_alert,
2382
- CBS *contents) {
2383
- if (contents == NULL) {
2384
- return true;
2385
- }
2386
-
2387
- CBS supported_group_list;
2388
- if (!CBS_get_u16_length_prefixed(contents, &supported_group_list) ||
2389
- CBS_len(&supported_group_list) == 0 ||
2390
- CBS_len(contents) != 0 ||
2391
- !parse_u16_array(&supported_group_list, &hs->peer_supported_group_list)) {
2392
- return false;
2393
- }
2394
-
2395
- return true;
2396
- }
2397
-
2398
- // Token Binding
2399
- //
2400
- // https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-10
2401
-
2402
- // The Token Binding version number currently matches the draft number of
2403
- // draft-ietf-tokbind-protocol, and when published as an RFC it will be 0x0100.
2404
- // Since there are no wire changes to the protocol from draft 13 through the
2405
- // current draft (16), this implementation supports all versions in that range.
2406
- static uint16_t kTokenBindingMaxVersion = 16;
2407
- static uint16_t kTokenBindingMinVersion = 13;
2408
-
2409
- static bool ext_token_binding_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2410
- SSL *const ssl = hs->ssl;
2411
- if (hs->config->token_binding_params.empty() || SSL_is_dtls(ssl)) {
2412
- return true;
2413
- }
2414
-
2415
- CBB contents, params;
2416
- if (!CBB_add_u16(out, TLSEXT_TYPE_token_binding) ||
2417
- !CBB_add_u16_length_prefixed(out, &contents) ||
2418
- !CBB_add_u16(&contents, kTokenBindingMaxVersion) ||
2419
- !CBB_add_u8_length_prefixed(&contents, &params) ||
2420
- !CBB_add_bytes(&params, hs->config->token_binding_params.data(),
2421
- hs->config->token_binding_params.size()) ||
2422
- !CBB_flush(out)) {
2423
- return false;
2424
- }
2425
-
2426
- return true;
2427
- }
2428
-
2429
- static bool ext_token_binding_parse_serverhello(SSL_HANDSHAKE *hs,
2430
- uint8_t *out_alert,
2431
- CBS *contents) {
2432
- SSL *const ssl = hs->ssl;
2433
- if (contents == nullptr) {
2434
- return true;
2435
- }
2436
-
2437
- CBS params_list;
2438
- uint16_t version;
2439
- uint8_t param;
2440
- if (!CBS_get_u16(contents, &version) ||
2441
- !CBS_get_u8_length_prefixed(contents, &params_list) ||
2442
- !CBS_get_u8(&params_list, &param) ||
2443
- CBS_len(&params_list) > 0 ||
2444
- CBS_len(contents) > 0) {
2445
- *out_alert = SSL_AD_DECODE_ERROR;
2446
- return false;
2447
- }
2448
-
2449
- // The server-negotiated version must be less than or equal to our version.
2450
- if (version > kTokenBindingMaxVersion) {
2451
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2452
- return false;
2453
- }
2454
-
2455
- // If the server-selected version is less than what we support, then Token
2456
- // Binding wasn't negotiated (but the extension was parsed successfully).
2457
- if (version < kTokenBindingMinVersion) {
2458
- return true;
2459
- }
2460
-
2461
- for (uint8_t config_param : hs->config->token_binding_params) {
2462
- if (param == config_param) {
2463
- ssl->s3->negotiated_token_binding_param = param;
2464
- ssl->s3->token_binding_negotiated = true;
2465
- return true;
2466
- }
2467
- }
2468
-
2469
- *out_alert = SSL_AD_ILLEGAL_PARAMETER;
2470
- return false;
2471
- }
2472
-
2473
- // select_tb_param looks for the first token binding param in
2474
- // |hs->ssl->token_binding_params| that is also in |params| and puts it in
2475
- // |hs->ssl->negotiated_token_binding_param|. It returns true if a token binding
2476
- // param is found, and false otherwise.
2477
- static bool select_tb_param(SSL_HANDSHAKE *hs,
2478
- Span<const uint8_t> peer_params) {
2479
- for (uint8_t tb_param : hs->config->token_binding_params) {
2480
- for (uint8_t peer_param : peer_params) {
2481
- if (tb_param == peer_param) {
2482
- hs->ssl->s3->negotiated_token_binding_param = tb_param;
2483
- return true;
2484
- }
2485
- }
2486
- }
2487
- return false;
2488
- }
2489
-
2490
- static bool ext_token_binding_parse_clienthello(SSL_HANDSHAKE *hs,
2491
- uint8_t *out_alert,
2492
- CBS *contents) {
2493
- SSL *const ssl = hs->ssl;
2494
- if (contents == nullptr || hs->config->token_binding_params.empty()) {
2495
- return true;
2496
- }
2497
-
2498
- CBS params;
2499
- uint16_t version;
2500
- if (!CBS_get_u16(contents, &version) ||
2501
- !CBS_get_u8_length_prefixed(contents, &params) ||
2502
- CBS_len(&params) == 0 ||
2503
- CBS_len(contents) > 0) {
2504
- *out_alert = SSL_AD_DECODE_ERROR;
2505
- return false;
2506
- }
2507
-
2508
- // If the client-selected version is less than what we support, then Token
2509
- // Binding wasn't negotiated (but the extension was parsed successfully).
2510
- if (version < kTokenBindingMinVersion) {
2511
- return true;
2512
- }
2513
-
2514
- // If the client-selected version is higher than we support, use our max
2515
- // version. Otherwise, use the client's version.
2516
- hs->negotiated_token_binding_version =
2517
- std::min(version, kTokenBindingMaxVersion);
2518
- if (!select_tb_param(hs, params)) {
2519
- return true;
2520
- }
2521
-
2522
- ssl->s3->token_binding_negotiated = true;
2523
- return true;
2524
- }
2525
-
2526
- static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2527
- SSL *const ssl = hs->ssl;
2528
-
2529
- if (!ssl->s3->token_binding_negotiated) {
2530
- return true;
2531
- }
2532
-
2533
- CBB contents, params;
2534
- if (!CBB_add_u16(out, TLSEXT_TYPE_token_binding) ||
2535
- !CBB_add_u16_length_prefixed(out, &contents) ||
2536
- !CBB_add_u16(&contents, hs->negotiated_token_binding_version) ||
2537
- !CBB_add_u8_length_prefixed(&contents, &params) ||
2538
- !CBB_add_u8(&params, ssl->s3->negotiated_token_binding_param) ||
2539
- !CBB_flush(out)) {
2540
- return false;
2541
- }
2542
-
2543
- return true;
2544
- }
2545
-
2546
- // QUIC Transport Parameters
2547
-
2548
- static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2549
- CBB *out) {
2550
- if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
2551
- return true;
2552
- }
2553
- if (hs->config->quic_transport_params.empty() || !hs->ssl->quic_method) {
2554
- // QUIC Transport Parameters must be sent over QUIC, and they must not be
2555
- // sent over non-QUIC transports. If transport params are set, then
2556
- // SSL(_CTX)_set_quic_method must also be called.
