grpc 1.30.1 → 1.32.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +723 -15910
- data/include/grpc/grpc_security.h +31 -14
- data/include/grpc/grpc_security_constants.h +3 -0
- data/include/grpc/impl/codegen/README.md +22 -0
- data/include/grpc/impl/codegen/grpc_types.h +7 -5
- data/include/grpc/impl/codegen/port_platform.h +6 -33
- data/src/core/ext/filters/client_channel/backend_metric.cc +12 -9
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +470 -285
- data/src/core/ext/filters/client_channel/client_channel.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +8 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +8 -8
- data/src/core/ext/filters/client_channel/http_proxy.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -0
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +59 -36
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -13
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +29 -10
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +4 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +23 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +18 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +22 -14
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +18 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +385 -78
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +5 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +6 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +8 -6
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +9 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +7 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +36 -51
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +383 -31
- data/src/core/ext/filters/client_channel/resolver_registry.cc +13 -14
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +6 -7
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +0 -1
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +38 -32
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +39 -20
- data/src/core/ext/filters/client_channel/server_address.cc +40 -7
- data/src/core/ext/filters/client_channel/server_address.h +42 -4
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +65 -24
- data/src/core/ext/filters/client_channel/subchannel.h +16 -4
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -5
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -1
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +74 -33
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
- data/src/core/ext/filters/max_age/max_age_filter.cc +2 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -80
- data/src/core/ext/filters/message_size/message_size_filter.h +6 -0
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +18 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +10 -35
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +378 -348
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +7 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -3
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +10 -16
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +9 -9
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +256 -279
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +23 -28
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +8 -9
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/internal.h +18 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +34 -71
- data/src/core/ext/transport/chttp2/transport/writing.cc +15 -19
- data/src/core/ext/transport/inproc/inproc_transport.cc +47 -27
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +224 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +700 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +380 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1378 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/filter.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/outlier_detection.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +334 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/backoff.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +309 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +96 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +328 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +195 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +634 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/http_uri.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +152 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +536 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
- data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
- data/src/core/ext/upb-generated/envoy/config/listener/{v2 → v3}/api_listener.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +108 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +401 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +138 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +490 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +174 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +599 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +773 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2855 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +59 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +135 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +312 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1125 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +111 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +401 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +72 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +198 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +105 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +388 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +5 -4
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +129 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +386 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +5 -6
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +127 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
- data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
- data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +8 -9
- data/src/core/ext/upb-generated/envoy/type/{percent.upb.c → v3/percent.upb.c} +9 -8
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
- data/src/core/ext/upb-generated/envoy/type/{range.upb.c → v3/range.upb.c} +12 -11
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
- data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +6 -5
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +39 -39
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +412 -386
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +34 -55
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +5 -6
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.c +11 -11
- data/src/core/ext/upb-generated/validate/validate.upb.h +537 -536
- data/src/core/ext/xds/xds_api.cc +2388 -0
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_api.h +120 -40
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +56 -25
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +8 -3
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel.h +4 -4
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +3 -3
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_secure.cc +2 -5
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +94 -347
