grpc 1.31.1 → 1.35.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (1104) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +719 -17819
  3. data/etc/roots.pem +257 -573
  4. data/include/grpc/compression.h +1 -1
  5. data/include/grpc/grpc.h +15 -7
  6. data/include/grpc/grpc_security.h +254 -186
  7. data/include/grpc/impl/codegen/README.md +22 -0
  8. data/include/grpc/impl/codegen/atm_windows.h +4 -0
  9. data/include/grpc/impl/codegen/byte_buffer.h +1 -1
  10. data/include/grpc/impl/codegen/grpc_types.h +10 -8
  11. data/include/grpc/impl/codegen/log.h +0 -2
  12. data/include/grpc/impl/codegen/port_platform.h +28 -56
  13. data/include/grpc/impl/codegen/sync_windows.h +4 -0
  14. data/include/grpc/slice_buffer.h +3 -3
  15. data/include/grpc/support/sync.h +3 -3
  16. data/include/grpc/support/time.h +7 -7
  17. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
  18. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
  19. data/src/core/ext/filters/client_channel/client_channel.cc +2831 -1540
  20. data/src/core/ext/filters/client_channel/client_channel.h +1 -5
  21. data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
  22. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
  23. data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
  24. data/src/core/ext/filters/client_channel/config_selector.h +40 -8
  25. data/src/core/ext/filters/client_channel/dynamic_filters.cc +186 -0
  26. data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
  27. data/src/core/ext/filters/client_channel/health/health_check_client.cc +16 -8
  28. data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -4
  29. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +7 -9
  30. data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
  31. data/src/core/ext/filters/client_channel/lb_policy.cc +6 -2
  32. data/src/core/ext/filters/client_channel/lb_policy.h +8 -7
  33. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
  34. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
  35. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -7
  36. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
  37. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +210 -192
  38. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
  39. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
  40. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
  41. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
  42. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
  43. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
  44. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +23 -17
  45. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +79 -30
  46. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -9
  47. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +14 -34
  48. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +26 -15
  49. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +350 -130
  50. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
  51. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +24 -0
  52. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +812 -0
  53. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +722 -0
  54. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1262 -0
  55. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
  56. data/src/core/ext/filters/client_channel/resolver.cc +3 -1
  57. data/src/core/ext/filters/client_channel/resolver.h +4 -1
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +9 -16
  59. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
  60. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +3 -3
  61. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +457 -19
  62. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
  63. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  64. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  65. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +7 -10
  66. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +4 -4
  67. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
  68. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +35 -28
  69. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +664 -63
  70. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
  71. data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
  72. data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
  73. data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
  74. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +29 -74
  75. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +12 -11
  76. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
  77. data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
  78. data/src/core/ext/filters/client_channel/server_address.cc +120 -7
  79. data/src/core/ext/filters/client_channel/server_address.h +44 -21
  80. data/src/core/ext/filters/client_channel/service_config.cc +18 -13
  81. data/src/core/ext/filters/client_channel/service_config.h +8 -5
  82. data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
  83. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
  84. data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
  85. data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
  86. data/src/core/ext/filters/client_channel/subchannel.cc +115 -87
  87. data/src/core/ext/filters/client_channel/subchannel.h +30 -24
  88. data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
  89. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
  90. data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
  91. data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
  92. data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
  93. data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
  94. data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
  95. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
  96. data/src/core/ext/filters/max_age/max_age_filter.cc +3 -2
  97. data/src/core/ext/filters/message_size/message_size_filter.cc +3 -2
  98. data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
  99. data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
  100. data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
  101. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
  102. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +19 -2
  103. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +20 -8
  104. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
  105. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +34 -47
  106. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +200 -100
  107. data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -1
  108. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -2
  109. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +16 -9
  110. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -2
  111. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
  112. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +267 -319
  113. data/src/core/ext/transport/chttp2/transport/flow_control.cc +11 -3
  114. data/src/core/ext/transport/chttp2/transport/flow_control.h +13 -3
  115. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
  116. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -2
  117. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
  118. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
  119. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
  120. data/src/core/ext/transport/chttp2/transport/internal.h +10 -2
  121. data/src/core/ext/transport/chttp2/transport/parsing.cc +19 -31
  122. data/src/core/ext/transport/chttp2/transport/writing.cc +8 -8
  123. data/src/core/ext/transport/inproc/inproc_transport.cc +52 -18
  124. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
  125. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
  126. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
  127. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +244 -0
  128. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +865 -0
  129. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
  130. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +253 -0
  131. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +458 -0
  132. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1818 -0
  133. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +35 -0
  134. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +77 -0
  135. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +55 -0
  136. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +349 -0
  137. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +124 -0