2557
- OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2558
- return false;
2559
- }
2560
- assert(hs->min_version > TLS1_2_VERSION);
2561
-
2562
- CBB contents;
2563
- if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
2564
- !CBB_add_u16_length_prefixed(out, &contents) ||
2565
- !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2566
- hs->config->quic_transport_params.size()) ||
2567
- !CBB_flush(out)) {
2568
- return false;
2569
- }
2570
- return true;
2571
- }
2572
-
2573
- static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
2574
- uint8_t *out_alert,
2575
- CBS *contents) {
2576
- SSL *const ssl = hs->ssl;
2577
- if (contents == nullptr) {
2578
- if (!ssl->quic_method) {
2579
- return true;
2580
- }
2581
- assert(ssl->quic_method);
2582
- *out_alert = SSL_AD_MISSING_EXTENSION;
2583
- return false;
2584
- }
2585
- if (!ssl->quic_method) {
2586
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2587
- return false;
2588
- }
2589
- // QUIC requires TLS 1.3.
2590
- assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2591
-
2592
- return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2593
- }
2594
-
2595
- static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
2596
- uint8_t *out_alert,
2597
- CBS *contents) {
2598
- SSL *const ssl = hs->ssl;
2599
- if (!contents) {
2600
- if (!ssl->quic_method) {
2601
- if (hs->config->quic_transport_params.empty()) {
2602
- return true;
2603
- }
2604
- // QUIC transport parameters must not be set if |ssl| is not configured
2605
- // for QUIC.
2606
- OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2607
- *out_alert = SSL_AD_INTERNAL_ERROR;
2608
- }
2609
- *out_alert = SSL_AD_MISSING_EXTENSION;
2610
- return false;
2611
- }
2612
- if (!ssl->quic_method) {
2613
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2614
- return false;
2615
- }
2616
- assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2617
- return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2618
- }
2619
-
2620
- static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2621
- CBB *out) {
2622
- assert(hs->ssl->quic_method != nullptr);
2623
- if (hs->config->quic_transport_params.empty()) {
2624
- // Transport parameters must be set when using QUIC.
2625
- OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2626
- return false;
2627
- }
2628
-
2629
- CBB contents;
2630
- if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
2631
- !CBB_add_u16_length_prefixed(out, &contents) ||
2632
- !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2633
- hs->config->quic_transport_params.size()) ||
2634
- !CBB_flush(out)) {
2635
- return false;
2636
- }
2637
-
2638
- return true;
2639
- }
2640
-
2641
- // Delegated credentials.
2642
- //
2643
- // https://tools.ietf.org/html/draft-ietf-tls-subcerts
2644
-
2645
- static bool ext_delegated_credential_add_clienthello(SSL_HANDSHAKE *hs,
2646
- CBB *out) {
2647
- return true;
2648
- }
2649
-
2650
- static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs,
2651
- uint8_t *out_alert,
2652
- CBS *contents) {
2653
- assert(TLSEXT_TYPE_delegated_credential == 0xff02);
2654
- // TODO: Check that the extension is empty.
2655
- //
2656
- // As of draft-03, the client sends an empty extension in order indicate
2657
- // support for delegated credentials. This could change, however, since the
2658
- // spec is not yet finalized. This assertion is here to remind us to enforce
2659
- // this check once the extension ID is assigned.
2660
-
2661
- if (contents == nullptr || ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
2662
- // Don't use delegated credentials unless we're negotiating TLS 1.3 or
2663
- // higher.
2664
- return true;
2665
- }
2666
-
2667
- hs->delegated_credential_requested = true;
2668
- return true;
2669
- }
2670
-
2671
- // Certificate compression
2672
-
2673
- static bool cert_compression_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
2674
- bool first = true;
2675
- CBB contents, algs;
2676
-
2677
- for (const auto &alg : hs->ssl->ctx->cert_compression_algs) {
2678
- if (alg.decompress == nullptr) {
2679
- continue;
2680
- }
2681
-
2682
- if (first && (!CBB_add_u16(out, TLSEXT_TYPE_cert_compression) ||
2683
- !CBB_add_u16_length_prefixed(out, &contents) ||
2684
- !CBB_add_u8_length_prefixed(&contents, &algs))) {
2685
- return false;
2686
- }
2687
- first = false;
2688
- if (!CBB_add_u16(&algs, alg.alg_id)) {
2689
- return false;
2690
- }
2691
- }
2692
-
2693
- return first || CBB_flush(out);
2694
- }
2695
-
2696
- static bool cert_compression_parse_serverhello(SSL_HANDSHAKE *hs,
2697
- uint8_t *out_alert,
2698
- CBS *contents) {
2699
- if (contents == nullptr) {
2700
- return true;
2701
- }
2702
-
2703
- // The server may not echo this extension. Any server to client negotiation is
2704
- // advertised in the CertificateRequest message.
2705
- return false;
2706
- }
2707
-
2708
- static bool cert_compression_parse_clienthello(SSL_HANDSHAKE *hs,
2709
- uint8_t *out_alert,
2710
- CBS *contents) {
2711
- if (contents == nullptr) {
2712
- return true;
2713
- }
2714
-
2715
- const SSL_CTX *ctx = hs->ssl->ctx.get();
2716
- const size_t num_algs = ctx->cert_compression_algs.size();
2717
-
2718
- CBS alg_ids;
2719
- if (!CBS_get_u8_length_prefixed(contents, &alg_ids) ||
2720
- CBS_len(contents) != 0 ||
2721
- CBS_len(&alg_ids) == 0 ||
2722
- CBS_len(&alg_ids) % 2 == 1) {
2723
- return false;
2724
- }
2725
-
2726
- const size_t num_given_alg_ids = CBS_len(&alg_ids) / 2;
2727
- Array<uint16_t> given_alg_ids;
2728
- if (!given_alg_ids.Init(num_given_alg_ids)) {
2729
- return false;
2730
- }
2731
-
2732
- size_t best_index = num_algs;
2733
- size_t given_alg_idx = 0;
2734
-
2735
- while (CBS_len(&alg_ids) > 0) {
2736
- uint16_t alg_id;
2737
- if (!CBS_get_u16(&alg_ids, &alg_id)) {
2738
- return false;
2739
- }
2740
-
2741
- given_alg_ids[given_alg_idx++] = alg_id;
2742
-
2743
- for (size_t i = 0; i < num_algs; i++) {
2744
- const auto &alg = ctx->cert_compression_algs[i];
2745
- if (alg.alg_id == alg_id && alg.compress != nullptr) {
2746
- if (i < best_index) {
2747
- best_index = i;
2748
- }
2749
- break;
2750
- }
2751
- }
2752
- }
2753
-
2754
- qsort(given_alg_ids.data(), given_alg_ids.size(), sizeof(uint16_t),
2755
- compare_uint16_t);
2756
- for (size_t i = 1; i < num_given_alg_ids; i++) {
2757
- if (given_alg_ids[i - 1] == given_alg_ids[i]) {
2758
- return false;
2759
- }
2760
- }
2761
-
2762
- if (best_index < num_algs &&
2763
- ssl_protocol_version(hs->ssl) >= TLS1_3_VERSION) {
2764
- hs->cert_compression_negotiated = true;
2765
- hs->cert_compression_alg_id = ctx->cert_compression_algs[best_index].alg_id;
2766
- }
2767
-
2768
- return true;
2769
- }
2770
-
2771
- static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2772
- return true;
2773
- }
2774
-
2775
-
2776
- // kExtensions contains all the supported extensions.