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +12 -45
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +2 -2
- data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +13 -13
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +19 -30
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/channelz_registry.cc +3 -1
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/string.cc +10 -9
- data/src/core/lib/gpr/string.h +4 -2
- data/src/core/lib/gpr/sync_posix.cc +2 -8
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/http/httpcli.cc +13 -10
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -0
- data/src/core/lib/iomgr/endpoint.cc +5 -1
- data/src/core/lib/iomgr/endpoint.h +7 -3
- data/src/core/lib/iomgr/endpoint_cfstream.cc +32 -11
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -6
- data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +1 -1
- data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.h +3 -3
- data/src/core/lib/iomgr/port.h +1 -21
- data/src/core/lib/iomgr/resolve_address_custom.cc +13 -18
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -8
- data/src/core/lib/iomgr/resource_quota.cc +34 -31
- data/src/core/lib/iomgr/sockaddr_utils.cc +9 -6
- data/src/core/lib/iomgr/sockaddr_utils.h +3 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +95 -55
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -11
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +27 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +9 -9
- data/src/core/lib/iomgr/tcp_custom.cc +33 -17
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +31 -13
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +6 -14
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -41
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -9
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/tcp_windows.cc +26 -10
- data/src/core/lib/iomgr/timer_generic.cc +13 -12
- data/src/core/lib/iomgr/udp_server.cc +24 -23
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json_reader.cc +20 -21
- data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
- data/src/core/lib/security/authorization/authorization_engine.h +84 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
- data/src/core/lib/security/authorization/evaluate_args.h +59 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +42 -0
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +68 -0
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +93 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +56 -0
- data/src/core/lib/security/authorization/mock_cel/statusor.h +50 -0
- data/src/core/lib/security/credentials/credentials.h +5 -3
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +64 -43
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +19 -28
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +10 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +11 -12
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +18 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +5 -0
- data/src/core/lib/security/security_connector/ssl_utils.cc +44 -23
- data/src/core/lib/security/security_connector/ssl_utils.h +6 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +27 -24
- data/src/core/lib/security/transport/client_auth_filter.cc +10 -9
- data/src/core/lib/security/transport/secure_endpoint.cc +7 -1
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +52 -53
- data/src/core/lib/surface/call.h +2 -1
- data/src/core/lib/surface/channel.cc +28 -20
- data/src/core/lib/surface/channel.h +12 -2
- data/src/core/lib/surface/completion_queue.cc +0 -5
- data/src/core/lib/surface/init.cc +1 -1
- data/src/core/lib/surface/server.cc +1102 -1347
- data/src/core/lib/surface/server.h +369 -71
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +38 -0
- data/src/core/lib/transport/authority_override.h +32 -0
- data/src/core/lib/transport/connectivity_state.cc +18 -13
- data/src/core/lib/transport/connectivity_state.h +18 -6
- data/src/core/lib/transport/error_utils.cc +13 -0
- data/src/core/lib/transport/error_utils.h +6 -0
- data/src/core/lib/transport/static_metadata.cc +295 -276
- data/src/core/lib/transport/static_metadata.h +80 -73
- data/src/core/lib/transport/transport.h +13 -0
- data/src/core/lib/uri/uri_parser.cc +30 -35
- data/src/core/lib/uri/uri_parser.h +3 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -13
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +24 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +102 -11
- data/src/core/tsi/ssl_transport_security.h +14 -2
- data/src/core/tsi/transport_security_interface.h +5 -0
- data/src/ruby/bin/math_services_pb.rb +4 -4
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +3 -2
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +54 -10
- data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -4
- data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +5 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +28 -12
- data/src/ruby/spec/channel_credentials_spec.rb +10 -0
- data/src/ruby/spec/generic/active_call_spec.rb +19 -8
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +25 -1
- data/src/ruby/spec/user_agent_spec.rb +74 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +1727 -0
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +161 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
- data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
- data/third_party/abseil-cpp/absl/container/fixed_array.h +515 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +503 -0
- data/third_party/abseil-cpp/absl/container/internal/common.h +202 -0
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +440 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +146 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +191 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +269 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +297 -0
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +49 -0
- data/third_party/abseil-cpp/absl/container/internal/layout.h +741 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1882 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +138 -0
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1895 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +192 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +125 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +70 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +99 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +85 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +128 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +194 -0
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
- data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +25 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1480 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
- data/third_party/abseil-cpp/absl/hash/hash.h +324 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +988 -0
- data/third_party/abseil-cpp/absl/status/status.cc +447 -0
- data/third_party/abseil-cpp/absl/status/status.h +428 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +43 -0
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
- data/third_party/abseil-cpp/absl/strings/cord.cc +2019 -0
- data/third_party/abseil-cpp/absl/strings/cord.h +1121 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +151 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