  138. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +428 -0
  139. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +35 -0
  140. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +88 -0
  141. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +310 -0
  142. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +991 -0
  143. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +103 -0
  144. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +388 -0
  145. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
  146. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +78 -0
  147. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
  148. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +149 -0
  149. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +241 -0
  150. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +839 -0
  151. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
  152. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +752 -0
  153. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +36 -0
  154. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +88 -0
  155. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +176 -0
  156. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +730 -0
  157. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
  158. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +65 -0
  159. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +8 -8
  160. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +95 -0
  161. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
  162. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +92 -0
  163. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
  164. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +243 -0
  165. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
  166. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +305 -0
  167. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
  168. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +367 -0
  169. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +33 -0
  170. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +73 -0
  171. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +128 -0
  172. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +512 -0
  173. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +155 -0
  174. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +591 -0
  175. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
  176. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +107 -0
  177. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +178 -0
  178. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +662 -0
  179. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
  180. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +220 -0
  181. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +900 -0
  182. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +3640 -0
  183. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +60 -0
  184. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +159 -0
  185. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
  186. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +122 -0
  187. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +364 -0
  188. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1475 -0
  189. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
  190. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +35 -0
  191. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +110 -0
  192. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +426 -0
  193. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +76 -0
  194. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +236 -0
  195. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +147 -0
  196. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +621 -0
  197. data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +6 -7
  198. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +56 -0
  199. data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +6 -5
  200. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +56 -0
  201. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +139 -0
  202. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +487 -0
  203. data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +6 -7
  204. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +56 -0
  205. data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +6 -7
  206. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +56 -0
  207. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
  208. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +151 -0
  209. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +6 -7
  210. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +56 -0
  211. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +6 -7
  212. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +56 -0
  213. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
  214. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +128 -0
  215. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
  216. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +84 -0
  217. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
  218. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +78 -0
  219. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
  220. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +166 -0
  221. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +54 -0
  222. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +146 -0
  223. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
  224. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +207 -0
  225. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
  226. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +301 -0
  227. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
  228. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +283 -0
  229. data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
  230. data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +9 -8
  231. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +40 -0
  232. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +99 -0
  233. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +51 -0
  234. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +130 -0
  235. data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +7 -6
  236. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +68 -0
  237. data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
  238. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
  239. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +830 -0
  240. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
  241. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +842 -0
  242. data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
  243. data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
  244. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
  245. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
  246. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +103 -103
  247. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
  248. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
  249. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
  250. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
  251. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
  252. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
  253. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +23 -4
  254. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
  255. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
  256. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
  257. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
  258. data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
  259. data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
  260. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
  261. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
  262. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
  263. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
  264. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
  265. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
  266. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
  267. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
  268. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
  269. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
  270. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
  271. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
  272. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