2777
- static const struct tls_extension kExtensions[] = {
2778
- {
2779
- TLSEXT_TYPE_server_name,
2780
- NULL,
2781
- ext_sni_add_clienthello,
2782
- ext_sni_parse_serverhello,
2783
- ext_sni_parse_clienthello,
2784
- ext_sni_add_serverhello,
2785
- },
2786
- {
2787
- TLSEXT_TYPE_extended_master_secret,
2788
- NULL,
2789
- ext_ems_add_clienthello,
2790
- ext_ems_parse_serverhello,
2791
- ext_ems_parse_clienthello,
2792
- ext_ems_add_serverhello,
2793
- },
2794
- {
2795
- TLSEXT_TYPE_renegotiate,
2796
- NULL,
2797
- ext_ri_add_clienthello,
2798
- ext_ri_parse_serverhello,
2799
- ext_ri_parse_clienthello,
2800
- ext_ri_add_serverhello,
2801
- },
2802
- {
2803
- TLSEXT_TYPE_supported_groups,
2804
- NULL,
2805
- ext_supported_groups_add_clienthello,
2806
- ext_supported_groups_parse_serverhello,
2807
- ext_supported_groups_parse_clienthello,
2808
- dont_add_serverhello,
2809
- },
2810
- {
2811
- TLSEXT_TYPE_ec_point_formats,
2812
- NULL,
2813
- ext_ec_point_add_clienthello,
2814
- ext_ec_point_parse_serverhello,
2815
- ext_ec_point_parse_clienthello,
2816
- ext_ec_point_add_serverhello,
2817
- },
2818
- {
2819
- TLSEXT_TYPE_session_ticket,
2820
- NULL,
2821
- ext_ticket_add_clienthello,
2822
- ext_ticket_parse_serverhello,
2823
- // Ticket extension client parsing is handled in ssl_session.c
2824
- ignore_parse_clienthello,
2825
- ext_ticket_add_serverhello,
2826
- },
2827
- {
2828
- TLSEXT_TYPE_application_layer_protocol_negotiation,
2829
- NULL,
2830
- ext_alpn_add_clienthello,
2831
- ext_alpn_parse_serverhello,
2832
- // ALPN is negotiated late in |ssl_negotiate_alpn|.
2833
- ignore_parse_clienthello,
2834
- ext_alpn_add_serverhello,
2835
- },
2836
- {
2837
- TLSEXT_TYPE_status_request,
2838
- NULL,
2839
- ext_ocsp_add_clienthello,
2840
- ext_ocsp_parse_serverhello,
2841
- ext_ocsp_parse_clienthello,
2842
- ext_ocsp_add_serverhello,
2843
- },
2844
- {
2845
- TLSEXT_TYPE_signature_algorithms,
2846
- NULL,
2847
- ext_sigalgs_add_clienthello,
2848
- forbid_parse_serverhello,
2849
- ext_sigalgs_parse_clienthello,
2850
- dont_add_serverhello,
2851
- },
2852
- {
2853
- TLSEXT_TYPE_next_proto_neg,
2854
- NULL,
2855
- ext_npn_add_clienthello,
2856
- ext_npn_parse_serverhello,
2857
- ext_npn_parse_clienthello,
2858
- ext_npn_add_serverhello,
2859
- },
2860
- {
2861
- TLSEXT_TYPE_certificate_timestamp,
2862
- NULL,
2863
- ext_sct_add_clienthello,
2864
- ext_sct_parse_serverhello,
2865
- ext_sct_parse_clienthello,
2866
- ext_sct_add_serverhello,
2867
- },
2868
- {
2869
- TLSEXT_TYPE_channel_id,
2870
- ext_channel_id_init,
2871
- ext_channel_id_add_clienthello,
2872
- ext_channel_id_parse_serverhello,
2873
- ext_channel_id_parse_clienthello,
2874
- ext_channel_id_add_serverhello,
2875
- },
2876
- {
2877
- TLSEXT_TYPE_srtp,
2878
- ext_srtp_init,
2879
- ext_srtp_add_clienthello,
2880
- ext_srtp_parse_serverhello,
2881
- ext_srtp_parse_clienthello,
2882
- ext_srtp_add_serverhello,
2883
- },
2884
- {
2885
- TLSEXT_TYPE_key_share,
2886
- NULL,
2887
- ext_key_share_add_clienthello,
2888
- forbid_parse_serverhello,
2889
- ignore_parse_clienthello,
2890
- dont_add_serverhello,
2891
- },
2892
- {
2893
- TLSEXT_TYPE_psk_key_exchange_modes,
2894
- NULL,
2895
- ext_psk_key_exchange_modes_add_clienthello,
2896
- forbid_parse_serverhello,
2897
- ext_psk_key_exchange_modes_parse_clienthello,
2898
- dont_add_serverhello,
2899
- },
2900
- {
2901
- TLSEXT_TYPE_early_data,
2902
- NULL,
2903
- ext_early_data_add_clienthello,
2904
- ext_early_data_parse_serverhello,
2905
- ext_early_data_parse_clienthello,
2906
- ext_early_data_add_serverhello,
2907
- },
2908
- {
2909
- TLSEXT_TYPE_supported_versions,
2910
- NULL,
2911
- ext_supported_versions_add_clienthello,
2912
- forbid_parse_serverhello,
2913
- ignore_parse_clienthello,
2914
- dont_add_serverhello,
2915
- },
2916
- {
2917
- TLSEXT_TYPE_cookie,
2918
- NULL,
2919
- ext_cookie_add_clienthello,
2920
- forbid_parse_serverhello,
2921
- ignore_parse_clienthello,
2922
- dont_add_serverhello,
2923
- },
2924
- {
2925
- TLSEXT_TYPE_quic_transport_parameters,
2926
- NULL,
2927
- ext_quic_transport_params_add_clienthello,
2928
- ext_quic_transport_params_parse_serverhello,
2929
- ext_quic_transport_params_parse_clienthello,
2930
- ext_quic_transport_params_add_serverhello,
2931
- },
2932
- {
2933
- TLSEXT_TYPE_token_binding,
2934
- NULL,
2935
- ext_token_binding_add_clienthello,
2936
- ext_token_binding_parse_serverhello,
2937
- ext_token_binding_parse_clienthello,
2938
- ext_token_binding_add_serverhello,
2939
- },
2940
- {
2941
- TLSEXT_TYPE_cert_compression,
2942
- NULL,
2943
- cert_compression_add_clienthello,
2944
- cert_compression_parse_serverhello,
2945
- cert_compression_parse_clienthello,
2946
- cert_compression_add_serverhello,
2947
- },
2948
- {
2949
- TLSEXT_TYPE_delegated_credential,
2950
- NULL,
2951
- ext_delegated_credential_add_clienthello,
2952
- forbid_parse_serverhello,
2953
- ext_delegated_credential_parse_clienthello,
2954
- dont_add_serverhello,
2955
- },
2956
- };
2957
-
2958
- #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
2959
-
2960
- static_assert(kNumExtensions <=
2961
- sizeof(((SSL_HANDSHAKE *)NULL)->extensions.sent) * 8,
2962
- "too many extensions for sent bitset");
2963
- static_assert(kNumExtensions <=
2964
- sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8,
2965
- "too many extensions for received bitset");
2966
-
2967
- static const struct tls_extension *tls_extension_find(uint32_t *out_index,
2968
- uint16_t value) {
2969
- unsigned i;
2970
- for (i = 0; i < kNumExtensions; i++) {
2971
- if (kExtensions[i].value == value) {
2972
- *out_index = i;
2973
- return &kExtensions[i];
2974
- }
2975
- }
2976
-
2977
- return NULL;
2978
- }
2979
-
2980
- bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
2981
- size_t header_len) {
2982
- SSL *const ssl = hs->ssl;
2983
- CBB extensions;
2984
- if (!CBB_add_u16_length_prefixed(out, &extensions)) {
2985
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
2986
- return false;
2987
- }
2988
-
2989
- // Note we may send multiple ClientHellos for DTLS HelloVerifyRequest and TLS
2990
- // 1.3 HelloRetryRequest. For the latter, the extensions may change, so it is
2991
- // important to reset this value.