- data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +261 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +484 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2728 -0
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +1056 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
- data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
- data/third_party/abseil-cpp/absl/types/variant.h +861 -0
- data/third_party/boringssl-with-bazel/err_data.c +266 -254
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +159 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +11 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +456 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +192 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +116 -363
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +7 -45
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +28 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +52 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +72 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +800 -715
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +9 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +21 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -7
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +4 -24
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -24
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +34 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +31 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +17 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
- data/third_party/re2/re2/bitmap256.h +117 -0
- data/third_party/re2/re2/bitstate.cc +385 -0
- data/third_party/re2/re2/compile.cc +1279 -0
- data/third_party/re2/re2/dfa.cc +2130 -0
- data/third_party/re2/re2/filtered_re2.cc +121 -0
- data/third_party/re2/re2/filtered_re2.h +109 -0
- data/third_party/re2/re2/mimics_pcre.cc +197 -0
- data/third_party/re2/re2/nfa.cc +713 -0
- data/third_party/re2/re2/onepass.cc +623 -0
- data/third_party/re2/re2/parse.cc +2464 -0
- data/third_party/re2/re2/perl_groups.cc +119 -0
- data/third_party/re2/re2/pod_array.h +55 -0
- data/third_party/re2/re2/prefilter.cc +710 -0
- data/third_party/re2/re2/prefilter.h +108 -0
- data/third_party/re2/re2/prefilter_tree.cc +407 -0
- data/third_party/re2/re2/prefilter_tree.h +139 -0
- data/third_party/re2/re2/prog.cc +988 -0
- data/third_party/re2/re2/prog.h +436 -0
- data/third_party/re2/re2/re2.cc +1362 -0
- data/third_party/re2/re2/re2.h +1002 -0
- data/third_party/re2/re2/regexp.cc +980 -0
- data/third_party/re2/re2/regexp.h +659 -0
- data/third_party/re2/re2/set.cc +154 -0
- data/third_party/re2/re2/set.h +80 -0
- data/third_party/re2/re2/simplify.cc +657 -0
- data/third_party/re2/re2/sparse_array.h +392 -0
- data/third_party/re2/re2/sparse_set.h +264 -0
- data/third_party/re2/re2/stringpiece.cc +65 -0
- data/third_party/re2/re2/stringpiece.h +210 -0
- data/third_party/re2/re2/tostring.cc +351 -0
- data/third_party/re2/re2/unicode_casefold.cc +582 -0
- data/third_party/re2/re2/unicode_casefold.h +78 -0
- data/third_party/re2/re2/unicode_groups.cc +6269 -0
- data/third_party/re2/re2/unicode_groups.h +67 -0
- data/third_party/re2/re2/walker-inl.h +246 -0
- data/third_party/re2/util/benchmark.h +156 -0
- data/third_party/re2/util/flags.h +26 -0
- data/third_party/re2/util/logging.h +109 -0
- data/third_party/re2/util/malloc_counter.h +19 -0
- data/third_party/re2/util/mix.h +41 -0
- data/third_party/re2/util/mutex.h +148 -0
- data/third_party/re2/util/pcre.cc +1025 -0
- data/third_party/re2/util/pcre.h +681 -0
- data/third_party/re2/util/rune.cc +260 -0
- data/third_party/re2/util/strutil.cc +149 -0
- data/third_party/re2/util/strutil.h +21 -0
- data/third_party/re2/util/test.h +50 -0
- data/third_party/re2/util/utf.h +44 -0
- data/third_party/re2/util/util.h +42 -0
- data/third_party/upb/upb/decode.c +517 -505
- data/third_party/upb/upb/encode.c +165 -123
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -86
- data/third_party/upb/upb/table.int.h +11 -52
- data/third_party/upb/upb/upb.c +151 -125
- data/third_party/upb/upb/upb.h +91 -147
- data/third_party/upb/upb/upb.hpp +88 -0
- metadata +310 -148
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -1906
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -35
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -418
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -197
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -378
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1447
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -218
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -305
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -328
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -78
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -897
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -322
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -72
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -642
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -673
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -518
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -89
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -392
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -240
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -33
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -266
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -324
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -399
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -33
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -527
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -112
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -199
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -33
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -3032
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -134
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -53
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -725
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1132
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -50
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -134
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -144
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -87
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -112
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -62
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -249
- data/src/core/lib/security/transport/target_authority_table.cc +0 -75
- data/src/core/lib/security/transport/target_authority_table.h +0 -40
- data/src/core/lib/slice/slice_hash_table.h +0 -199
- data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -632,7 +632,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
632
632
|
case handback_after_session_resumption:
|
633
633
|
// The write keys are installed after server Finished, but the client
|
634
634
|
// keys must wait for ChangeCipherSpec.
|
635
|
-
if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session
|
635
|
+
if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session,
|
636
636
|
write_iv)) {
|
637
637
|
return false;
|
638
638
|
}
|
@@ -642,9 +642,9 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
|
|
642
642
|
break;
|
643
643
|
case handback_after_handshake:
|
644
644
|
// The handshake is complete, so both keys are installed.