  273. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +64 -0
  274. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
  275. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
  276. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
  277. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
  278. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +60 -0
  279. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
  280. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +60 -0
  281. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
  282. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +143 -0
  283. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
  284. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +84 -0
  285. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
  286. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +94 -0
  287. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
  288. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +173 -0
  289. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
  290. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +92 -0
  291. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
  292. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
  293. data/src/core/ext/upb-generated/validate/validate.upb.c +68 -68
  294. data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
  295. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
  296. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
  297. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
  298. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
  299. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
  300. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
  301. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
  302. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
  303. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
  304. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
  305. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
  306. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
  307. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
  308. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
  309. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
  310. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
  311. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
  312. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
  313. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
  314. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
  315. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
  316. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
  317. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
  318. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
  319. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
  320. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
  321. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
  322. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
  323. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
  324. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
  325. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
  326. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
  327. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
  328. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
  329. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
  330. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
  331. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
  332. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
  333. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
  334. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
  335. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
  336. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
  337. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
  338. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
  339. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
  340. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
  341. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
  342. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
  343. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
  344. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
  345. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
  346. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
  347. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
  348. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
  349. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
  350. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
  351. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
  352. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
  353. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
  354. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
  355. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
  356. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
  357. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
  358. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
  359. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
  360. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
  361. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
  362. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
  363. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
  364. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
  365. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
  366. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
  367. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
  368. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
  369. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
  370. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
  371. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
  372. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
  373. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
  374. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
  375. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
  376. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
  377. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
  378. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
  379. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
  380. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
  381. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
  382. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
  383. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
  384. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
  385. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
  386. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
  387. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
  388. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
  389. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
  390. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
  391. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
  392. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
  393. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
  394. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
  395. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
  396. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
  397. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
  398. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
  399. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
  400. data/src/core/ext/{upb-generated/gogoproto/gogo.upb.h → upbdefs-generated/envoy/type/v3/http.upbdefs.h} +10 -9
  401. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
  402. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
  403. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
  404. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
  405. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
  406. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
  407. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
  408. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
  409. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
  410. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
  411. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +38 -0
  412. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
  413. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
  414. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