2992
- hs->extensions.sent = 0;
2993
-
2994
- for (size_t i = 0; i < kNumExtensions; i++) {
2995
- if (kExtensions[i].init != NULL) {
2996
- kExtensions[i].init(hs);
2997
- }
2998
- }
2999
-
3000
- uint16_t grease_ext1 = 0;
3001
- if (ssl->ctx->grease_enabled) {
3002
- // Add a fake empty extension. See draft-davidben-tls-grease-01.
3003
- grease_ext1 = ssl_get_grease_value(hs, ssl_grease_extension1);
3004
- if (!CBB_add_u16(&extensions, grease_ext1) ||
3005
- !CBB_add_u16(&extensions, 0 /* zero length */)) {
3006
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3007
- return false;
3008
- }
3009
- }
3010
-
3011
- bool last_was_empty = false;
3012
- for (size_t i = 0; i < kNumExtensions; i++) {
3013
- const size_t len_before = CBB_len(&extensions);
3014
- if (!kExtensions[i].add_clienthello(hs, &extensions)) {
3015
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
3016
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3017
- return false;
3018
- }
3019
-
3020
- const size_t bytes_written = CBB_len(&extensions) - len_before;
3021
- if (bytes_written != 0) {
3022
- hs->extensions.sent |= (1u << i);
3023
- }
3024
- // If the difference in lengths is only four bytes then the extension had
3025
- // an empty body.
3026
- last_was_empty = (bytes_written == 4);
3027
- }
3028
-
3029
- if (ssl->ctx->grease_enabled) {
3030
- // Add a fake non-empty extension. See draft-davidben-tls-grease-01.
3031
- uint16_t grease_ext2 = ssl_get_grease_value(hs, ssl_grease_extension2);
3032
-
3033
- // The two fake extensions must not have the same value. GREASE values are
3034
- // of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
3035
- // one.
3036
- if (grease_ext1 == grease_ext2) {
3037
- grease_ext2 ^= 0x1010;
3038
- }
3039
-
3040
- if (!CBB_add_u16(&extensions, grease_ext2) ||
3041
- !CBB_add_u16(&extensions, 1 /* one byte length */) ||
3042
- !CBB_add_u8(&extensions, 0 /* single zero byte as contents */)) {
3043
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3044
- return false;
3045
- }
3046
-
3047
- last_was_empty = false;
3048
- }
3049
-
3050
- if (!SSL_is_dtls(ssl)) {
3051
- size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs);
3052
- header_len += 2 + CBB_len(&extensions) + psk_extension_len;
3053
- size_t padding_len = 0;
3054
-
3055
- // The final extension must be non-empty. WebSphere Application
3056
- // Server 7.0 is intolerant to the last extension being zero-length. See
3057
- // https://crbug.com/363583.
3058
- if (last_was_empty && psk_extension_len == 0) {
3059
- padding_len = 1;
3060
- // The addition of the padding extension may push us into the F5 bug.
3061
- header_len += 4 + padding_len;
3062
- }
3063
-
3064
- // Add padding to workaround bugs in F5 terminators. See RFC 7685.
3065
- //
3066
- // NB: because this code works out the length of all existing extensions
3067
- // it MUST always appear last (save for any PSK extension).
3068
- if (header_len > 0xff && header_len < 0x200) {
3069
- // If our calculations already included a padding extension, remove that
3070
- // factor because we're about to change its length.
3071
- if (padding_len != 0) {
3072
- header_len -= 4 + padding_len;
3073
- }
3074
- padding_len = 0x200 - header_len;
3075
- // Extensions take at least four bytes to encode. Always include at least
3076
- // one byte of data if including the extension. WebSphere Application
3077
- // Server 7.0 is intolerant to the last extension being zero-length. See
3078
- // https://crbug.com/363583.
3079
- if (padding_len >= 4 + 1) {
3080
- padding_len -= 4;
3081
- } else {
3082
- padding_len = 1;
3083
- }
3084
- }
3085
-
3086
- if (padding_len != 0) {
3087
- uint8_t *padding_bytes;
3088
- if (!CBB_add_u16(&extensions, TLSEXT_TYPE_padding) ||
3089
- !CBB_add_u16(&extensions, padding_len) ||
3090
- !CBB_add_space(&extensions, &padding_bytes, padding_len)) {
3091
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3092
- return false;
3093
- }
3094
-
3095
- OPENSSL_memset(padding_bytes, 0, padding_len);
3096
- }
3097
- }
3098
-
3099
- // The PSK extension must be last, including after the padding.
3100
- if (!ext_pre_shared_key_add_clienthello(hs, &extensions)) {
3101
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3102
- return false;
3103
- }
3104
-
3105
- // Discard empty extensions blocks.
3106
- if (CBB_len(&extensions) == 0) {
3107
- CBB_discard_child(out);
3108
- }
3109
-
3110
- return CBB_flush(out);
3111
- }
3112
-
3113
- bool ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out) {
3114
- SSL *const ssl = hs->ssl;
3115
- CBB extensions;
3116
- if (!CBB_add_u16_length_prefixed(out, &extensions)) {
3117
- goto err;
3118
- }
3119
-
3120
- for (unsigned i = 0; i < kNumExtensions; i++) {
3121
- if (!(hs->extensions.received & (1u << i))) {
3122
- // Don't send extensions that were not received.
3123
- continue;
3124
- }
3125
-
3126
- if (!kExtensions[i].add_serverhello(hs, &extensions)) {
3127
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
3128
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3129
- goto err;
3130
- }
3131
- }
3132
-
3133
- // Discard empty extensions blocks before TLS 1.3.
3134
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION &&
3135
- CBB_len(&extensions) == 0) {
3136
- CBB_discard_child(out);
3137
- }
3138
-
3139
- return CBB_flush(out);
3140
-
3141
- err:
3142
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3143
- return false;
3144
- }
3145
-
3146
- static bool ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
3147
- const SSL_CLIENT_HELLO *client_hello,
3148
- int *out_alert) {
3149
- for (size_t i = 0; i < kNumExtensions; i++) {
3150
- if (kExtensions[i].init != NULL) {
3151
- kExtensions[i].init(hs);
3152
- }
3153
- }
3154
-
3155
- hs->extensions.received = 0;
3156
- CBS extensions;
3157
- CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
3158
- while (CBS_len(&extensions) != 0) {
3159
- uint16_t type;
3160
- CBS extension;
3161
-
3162
- // Decode the next extension.
3163
- if (!CBS_get_u16(&extensions, &type) ||
3164
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
3165
- *out_alert = SSL_AD_DECODE_ERROR;
3166
- return false;
3167
- }
3168
-
3169
- unsigned ext_index;
3170
- const struct tls_extension *const ext =
3171
- tls_extension_find(&ext_index, type);
3172
- if (ext == NULL) {
3173
- continue;
3174
- }
3175
-
3176
- hs->extensions.received |= (1u << ext_index);
3177
- uint8_t alert = SSL_AD_DECODE_ERROR;
3178
- if (!ext->parse_clienthello(hs, &alert, &extension)) {
3179
- *out_alert = alert;
3180
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
3181
- ERR_add_error_dataf("extension %u", (unsigned)type);
3182
- return false;
3183
- }
3184
- }
3185
-
3186
- for (size_t i = 0; i < kNumExtensions; i++) {
3187
- if (hs->extensions.received & (1u << i)) {
3188
- continue;
3189
- }
3190
-
3191
- CBS *contents = NULL, fake_contents;
3192
- static const uint8_t kFakeRenegotiateExtension[] = {0};
3193
- if (kExtensions[i].value == TLSEXT_TYPE_renegotiate &&
3194
- ssl_client_cipher_list_contains_cipher(client_hello,
3195
- SSL3_CK_SCSV & 0xffff)) {
3196
- // The renegotiation SCSV was received so pretend that we received a
3197
- // renegotiation extension.