|
645
|
-
if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session
|
645
|
+
if (!tls1_configure_aead(ssl, evp_aead_seal, &key_block, session,
|
646
646
|
write_iv) ||
|
647
|
-
!tls1_configure_aead(ssl, evp_aead_open, &key_block, session
|
647
|
+
!tls1_configure_aead(ssl, evp_aead_open, &key_block, session,
|
648
648
|
read_iv)) {
|
649
649
|
return false;
|
650
650
|
}
|
@@ -441,7 +441,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
441
441
|
uint8_t finished[EVP_MAX_MD_SIZE];
|
442
442
|
size_t finished_len;
|
443
443
|
if (!hs->transcript.GetFinishedMAC(finished, &finished_len,
|
444
|
-
|
444
|
+
ssl_handshake_session(hs), !ssl->server) ||
|
445
445
|
!ssl_hash_message(hs, msg)) {
|
446
446
|
return ssl_hs_error;
|
447
447
|
}
|
@@ -484,7 +484,7 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
|
|
484
484
|
|
485
485
|
bool ssl_send_finished(SSL_HANDSHAKE *hs) {
|
486
486
|
SSL *const ssl = hs->ssl;
|
487
|
-
const SSL_SESSION *session =
|
487
|
+
const SSL_SESSION *session = ssl_handshake_session(hs);
|
488
488
|
|
489
489
|
uint8_t finished[EVP_MAX_MD_SIZE];
|
490
490
|
size_t finished_len;
|
@@ -541,6 +541,13 @@ bool ssl_output_cert_chain(SSL_HANDSHAKE *hs) {
|
|
541
541
|
return true;
|
542
542
|
}
|
543
543
|
|
544
|
+
const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs) {
|
545
|
+
if (hs->new_session) {
|
546
|
+
return hs->new_session.get();
|
547
|
+
}
|
548
|
+
return hs->ssl->session.get();
|
549
|
+
}
|
550
|
+
|
544
551
|
int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
|
545
552
|
SSL *const ssl = hs->ssl;
|
546
553
|
for (;;) {
|
@@ -1268,10 +1268,10 @@ static enum ssl_hs_wait_t do_send_client_key_exchange(SSL_HANDSHAKE *hs) {
|
|
1268
1268
|
uint32_t alg_k = hs->new_cipher->algorithm_mkey;
|
1269
1269
|
uint32_t alg_a = hs->new_cipher->algorithm_auth;
|
1270
1270
|
if (ssl_cipher_uses_certificate_auth(hs->new_cipher)) {
|
1271
|
-
CRYPTO_BUFFER *leaf =
|
1271
|
+
const CRYPTO_BUFFER *leaf =
|
1272
1272
|
sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0);
|
1273
1273
|
CBS leaf_cbs;
|
1274
|
-
|
1274
|
+
CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs);
|
1275
1275
|
|
1276
1276
|
// Check the key usage matches the cipher suite. We do this unconditionally
|
1277
1277
|
// for non-RSA certificates. In particular, it's needed to distinguish ECDH
|
@@ -1436,6 +1436,15 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) {
|
|
1436
1436
|
return ssl_hs_error;
|
1437
1437
|
}
|
1438
1438
|
|
1439
|
+
// The peer certificate must be valid for signing.
|
1440
|
+
const CRYPTO_BUFFER *leaf =
|
1441
|
+
sk_CRYPTO_BUFFER_value(hs->new_session->certs.get(), 0);
|
1442
|
+
CBS leaf_cbs;
|
1443
|
+
CRYPTO_BUFFER_init_CBS(leaf, &leaf_cbs);
|
1444
|
+
if (!ssl_cert_check_key_usage(&leaf_cbs, key_usage_digital_signature)) {
|
1445
|
+
return ssl_hs_error;
|
1446
|
+
}
|
1447
|
+
|
1439
1448
|
CBS certificate_verify = msg.body, signature;
|
1440
1449
|
|
1441
1450
|
// Determine the signature algorithm.
|
@@ -1650,6 +1650,10 @@ struct SSL_HANDSHAKE {
|
|
1650
1650
|
// advertise this extension to the client.
|
1651
1651
|
Array<uint16_t> peer_supported_group_list;
|
1652
1652
|
|
1653
|
+
// peer_delegated_credential_sigalgs are the signature algorithms the peer
|
1654
|
+
// supports with delegated credentials.
|
1655
|
+
Array<uint16_t> peer_delegated_credential_sigalgs;
|
1656
|
+
|
1653
1657
|
// peer_key is the peer's ECDH key for a TLS 1.2 client.
|
1654
1658
|
Array<uint8_t> peer_key;
|
1655
1659
|
|
@@ -1863,6 +1867,8 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs);
|
|
1863
1867
|
|
1864
1868
|
bool tls13_add_finished(SSL_HANDSHAKE *hs);
|
1865
1869
|
bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg);
|
1870
|
+
bssl::UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl,
|
1871
|
+
CBS *body);
|
1866
1872
|
|
1867
1873
|
bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
|
1868
1874
|
Array<uint8_t> *out_secret,
|
@@ -1938,6 +1944,11 @@ enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs);
|
|
1938
1944
|
bool ssl_send_finished(SSL_HANDSHAKE *hs);
|
1939
1945
|
bool ssl_output_cert_chain(SSL_HANDSHAKE *hs);
|
1940
1946
|
|
1947
|
+
// ssl_handshake_session returns the |SSL_SESSION| corresponding to the current
|
1948
|
+
// handshake. Note, in TLS 1.2 resumptions, this session is immutable.