3198
- CBS_init(&fake_contents, kFakeRenegotiateExtension,
3199
- sizeof(kFakeRenegotiateExtension));
3200
- contents = &fake_contents;
3201
- hs->extensions.received |= (1u << i);
3202
- }
3203
-
3204
- // Extension wasn't observed so call the callback with a NULL
3205
- // parameter.
3206
- uint8_t alert = SSL_AD_DECODE_ERROR;
3207
- if (!kExtensions[i].parse_clienthello(hs, &alert, contents)) {
3208
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
3209
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3210
- *out_alert = alert;
3211
- return false;
3212
- }
3213
- }
3214
-
3215
- return true;
3216
- }
3217
-
3218
- bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
3219
- const SSL_CLIENT_HELLO *client_hello) {
3220
- SSL *const ssl = hs->ssl;
3221
- int alert = SSL_AD_DECODE_ERROR;
3222
- if (!ssl_scan_clienthello_tlsext(hs, client_hello, &alert)) {
3223
- ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
3224
- return false;
3225
- }
3226
-
3227
- if (!ssl_check_clienthello_tlsext(hs)) {
3228
- OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_TLSEXT);
3229
- return false;
3230
- }
3231
-
3232
- return true;
3233
- }
3234
-
3235
- static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
3236
- int *out_alert) {
3237
- SSL *const ssl = hs->ssl;
3238
- // Before TLS 1.3, ServerHello extensions blocks may be omitted if empty.
3239
- if (CBS_len(cbs) == 0 && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
3240
- return true;
3241
- }
3242
-
3243
- // Decode the extensions block and check it is valid.
3244
- CBS extensions;
3245
- if (!CBS_get_u16_length_prefixed(cbs, &extensions) ||
3246
- !tls1_check_duplicate_extensions(&extensions)) {
3247
- *out_alert = SSL_AD_DECODE_ERROR;
3248
- return false;
3249
- }
3250
-
3251
- uint32_t received = 0;
3252
- while (CBS_len(&extensions) != 0) {
3253
- uint16_t type;
3254
- CBS extension;
3255
-
3256
- // Decode the next extension.
3257
- if (!CBS_get_u16(&extensions, &type) ||
3258
- !CBS_get_u16_length_prefixed(&extensions, &extension)) {
3259
- *out_alert = SSL_AD_DECODE_ERROR;
3260
- return false;
3261
- }
3262
-
3263
- unsigned ext_index;
3264
- const struct tls_extension *const ext =
3265
- tls_extension_find(&ext_index, type);
3266
-
3267
- if (ext == NULL) {
3268
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
3269
- ERR_add_error_dataf("extension %u", (unsigned)type);
3270
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
3271
- return false;
3272
- }
3273
-
3274
- static_assert(kNumExtensions <= sizeof(hs->extensions.sent) * 8,
3275
- "too many bits");
3276
-
3277
- if (!(hs->extensions.sent & (1u << ext_index))) {
3278
- // If the extension was never sent then it is illegal.
3279
- OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
3280
- ERR_add_error_dataf("extension :%u", (unsigned)type);
3281
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
3282
- return false;
3283
- }
3284
-
3285
- received |= (1u << ext_index);
3286
-
3287
- uint8_t alert = SSL_AD_DECODE_ERROR;
3288
- if (!ext->parse_serverhello(hs, &alert, &extension)) {
3289
- OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_PARSING_EXTENSION);
3290
- ERR_add_error_dataf("extension %u", (unsigned)type);
3291
- *out_alert = alert;
3292
- return false;
3293
- }
3294
- }
3295
-
3296
- for (size_t i = 0; i < kNumExtensions; i++) {
3297
- if (!(received & (1u << i))) {
3298
- // Extension wasn't observed so call the callback with a NULL
3299
- // parameter.
3300
- uint8_t alert = SSL_AD_DECODE_ERROR;
3301
- if (!kExtensions[i].parse_serverhello(hs, &alert, NULL)) {
3302
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
3303
- ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
3304
- *out_alert = alert;
3305
- return false;
3306
- }
3307
- }
3308
- }
3309
-
3310
- return true;
3311
- }
3312
-
3313
- static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
3314
- SSL *const ssl = hs->ssl;
3315
-
3316
- if (ssl->s3->token_binding_negotiated &&
3317
- !(SSL_get_secure_renegotiation_support(ssl) &&
3318
- SSL_get_extms_support(ssl))) {
3319
- OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
3320
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
3321
- return false;
3322
- }
3323
-
3324
- int ret = SSL_TLSEXT_ERR_NOACK;
3325
- int al = SSL_AD_UNRECOGNIZED_NAME;
3326
-
3327
- if (ssl->ctx->servername_callback != 0) {
3328
- ret = ssl->ctx->servername_callback(ssl, &al, ssl->ctx->servername_arg);
3329
- } else if (ssl->session_ctx->servername_callback != 0) {
3330
- ret = ssl->session_ctx->servername_callback(
3331
- ssl, &al, ssl->session_ctx->servername_arg);
3332
- }
3333
-
3334
- switch (ret) {
3335
- case SSL_TLSEXT_ERR_ALERT_FATAL:
3336
- ssl_send_alert(ssl, SSL3_AL_FATAL, al);
3337
- return false;
3338
-
3339
- case SSL_TLSEXT_ERR_NOACK:
3340
- hs->should_ack_sni = false;
3341
- return true;
3342
-
3343
- default:
3344
- return true;
3345
- }
3346
- }
3347
-
3348
- bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
3349
- SSL *const ssl = hs->ssl;
3350
- int alert = SSL_AD_DECODE_ERROR;
3351
- if (!ssl_scan_serverhello_tlsext(hs, cbs, &alert)) {
3352
- ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
3353
- return false;
3354
- }
3355
-
3356
- return true;
3357
- }
3358
-
3359
- static enum ssl_ticket_aead_result_t decrypt_ticket_with_cipher_ctx(
3360
- Array<uint8_t> *out, EVP_CIPHER_CTX *cipher_ctx, HMAC_CTX *hmac_ctx,
3361
- Span<const uint8_t> ticket) {
3362
- size_t iv_len = EVP_CIPHER_CTX_iv_length(cipher_ctx);
3363
-
3364
- // Check the MAC at the end of the ticket.
3365
- uint8_t mac[EVP_MAX_MD_SIZE];
3366
- size_t mac_len = HMAC_size(hmac_ctx);
3367
- if (ticket.size() < SSL_TICKET_KEY_NAME_LEN + iv_len + 1 + mac_len) {
3368
- // The ticket must be large enough for key name, IV, data, and MAC.
3369
- return ssl_ticket_aead_ignore_ticket;
3370
- }
3371
- // Split the ticket into the ticket and the MAC.
3372
- auto ticket_mac = ticket.subspan(ticket.size() - mac_len);
3373
- ticket = ticket.subspan(0, ticket.size() - mac_len);
3374
- HMAC_Update(hmac_ctx, ticket.data(), ticket.size());
3375
- HMAC_Final(hmac_ctx, mac, NULL);
3376
- assert(mac_len == ticket_mac.size());
3377
- bool mac_ok = CRYPTO_memcmp(mac, ticket_mac.data(), mac_len) == 0;
3378
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
3379
- mac_ok = true;
3380
- #endif
3381
- if (!mac_ok) {
3382
- return ssl_ticket_aead_ignore_ticket;
3383
- }
3384
-
3385
- // Decrypt the session data.
3386
- auto ciphertext = ticket.subspan(SSL_TICKET_KEY_NAME_LEN + iv_len);
3387
- Array<uint8_t> plaintext;
3388
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
3389
- if (!plaintext.CopyFrom(ciphertext)) {
3390
- return ssl_ticket_aead_error;
3391
- }
3392
- #else
3393
- if (ciphertext.size() >= INT_MAX) {
3394
- return ssl_ticket_aead_ignore_ticket;
3395
- }
3396
- if (!plaintext.Init(ciphertext.size())) {
3397
- return ssl_ticket_aead_error;
3398
- }
3399
- int len1, len2;
3400
- if (!EVP_DecryptUpdate(cipher_ctx, plaintext.data(), &len1, ciphertext.data(),
3401
- (int)ciphertext.size()) ||
3402
- !EVP_DecryptFinal_ex(cipher_ctx, plaintext.data() + len1, &len2)) {
3403
- ERR_clear_error();
3404
- return ssl_ticket_aead_ignore_ticket;
3405
- }
3406
- plaintext.Shrink(static_cast<size_t>(len1) + len2);
3407
- #endif
3408
-
3409
- *out = std::move(plaintext);
3410
- return ssl_ticket_aead_success;
3411
- }
3412
-
3413
- static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_cb(
3414
- SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket,
3415
- Span<const uint8_t> ticket) {
3416
- assert(ticket.size() >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
3417
- ScopedEVP_CIPHER_CTX cipher_ctx;
3418
- ScopedHMAC_CTX hmac_ctx;
3419
- auto name = ticket.subspan(0, SSL_TICKET_KEY_NAME_LEN);
3420
- // The actual IV is shorter, but the length is determined by the callback's
3421
- // chosen cipher. Instead we pass in |EVP_MAX_IV_LENGTH| worth of IV to ensure
3422
- // the callback has enough.
3423
- auto iv = ticket.subspan(SSL_TICKET_KEY_NAME_LEN, EVP_MAX_IV_LENGTH);
3424
- int cb_ret = hs->ssl->session_ctx->ticket_key_cb(
3425
- hs->ssl, const_cast<uint8_t *>(name.data()),
3426
- const_cast<uint8_t *>(iv.data()), cipher_ctx.get(), hmac_ctx.get(),
3427
- 0 /* decrypt */);
3428
- if (cb_ret < 0) {
3429
- return ssl_ticket_aead_error;
3430
- } else if (cb_ret == 0) {
3431
- return ssl_ticket_aead_ignore_ticket;
3432
- } else if (cb_ret == 2) {
3433
- *out_renew_ticket = true;
3434
- } else {
3435
- assert(cb_ret == 1);
3436
- }
3437
- return decrypt_ticket_with_cipher_ctx(out, cipher_ctx.get(), hmac_ctx.get(),
3438
- ticket);
3439
- }
3440
-
3441
- static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_ticket_keys(
3442
- SSL_HANDSHAKE *hs, Array<uint8_t> *out, Span<const uint8_t> ticket) {
3443
- assert(ticket.size() >= SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH);
3444
- SSL_CTX *ctx = hs->ssl->session_ctx.get();
3445
-
3446
- // Rotate the ticket key if necessary.
3447
- if (!ssl_ctx_rotate_ticket_encryption_key(ctx)) {
3448
- return ssl_ticket_aead_error;
3449
- }
3450
-
3451
- const EVP_CIPHER *cipher = EVP_aes_128_cbc();
3452
- auto name = ticket.subspan(0, SSL_TICKET_KEY_NAME_LEN);
3453
- auto iv =
3454
- ticket.subspan(SSL_TICKET_KEY_NAME_LEN, EVP_CIPHER_iv_length(cipher));
3455
-
3456
- // Pick the matching ticket key and decrypt.
3457
- ScopedEVP_CIPHER_CTX cipher_ctx;
3458
- ScopedHMAC_CTX hmac_ctx;
3459
- {
3460
- MutexReadLock lock(&ctx->lock);
3461
- const TicketKey *key;
3462
- if (ctx->ticket_key_current && name == ctx->ticket_key_current->name) {
3463
- key = ctx->ticket_key_current.get();
3464
- } else if (ctx->ticket_key_prev && name == ctx->ticket_key_prev->name) {
3465
- key = ctx->ticket_key_prev.get();
3466
- } else {
3467
- return ssl_ticket_aead_ignore_ticket;
3468
- }
3469
- if (!HMAC_Init_ex(hmac_ctx.get(), key->hmac_key, sizeof(key->hmac_key),
3470
- tlsext_tick_md(), NULL) ||
3471
- !EVP_DecryptInit_ex(cipher_ctx.get(), cipher, NULL,
3472
- key->aes_key, iv.data())) {
3473
- return ssl_ticket_aead_error;
3474
- }
3475
- }
3476
- return decrypt_ticket_with_cipher_ctx(out, cipher_ctx.get(), hmac_ctx.get(),
3477
- ticket);
3478
- }
3479
-
3480
- static enum ssl_ticket_aead_result_t ssl_decrypt_ticket_with_method(
3481
- SSL_HANDSHAKE *hs, Array<uint8_t> *out, bool *out_renew_ticket,
3482
- Span<const uint8_t> ticket) {
3483
- Array<uint8_t> plaintext;
3484
- if (!plaintext.Init(ticket.size())) {
3485
- OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
3486
- return ssl_ticket_aead_error;
3487
- }
3488
-
3489
- size_t plaintext_len;
3490
- const enum ssl_ticket_aead_result_t result =
3491
- hs->ssl->session_ctx->ticket_aead_method->open(
3492
- hs->ssl, plaintext.data(), &plaintext_len, ticket.size(),
3493
- ticket.data(), ticket.size());
3494
- if (result != ssl_ticket_aead_success) {
3495
- return result;
3496
- }
3497
-
3498
- plaintext.Shrink(plaintext_len);
3499
- *out = std::move(plaintext);
3500
- return ssl_ticket_aead_success;
3501
- }
3502
-
3503
- enum ssl_ticket_aead_result_t ssl_process_ticket(
3504
- SSL_HANDSHAKE *hs, UniquePtr<SSL_SESSION> *out_session,
3505
- bool *out_renew_ticket, Span<const uint8_t> ticket,
3506
- Span<const uint8_t> session_id) {
3507
- *out_renew_ticket = false;
3508
- out_session->reset();
3509
-
3510
- if ((SSL_get_options(hs->ssl) & SSL_OP_NO_TICKET) ||
3511
- session_id.size() > SSL_MAX_SSL_SESSION_ID_LENGTH) {
3512
- return ssl_ticket_aead_ignore_ticket;
3513
- }
3514
-
3515
- Array<uint8_t> plaintext;
3516
- enum ssl_ticket_aead_result_t result;
3517
- if (hs->ssl->session_ctx->ticket_aead_method != NULL) {
3518
- result = ssl_decrypt_ticket_with_method(hs, &plaintext, out_renew_ticket,
3519
- ticket);
3520
- } else {
3521
- // Ensure there is room for the key name and the largest IV |ticket_key_cb|
3522
- // may try to consume. The real limit may be lower, but the maximum IV
3523
- // length should be well under the minimum size for the session material and
3524
- // HMAC.