|
1949
|
+
const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs);
|
1950
|
+
|
1951
|
+
|
1941
1952
|
// SSLKEYLOGFILE functions.
|
1942
1953
|
|
1943
1954
|
// ssl_log_secret logs |secret| with label |label|, if logging is enabled for
|
@@ -2740,11 +2751,6 @@ struct SSL_CONFIG {
|
|
2740
2751
|
bool jdk11_workaround : 1;
|
2741
2752
|
};
|
2742
2753
|
|
2743
|
-
// Computes a SHA-256 hash of the transport parameters and early data context
|
2744
|
-
// for QUIC, putting the hash in |SHA256_DIGEST_LENGTH| bytes at |hash_out|.
|
2745
|
-
bool compute_quic_early_data_hash(const SSL_CONFIG *config,
|
2746
|
-
uint8_t hash_out[SHA256_DIGEST_LENGTH]);
|
2747
|
-
|
2748
2754
|
// From RFC 8446, used in determining PSK modes.
|
2749
2755
|
#define SSL_PSK_DHE_KE 0x1
|
2750
2756
|
|
@@ -2924,13 +2930,14 @@ int dtls1_dispatch_alert(SSL *ssl);
|
|
2924
2930
|
// determined by |direction|) using the keys generated by the TLS KDF. The
|
2925
2931
|
// |key_block_cache| argument is used to store the generated key block, if
|
2926
2932
|
// empty. Otherwise it's assumed that the key block is already contained within
|
2927
|
-
// it.
|
2928
|
-
|
2929
|
-
|
2930
|
-
|
2931
|
-
|
2932
|
-
|
2933
|
-
|
2933
|
+
// it. It returns true on success or false on error.
|
2934
|
+
bool tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
2935
|
+
Array<uint8_t> *key_block_cache,
|
2936
|
+
const SSL_SESSION *session,
|
2937
|
+
Span<const uint8_t> iv_override);
|
2938
|
+
|
2939
|
+
bool tls1_change_cipher_state(SSL_HANDSHAKE *hs,
|
2940
|
+
evp_aead_direction_t direction);
|
2934
2941
|
int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out,
|
2935
2942
|
Span<const uint8_t> premaster);
|
2936
2943
|
|
@@ -3559,9 +3566,9 @@ struct ssl_session_st {
|
|
3559
3566
|
// is_quic indicates whether this session was created using QUIC.
|
3560
3567
|
bool is_quic : 1;
|
3561
3568
|
|
3562
|
-
//
|
3569
|
+
// quic_early_data_context is used to determine whether early data must be
|
3563
3570
|
// rejected when performing a QUIC handshake.
|
3564
|
-
bssl::Array<uint8_t>
|
3571
|
+
bssl::Array<uint8_t> quic_early_data_context;
|
3565
3572
|
|
3566
3573
|
private:
|
3567
3574
|
~ssl_session_st();
|
@@ -192,7 +192,7 @@ static const unsigned kEarlyALPNTag =
|
|
192
192
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26;
|
193
193
|
static const unsigned kIsQuicTag =
|
194
194
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27;
|
195
|
-
static const unsigned
|
195
|
+
static const unsigned kQuicEarlyDataContextTag =
|
196
196
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28;
|
197
197
|
|
198
198
|
static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
|
@@ -402,10 +402,10 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
|
|
402
402
|
}
|
403
403
|
}
|
404
404
|
|
405
|
-
if (!in->
|
406
|
-
if (!CBB_add_asn1(&session, &child,
|
407
|
-
!CBB_add_asn1_octet_string(&child, in->
|
408
|
-
in->
|
405
|
+
if (!in->quic_early_data_context.empty()) {
|
406
|
+
if (!CBB_add_asn1(&session, &child, kQuicEarlyDataContextTag) ||
|
407
|
+
!CBB_add_asn1_octet_string(&child, in->quic_early_data_context.data(),
|
408
|
+
in->quic_early_data_context.size())) {
|
409
409
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
410
410
|
return 0;
|
411
411
|
}
|
@@ -752,8 +752,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
|
|
752
752
|
kEarlyALPNTag) ||
|
753
753
|
!CBS_get_optional_asn1_bool(&session, &is_quic, kIsQuicTag,
|
754
754
|
/*default_value=*/false) ||
|
755
|
-
!SSL_SESSION_parse_octet_string(&session, &ret->
|
756
|
-
|
755
|
+
!SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_context,
|
756
|
+
kQuicEarlyDataContextTag) ||
|
757
757
|
CBS_len(&session) != 0) {
|
758
758
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
759
759
|
return nullptr;
|
@@ -821,16 +821,13 @@ static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) {
|
|
821
821
|
}
|
822
822
|
|
823
823
|
// Check that the DC signature algorithm is supported by the peer.
|
824
|
-
Span<const uint16_t> peer_sigalgs =
|
825
|
-
bool sigalg_found = false;
|
824
|
+
Span<const uint16_t> peer_sigalgs = hs->peer_delegated_credential_sigalgs;
|
826
825
|
for (uint16_t peer_sigalg : peer_sigalgs) {
|
827
826
|
if (dc->expected_cert_verify_algorithm == peer_sigalg) {
|
828
|
-
|
829
|
-
break;
|
827
|
+
return true;
|
830
828
|
}
|
831
829
|
}
|
832
|
-
|
833
|
-
return sigalg_found;
|
830
|
+
return false;
|
834
831
|
}
|
835
832
|
|
836
833
|
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) {
|
@@ -2360,6 +2360,16 @@ size_t SSL_get0_peer_verify_algorithms(const SSL *ssl,
|
|
2360
2360
|
return sigalgs.size();
|
2361
2361
|
}
|
2362
2362
|
|
2363
|
+
size_t SSL_get0_peer_delegation_algorithms(const SSL *ssl,
|
2364
|
+
const uint16_t **out_sigalgs){
|
2365
|
+
Span<const uint16_t> sigalgs;
|
2366
|
+
if (ssl->s3->hs != nullptr) {
|
2367
|
+
sigalgs = ssl->s3->hs->peer_delegated_credential_sigalgs;
|
2368
|
+
}
|
2369
|
+
*out_sigalgs = sigalgs.data();
|
2370
|
+
return sigalgs.size();
|
2371
|
+
}
|
2372
|
+
|
2363
2373
|
EVP_PKEY *SSL_get_privatekey(const SSL *ssl) {
|
2364
2374
|
if (!ssl->config) {
|
2365
2375
|
assert(ssl->config);
|
@@ -2968,6 +2978,34 @@ void SSL_CTX_set_ticket_aead_method(SSL_CTX *ctx,
|
|
2968
2978
|
ctx->ticket_aead_method = aead_method;
|
2969
2979
|
}
|
2970
2980
|
|
2981
|
+
SSL_SESSION *SSL_process_tls13_new_session_ticket(SSL *ssl, const uint8_t *buf,
|
2982
|
+
size_t buf_len) {
|
2983
|
+
if (SSL_in_init(ssl) ||
|
2984
|
+
ssl_protocol_version(ssl) != TLS1_3_VERSION ||
|
2985
|
+
ssl->server) {
|
2986
|
+
// Only TLS 1.3 clients are supported.
|
2987
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
2988
|
+
return nullptr;
|
2989
|
+
}
|
2990
|
+
|
2991
|
+
CBS cbs, body;
|
2992
|
+
CBS_init(&cbs, buf, buf_len);
|
2993
|
+
uint8_t type;
|
2994
|
+
if (!CBS_get_u8(&cbs, &type) ||
|
2995
|
+
!CBS_get_u24_length_prefixed(&cbs, &body) ||
|
2996
|
+
CBS_len(&cbs) != 0) {
|
2997
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
2998
|
+
return nullptr;
|
2999
|
+
}
|
3000
|
+
|
3001
|
+
UniquePtr<SSL_SESSION> session = tls13_create_session_with_ticket(ssl, &body);
|
3002
|
+
if (!session) {
|
3003
|
+
// |tls13_create_session_with_ticket| puts the correct error.