3525
- if (ticket.size() < SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH) {
3526
- return ssl_ticket_aead_ignore_ticket;
3527
- }
3528
- if (hs->ssl->session_ctx->ticket_key_cb != NULL) {
3529
- result =
3530
- ssl_decrypt_ticket_with_cb(hs, &plaintext, out_renew_ticket, ticket);
3531
- } else {
3532
- result = ssl_decrypt_ticket_with_ticket_keys(hs, &plaintext, ticket);
3533
- }
3534
- }
3535
-
3536
- if (result != ssl_ticket_aead_success) {
3537
- return result;
3538
- }
3539
-
3540
- // Decode the session.
3541
- UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
3542
- plaintext.data(), plaintext.size(), hs->ssl->ctx.get()));
3543
- if (!session) {
3544
- ERR_clear_error(); // Don't leave an error on the queue.
3545
- return ssl_ticket_aead_ignore_ticket;
3546
- }
3547
-
3548
- // Copy the client's session ID into the new session, to denote the ticket has
3549
- // been accepted.
3550
- OPENSSL_memcpy(session->session_id, session_id.data(), session_id.size());
3551
- session->session_id_length = session_id.size();
3552
-
3553
- *out_session = std::move(session);
3554
- return ssl_ticket_aead_success;
3555
- }
3556
-
3557
- bool tls1_parse_peer_sigalgs(SSL_HANDSHAKE *hs, const CBS *in_sigalgs) {
3558
- // Extension ignored for inappropriate versions
3559
- if (ssl_protocol_version(hs->ssl) < TLS1_2_VERSION) {
3560
- return true;
3561
- }
3562
-
3563
- // In all contexts, the signature algorithms list may not be empty. (It may be
3564
- // omitted by clients in TLS 1.2, but then the entire extension is omitted.)
3565
- return CBS_len(in_sigalgs) != 0 &&
3566
- parse_u16_array(in_sigalgs, &hs->peer_sigalgs);
3567
- }
3568
-
3569
- bool tls1_get_legacy_signature_algorithm(uint16_t *out, const EVP_PKEY *pkey) {
3570
- switch (EVP_PKEY_id(pkey)) {
3571
- case EVP_PKEY_RSA:
3572
- *out = SSL_SIGN_RSA_PKCS1_MD5_SHA1;
3573
- return true;
3574
- case EVP_PKEY_EC:
3575
- *out = SSL_SIGN_ECDSA_SHA1;
3576
- return true;
3577
- default:
3578
- return false;
3579
- }
3580
- }
3581
-
3582
- bool tls1_choose_signature_algorithm(SSL_HANDSHAKE *hs, uint16_t *out) {
3583
- SSL *const ssl = hs->ssl;
3584
- CERT *cert = hs->config->cert.get();
3585
- DC *dc = cert->dc.get();
3586
-
3587
- // Before TLS 1.2, the signature algorithm isn't negotiated as part of the
3588
- // handshake.
3589
- if (ssl_protocol_version(ssl) < TLS1_2_VERSION) {
3590
- if (!tls1_get_legacy_signature_algorithm(out, hs->local_pubkey.get())) {
3591
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
3592
- return false;
3593
- }
3594
- return true;
3595
- }
3596
-
3597
- Span<const uint16_t> sigalgs = kSignSignatureAlgorithms;
3598
- if (ssl_signing_with_dc(hs)) {
3599
- sigalgs = MakeConstSpan(&dc->expected_cert_verify_algorithm, 1);
3600
- } else if (!cert->sigalgs.empty()) {
3601
- sigalgs = cert->sigalgs;
3602
- }
3603
-
3604
- Span<const uint16_t> peer_sigalgs = tls1_get_peer_verify_algorithms(hs);
3605
-
3606
- for (uint16_t sigalg : sigalgs) {
3607
- // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal value and should never be
3608
- // negotiated.
3609
- if (sigalg == SSL_SIGN_RSA_PKCS1_MD5_SHA1 ||
3610
- !ssl_private_key_supports_signature_algorithm(hs, sigalg)) {
3611
- continue;
3612
- }
3613
-
3614
- for (uint16_t peer_sigalg : peer_sigalgs) {
3615
- if (sigalg == peer_sigalg) {
3616
- *out = sigalg;
3617
- return true;
3618
- }
3619
- }
3620
- }
3621
-
3622
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS);
3623
- return false;
3624
- }
3625
-
3626
- Span<const uint16_t> tls1_get_peer_verify_algorithms(const SSL_HANDSHAKE *hs) {
3627
- Span<const uint16_t> peer_sigalgs = hs->peer_sigalgs;
3628
- if (peer_sigalgs.empty() && ssl_protocol_version(hs->ssl) < TLS1_3_VERSION) {
3629
- // If the client didn't specify any signature_algorithms extension then
3630
- // we can assume that it supports SHA1. See
3631
- // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
3632
- static const uint16_t kDefaultPeerAlgorithms[] = {SSL_SIGN_RSA_PKCS1_SHA1,
3633
- SSL_SIGN_ECDSA_SHA1};
3634
- peer_sigalgs = kDefaultPeerAlgorithms;
3635
- }
3636
- return peer_sigalgs;
3637
- }
3638
-
3639
- bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
3640
- SSL *const ssl = hs->ssl;
3641
- // A Channel ID handshake message is structured to contain multiple
3642
- // extensions, but the only one that can be present is Channel ID.