|
3004
|
+
return nullptr;
|
3005
|
+
}
|
3006
|
+
return session.release();
|
3007
|
+
}
|
3008
|
+
|
2971
3009
|
int SSL_set_tlsext_status_type(SSL *ssl, int type) {
|
2972
3010
|
if (!ssl->config) {
|
2973
3011
|
return 0;
|
@@ -269,8 +269,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
269
269
|
return nullptr;
|
270
270
|
}
|
271
271
|
|
272
|
-
if (!new_session->
|
273
|
-
session->
|
272
|
+
if (!new_session->quic_early_data_context.CopyFrom(
|
273
|
+
session->quic_early_data_context)) {
|
274
274
|
return nullptr;
|
275
275
|
}
|
276
276
|
}
|
@@ -349,25 +349,6 @@ const EVP_MD *ssl_session_get_digest(const SSL_SESSION *session) {
|
|
349
349
|
session->cipher);
|
350
350
|
}
|
351
351
|
|
352
|
-
bool compute_quic_early_data_hash(const SSL_CONFIG *config,
|
353
|
-
uint8_t hash_out[SHA256_DIGEST_LENGTH]) {
|
354
|
-
ScopedEVP_MD_CTX hash_ctx;
|
355
|
-
uint32_t transport_param_len = config->quic_transport_params.size();
|
356
|
-
uint32_t context_len = config->quic_early_data_context.size();
|
357
|
-
if (!EVP_DigestInit(hash_ctx.get(), EVP_sha256()) ||
|
358
|
-
!EVP_DigestUpdate(hash_ctx.get(), &transport_param_len,
|
359
|
-
sizeof(transport_param_len)) ||
|
360
|
-
!EVP_DigestUpdate(hash_ctx.get(), config->quic_transport_params.data(),
|
361
|
-
config->quic_transport_params.size()) ||
|
362
|
-
!EVP_DigestUpdate(hash_ctx.get(), &context_len, sizeof(context_len)) ||
|
363
|
-
!EVP_DigestUpdate(hash_ctx.get(), config->quic_early_data_context.data(),
|
364
|
-
config->quic_early_data_context.size()) ||
|
365
|
-
!EVP_DigestFinal(hash_ctx.get(), hash_out, nullptr)) {
|
366
|
-
return false;
|
367
|
-
}
|
368
|
-
return true;
|
369
|
-
}
|
370
|
-
|
371
352
|
int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
372
353
|
SSL *const ssl = hs->ssl;
|
373
354
|
if (ssl->mode & SSL_MODE_NO_SESSION_CREATION) {
|
@@ -384,9 +365,8 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
384
365
|
session->ssl_version = ssl->version;
|
385
366
|
session->is_quic = ssl->quic_method != nullptr;
|
386
367
|
if (is_server && ssl->enable_early_data && session->is_quic) {
|
387
|
-
if (!session->
|
388
|
-
|
389
|
-
session->quic_early_data_hash.data())) {
|
368
|
+
if (!session->quic_early_data_context.CopyFrom(
|
369
|
+
hs->config->quic_early_data_context)) {
|
390
370
|
return 0;
|
391
371
|
}
|
392
372
|
}
|
@@ -193,11 +193,11 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version,
|
|
193
193
|
min_version = TLS1_3_VERSION;
|
194
194
|
}
|
195
195
|
|
196
|
-
//
|
197
|
-
//
|
198
|
-
//
|
199
|
-
//
|
200
|
-
//
|
196
|
+
// The |SSL_OP_NO_*| flags disable individual protocols. This has two
|
197
|
+
// problems. First, prior to TLS 1.3, the protocol can only express a
|
198
|
+
// contiguous range of versions. Second, a library consumer trying to set a
|
199
|
+
// maximum version cannot disable protocol versions that get added in a future
|
200
|
+
// version of the library.
|
201
201
|
//
|
202
202
|
// To account for both of these, OpenSSL interprets the client-side bitmask
|
203
203
|
// as a min/max range by picking the lowest contiguous non-empty range of
|
@@ -189,21 +189,36 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len,
|
|
189
189
|
return true;
|
190
190
|
}
|
191
191
|
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
192
|
+
static bool generate_key_block(const SSL *ssl, Span<uint8_t> out,
|
193
|
+
const SSL_SESSION *session) {
|
194
|
+
auto master_key =
|
195
|
+
MakeConstSpan(session->master_key, session->master_key_length);
|
196
|
+
static const char kLabel[] = "key expansion";
|
197
|
+
auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1);
|
198
|
+
|
199
|
+
const EVP_MD *digest = ssl_session_get_digest(session);
|
200
|
+
// Note this function assumes that |session|'s key material corresponds to
|
201
|
+
// |ssl->s3->client_random| and |ssl->s3->server_random|.
|
202
|
+
return tls1_prf(digest, out, master_key, label, ssl->s3->server_random,
|
203
|
+
ssl->s3->client_random);
|
204
|
+
}
|
205
|
+
|
206
|
+
bool tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
207
|
+
Array<uint8_t> *key_block_cache,
|
208
|
+
const SSL_SESSION *session,
|
209
|
+
Span<const uint8_t> iv_override) {
|
196
210
|
size_t mac_secret_len, key_len, iv_len;
|
197
|
-
if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len,
|
198
|
-
|
211
|
+
if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &iv_len,
|
212
|
+
session->cipher)) {
|
213
|
+
return false;
|
199
214
|
}
|
200
215
|
|
201
216
|
// Ensure that |key_block_cache| is set up.
|
202
217
|
const size_t key_block_size = 2 * (mac_secret_len + key_len + iv_len);
|
203
218
|
if (key_block_cache->empty()) {
|
204
219
|
if (!key_block_cache->Init(key_block_size) ||
|
205
|
-
!
|
206
|
-
return
|
220
|
+
!generate_key_block(ssl, MakeSpan(*key_block_cache), session)) {
|
221
|
+
return false;
|
207
222
|
}
|
208
223
|
}
|
209
224
|
assert(key_block_cache->size() == key_block_size);
|
@@ -224,15 +239,16 @@ int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
|
224
239
|
|
225
240
|
if (!iv_override.empty()) {
|
226
241
|
if (iv_override.size() != iv_len) {
|
227
|
-
return
|
242
|
+
return false;
|
228
243
|
}
|
229
244
|
iv = iv_override;
|
230
245
|
}
|
231
246
|
|
232
|
-
UniquePtr<SSLAEADContext> aead_ctx =
|
233
|
-
direction, ssl->version, SSL_is_dtls(ssl),
|
247
|
+
UniquePtr<SSLAEADContext> aead_ctx =
|
248
|
+
SSLAEADContext::Create(direction, ssl->version, SSL_is_dtls(ssl),
|
249
|
+
session->cipher, key, mac_secret, iv);
|
234
250
|
if (!aead_ctx) {
|
235
|
-
return
|
251
|
+
return false;
|
236
252
|
}
|
237
253
|
|
238
254
|
if (direction == evp_aead_open) {
|
@@ -246,10 +262,10 @@ int tls1_configure_aead(SSL *ssl, evp_aead_direction_t direction,
|
|
246
262
|
/*secret_for_quic=*/{});
|
247
263
|
}
|
248
264
|
|
249
|
-
|
250
|
-
|
265
|
+
bool tls1_change_cipher_state(SSL_HANDSHAKE *hs,
|
266
|
+
evp_aead_direction_t direction) {
|
251
267
|
return tls1_configure_aead(hs->ssl, direction, &hs->key_block,
|
252
|
-
hs
|
268
|
+
ssl_handshake_session(hs), {});
|
253
269
|
}
|
254
270
|
|
255
271
|
int tls1_generate_master_secret(SSL_HANDSHAKE *hs, uint8_t *out,
|
@@ -286,6 +302,11 @@ BSSL_NAMESPACE_END
|
|
286
302
|
using namespace bssl;
|
287
303
|
|
288
304
|
size_t SSL_get_key_block_len(const SSL *ssl) {
|
305
|
+
// See |SSL_generate_key_block|.
|
306
|
+
if (SSL_in_init(ssl)) {
|
307
|
+
return 0;
|
308
|
+
}
|
309
|
+
|
289
310
|
size_t mac_secret_len, key_len, fixed_iv_len;
|
290
311
|
if (!get_key_block_lengths(ssl, &mac_secret_len, &key_len, &fixed_iv_len,
|
291
312
|
SSL_get_current_cipher(ssl))) {
|
@@ -297,16 +318,16 @@ size_t SSL_get_key_block_len(const SSL *ssl) {
|
|
297
318
|
}
|
298
319
|
|
299
320
|
int SSL_generate_key_block(const SSL *ssl, uint8_t *out, size_t out_len) {
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
321
|
+
// Which cipher state to use is ambiguous during a handshake. In particular,
|
322
|
+
// there are points where read and write states are from different epochs.
|
323
|
+
// During a handshake, before ChangeCipherSpec, the encryption states may not
|
324
|
+
// match |ssl->s3->client_random| and |ssl->s3->server_random|.
|
325
|
+
if (SSL_in_init(ssl)) {
|
326
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
327
|
+
return 0;
|
328
|
+
}
|
306
329
|
|
307
|
-
|
308
|
-
return tls1_prf(digest, out_span, master_key, label, ssl->s3->server_random,
|
309
|
-
ssl->s3->client_random);
|
330
|
+
return generate_key_block(ssl, MakeSpan(out, out_len), SSL_get_session(ssl));
|
310
331
|
}
|
311
332
|
|
312
333
|
int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
|