3643
- uint16_t extension_type;
3644
- CBS channel_id = msg.body, extension;
3645
- if (!CBS_get_u16(&channel_id, &extension_type) ||
3646
- !CBS_get_u16_length_prefixed(&channel_id, &extension) ||
3647
- CBS_len(&channel_id) != 0 ||
3648
- extension_type != TLSEXT_TYPE_channel_id ||
3649
- CBS_len(&extension) != TLSEXT_CHANNEL_ID_SIZE) {
3650
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3651
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
3652
- return false;
3653
- }
3654
-
3655
- UniquePtr<EC_GROUP> p256(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
3656
- if (!p256) {
3657
- OPENSSL_PUT_ERROR(SSL, SSL_R_NO_P256_SUPPORT);
3658
- return false;
3659
- }
3660
-
3661
- UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
3662
- UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
3663
- if (!sig || !x || !y) {
3664
- return false;
3665
- }
3666
-
3667
- const uint8_t *p = CBS_data(&extension);
3668
- if (BN_bin2bn(p + 0, 32, x.get()) == NULL ||
3669
- BN_bin2bn(p + 32, 32, y.get()) == NULL ||
3670
- BN_bin2bn(p + 64, 32, sig->r) == NULL ||
3671
- BN_bin2bn(p + 96, 32, sig->s) == NULL) {
3672
- return false;
3673
- }
3674
-
3675
- UniquePtr<EC_KEY> key(EC_KEY_new());
3676
- UniquePtr<EC_POINT> point(EC_POINT_new(p256.get()));
3677
- if (!key || !point ||
3678
- !EC_POINT_set_affine_coordinates_GFp(p256.get(), point.get(), x.get(),
3679
- y.get(), nullptr) ||
3680
- !EC_KEY_set_group(key.get(), p256.get()) ||
3681
- !EC_KEY_set_public_key(key.get(), point.get())) {
3682
- return false;
3683
- }
3684
-
3685
- uint8_t digest[EVP_MAX_MD_SIZE];
3686
- size_t digest_len;
3687
- if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
3688
- return false;
3689
- }
3690
-
3691
- bool sig_ok = ECDSA_do_verify(digest, digest_len, sig.get(), key.get());
3692
- #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
3693
- sig_ok = true;
3694
- ERR_clear_error();
3695
- #endif
3696
- if (!sig_ok) {
3697
- OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
3698
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
3699
- ssl->s3->channel_id_valid = false;
3700
- return false;
3701
- }
3702
-
3703
- OPENSSL_memcpy(ssl->s3->channel_id, p, 64);
3704
- return true;
3705
- }
3706
-
3707
- bool tls1_write_channel_id(SSL_HANDSHAKE *hs, CBB *cbb) {
3708
- uint8_t digest[EVP_MAX_MD_SIZE];
3709
- size_t digest_len;
3710
- if (!tls1_channel_id_hash(hs, digest, &digest_len)) {
3711
- return false;
3712
- }
3713
-
3714
- EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(hs->config->channel_id_private.get());
3715
- if (ec_key == nullptr) {
3716
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3717
- return false;
3718
- }
3719
-
3720
- UniquePtr<BIGNUM> x(BN_new()), y(BN_new());
3721
- if (!x || !y ||
3722
- !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
3723
- EC_KEY_get0_public_key(ec_key),
3724
- x.get(), y.get(), nullptr)) {
3725
- return false;
3726
- }
3727
-
3728
- UniquePtr<ECDSA_SIG> sig(ECDSA_do_sign(digest, digest_len, ec_key));
3729
- if (!sig) {
3730
- return false;
3731
- }
3732
-
3733
- CBB child;
3734
- if (!CBB_add_u16(cbb, TLSEXT_TYPE_channel_id) ||
3735
- !CBB_add_u16_length_prefixed(cbb, &child) ||
3736
- !BN_bn2cbb_padded(&child, 32, x.get()) ||
3737
- !BN_bn2cbb_padded(&child, 32, y.get()) ||
3738
- !BN_bn2cbb_padded(&child, 32, sig->r) ||
3739
- !BN_bn2cbb_padded(&child, 32, sig->s) ||
3740
- !CBB_flush(cbb)) {
3741
- return false;
3742
- }
3743
-
3744
- return true;
3745
- }
3746
-
3747
- bool tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len) {
3748
- SSL *const ssl = hs->ssl;
3749
- if (ssl_protocol_version(ssl) >= TLS1_3_VERSION) {
3750
- Array<uint8_t> msg;
3751
- if (!tls13_get_cert_verify_signature_input(hs, &msg,
3752
- ssl_cert_verify_channel_id)) {
3753
- return false;
3754
- }
3755
- SHA256(msg.data(), msg.size(), out);
3756
- *out_len = SHA256_DIGEST_LENGTH;
3757
- return true;
3758
- }
3759
-
3760
- SHA256_CTX ctx;
3761
-
3762
- SHA256_Init(&ctx);
3763
- static const char kClientIDMagic[] = "TLS Channel ID signature";
3764
- SHA256_Update(&ctx, kClientIDMagic, sizeof(kClientIDMagic));
3765
-
3766
- if (ssl->session != NULL) {
3767
- static const char kResumptionMagic[] = "Resumption";
3768
- SHA256_Update(&ctx, kResumptionMagic, sizeof(kResumptionMagic));
3769
- if (ssl->session->original_handshake_hash_len == 0) {
3770
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
3771
- return false;
3772
- }
3773
- SHA256_Update(&ctx, ssl->session->original_handshake_hash,
3774
- ssl->session->original_handshake_hash_len);
3775
- }
3776
-
3777
- uint8_t hs_hash[EVP_MAX_MD_SIZE];
3778
- size_t hs_hash_len;
3779
- if (!hs->transcript.GetHash(hs_hash, &hs_hash_len)) {
3780
- return false;
3781
- }
3782
- SHA256_Update(&ctx, hs_hash, (size_t)hs_hash_len);
3783
- SHA256_Final(out, &ctx);
3784
- *out_len = SHA256_DIGEST_LENGTH;
3785
- return true;
3786
- }
3787
-
3788
- bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
3789
- SSL *const ssl = hs->ssl;
3790
- // This function should never be called for a resumed session because the
3791
- // handshake hashes that we wish to record are for the original, full
3792
- // handshake.
3793
- if (ssl->session != NULL) {
3794
- return false;
3795
- }
3796
-
3797
- static_assert(
3798
- sizeof(hs->new_session->original_handshake_hash) == EVP_MAX_MD_SIZE,
3799
- "original_handshake_hash is too small");
3800
-
3801
- size_t digest_len;
3802
- if (!hs->transcript.GetHash(hs->new_session->original_handshake_hash,
3803
- &digest_len)) {
3804
- return false;
3805
- }
3806
-
3807
- static_assert(EVP_MAX_MD_SIZE <= 0xff,
3808
- "EVP_MAX_MD_SIZE does not fit in uint8_t");
3809
- hs->new_session->original_handshake_hash_len = (uint8_t)digest_len;
3810
-
3811
- return true;
3812
- }
3813
-
3814
- bool ssl_do_channel_id_callback(SSL_HANDSHAKE *hs) {
3815
- if (hs->config->channel_id_private != NULL ||
3816
- hs->ssl->ctx->channel_id_cb == NULL) {
3817
- return true;
3818
- }
3819
-
3820
- EVP_PKEY *key = NULL;
3821
- hs->ssl->ctx->channel_id_cb(hs->ssl, &key);
3822
- if (key == NULL) {
3823
- // The caller should try again later.
3824
- return true;
3825
- }
3826
-
3827
- UniquePtr<EVP_PKEY> free_key(key);
3828
- return SSL_set1_tls_channel_id(hs->ssl, key);
3829
- }
3830
-
3831
- bool ssl_is_sct_list_valid(const CBS *contents) {
3832
- // Shallow parse the SCT list for sanity. By the RFC
3833
- // (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
3834
- // of the SCTs may be empty.
3835
- CBS copy = *contents;
3836
- CBS sct_list;
3837
- if (!CBS_get_u16_length_prefixed(&copy, &sct_list) ||
3838
- CBS_len(&copy) != 0 ||
3839
- CBS_len(&sct_list) == 0) {
3840
- return false;
3841
- }
3842
-
3843
- while (CBS_len(&sct_list) > 0) {
3844
- CBS sct;
3845
- if (!CBS_get_u16_length_prefixed(&sct_list, &sct) ||
3846
- CBS_len(&sct) == 0) {
3847
- return false;
3848
- }
3849
- }
3850
-
3851
- return true;
3852
- }
3853
-
3854
- BSSL_NAMESPACE_END
3855
-
3856
- using namespace bssl;
3857
-
3858
- int SSL_early_callback_ctx_extension_get(const SSL_CLIENT_HELLO *client_hello,
3859
- uint16_t extension_type,
3860
- const uint8_t **out_data,
3861
- size_t *out_len) {
3862
- CBS cbs;
3863
- if (!ssl_client_hello_get_extension(client_hello, &cbs, extension_type)) {
3864
- return 0;
3865
- }
3866
-
3867
- *out_data = CBS_data(&cbs);
3868
- *out_len = CBS_len(&cbs);
3869
- return 1;
3870
- }