  415. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +39 -0
  416. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
  417. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
  418. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
  419. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
  420. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
  421. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +39 -0
  422. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
  423. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
  424. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
  425. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
  426. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
  427. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
  428. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
  429. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
  430. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
  431. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
  432. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
  433. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
  434. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
  435. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
  436. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
  437. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
  438. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
  439. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
  440. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
  441. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
  442. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
  443. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
  444. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
  445. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
  446. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
  447. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
  448. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
  449. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
  450. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
  451. data/src/core/ext/xds/certificate_provider_factory.h +61 -0
  452. data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
  453. data/src/core/ext/xds/certificate_provider_registry.h +57 -0
  454. data/src/core/ext/xds/certificate_provider_store.cc +87 -0
  455. data/src/core/ext/xds/certificate_provider_store.h +112 -0
  456. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
  457. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
  458. data/src/core/ext/xds/xds_api.cc +2308 -0
  459. data/src/core/ext/xds/xds_api.h +469 -0
  460. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +208 -19
  461. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +31 -11
  462. data/src/core/ext/xds/xds_certificate_provider.cc +299 -0
  463. data/src/core/ext/xds/xds_certificate_provider.h +112 -0
  464. data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +9 -6
  465. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +656 -865
  466. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +126 -99
  467. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +61 -18
  468. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +38 -10
  469. data/src/core/ext/xds/xds_server_config_fetcher.cc +131 -0
  470. data/src/core/lib/channel/channel_args.cc +9 -8
  471. data/src/core/lib/channel/channel_args.h +0 -1
  472. data/src/core/lib/channel/channel_trace.cc +4 -2
  473. data/src/core/lib/channel/channel_trace.h +1 -1
  474. data/src/core/lib/channel/channelz.cc +37 -74
  475. data/src/core/lib/channel/channelz.h +14 -23
  476. data/src/core/lib/channel/channelz_registry.cc +15 -12
  477. data/src/core/lib/channel/channelz_registry.h +3 -1
  478. data/src/core/lib/channel/handshaker.cc +2 -2
  479. data/src/core/lib/channel/handshaker.h +2 -2
  480. data/src/core/lib/compression/compression.cc +8 -4
  481. data/src/core/lib/compression/compression_args.cc +3 -2
  482. data/src/core/lib/compression/compression_internal.cc +10 -5
  483. data/src/core/lib/compression/compression_internal.h +2 -1
  484. data/src/core/lib/compression/stream_compression_identity.cc +1 -3
  485. data/src/core/lib/debug/stats.h +2 -2
  486. data/src/core/lib/debug/stats_data.cc +1 -0
  487. data/src/core/lib/debug/stats_data.h +13 -13
  488. data/src/core/lib/gpr/alloc.cc +3 -2
  489. data/src/core/lib/gpr/cpu_iphone.cc +10 -2
  490. data/src/core/lib/gpr/log.cc +53 -16
  491. data/src/core/lib/gpr/log_linux.cc +19 -3
  492. data/src/core/lib/gpr/log_posix.cc +15 -1
  493. data/src/core/lib/gpr/log_windows.cc +18 -4
  494. data/src/core/lib/gpr/murmur_hash.cc +1 -1
  495. data/src/core/lib/gpr/spinlock.h +10 -2
  496. data/src/core/lib/gpr/string.cc +23 -22
  497. data/src/core/lib/gpr/string.h +5 -6
  498. data/src/core/lib/gpr/sync.cc +4 -4
  499. data/src/core/lib/gpr/sync_posix.cc +2 -8
  500. data/src/core/lib/gpr/time.cc +12 -12
  501. data/src/core/lib/gpr/time_precise.cc +5 -2
  502. data/src/core/lib/gpr/time_precise.h +6 -2
  503. data/src/core/lib/gpr/tls.h +4 -0
  504. data/src/core/lib/gpr/tls_msvc.h +2 -0
  505. data/src/core/lib/gpr/tls_stdcpp.h +48 -0
  506. data/src/core/lib/gpr/useful.h +5 -4
  507. data/src/core/lib/gprpp/arena.h +3 -2
  508. data/src/core/lib/gprpp/dual_ref_counted.h +331 -0
  509. data/src/core/lib/gprpp/examine_stack.cc +43 -0
  510. data/src/core/lib/gprpp/examine_stack.h +46 -0
  511. data/src/core/lib/gprpp/fork.cc +2 -2
  512. data/src/core/lib/gprpp/manual_constructor.h +1 -1
  513. data/src/core/lib/gprpp/orphanable.h +4 -8
  514. data/src/core/lib/gprpp/ref_counted.h +91 -68
  515. data/src/core/lib/gprpp/ref_counted_ptr.h +166 -7
  516. data/src/core/lib/gprpp/stat.h +38 -0
  517. data/src/core/lib/gprpp/stat_posix.cc +49 -0
  518. data/src/core/lib/gprpp/stat_windows.cc +48 -0
  519. data/src/core/lib/gprpp/thd.h +2 -2
  520. data/src/core/lib/gprpp/thd_posix.cc +42 -37
  521. data/src/core/lib/gprpp/thd_windows.cc +3 -1
  522. data/src/core/lib/http/httpcli.cc +1 -1
  523. data/src/core/lib/http/httpcli.h +2 -3
  524. data/src/core/lib/http/httpcli_security_connector.cc +1 -1
  525. data/src/core/lib/http/parser.cc +47 -27
  526. data/src/core/lib/iomgr/call_combiner.cc +8 -5
  527. data/src/core/lib/iomgr/combiner.cc +2 -1
  528. data/src/core/lib/iomgr/endpoint.cc +5 -1
  529. data/src/core/lib/iomgr/endpoint.h +8 -4
  530. data/src/core/lib/iomgr/endpoint_cfstream.cc +36 -11
  531. data/src/core/lib/iomgr/error.cc +17 -12
  532. data/src/core/lib/iomgr/error_internal.h +1 -1
  533. data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -13
  534. data/src/core/lib/iomgr/ev_epollex_linux.cc +25 -17
  535. data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
  536. data/src/core/lib/iomgr/ev_posix.cc +0 -2
  537. data/src/core/lib/iomgr/exec_ctx.cc +1 -1
  538. data/src/core/lib/iomgr/exec_ctx.h +16 -12
  539. data/src/core/lib/iomgr/executor.cc +2 -1
  540. data/src/core/lib/iomgr/executor.h +1 -1
  541. data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
  542. data/src/core/lib/iomgr/executor/threadpool.h +4 -4
  543. data/src/core/lib/iomgr/iomgr.cc +1 -11
  544. data/src/core/lib/iomgr/iomgr.h +0 -10
  545. data/src/core/lib/iomgr/load_file.h +1 -1
  546. data/src/core/lib/iomgr/lockfree_event.cc +19 -14
  547. data/src/core/lib/iomgr/lockfree_event.h +2 -2
  548. data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +128 -44
  549. data/src/core/lib/iomgr/parse_address.h +77 -0
  550. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
  551. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
  552. data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
  553. data/src/core/lib/iomgr/python_util.h +4 -4
  554. data/src/core/lib/iomgr/resolve_address.cc +4 -4
  555. data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
  556. data/src/core/lib/iomgr/resource_quota.cc +4 -4
  557. data/src/core/lib/iomgr/sockaddr_utils.cc +12 -11
  558. data/src/core/lib/iomgr/sockaddr_utils.h +3 -2
  559. data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
  560. data/src/core/lib/iomgr/socket_mutator.cc +3 -2
  561. data/src/core/lib/iomgr/tcp_client.cc +3 -3
  562. data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
  563. data/src/core/lib/iomgr/tcp_custom.cc +53 -32
  564. data/src/core/lib/iomgr/tcp_posix.cc +43 -21
  565. data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
  566. data/src/core/lib/iomgr/tcp_windows.cc +26 -10
  567. data/src/core/lib/iomgr/timer_custom.cc +5 -5
  568. data/src/core/lib/iomgr/timer_generic.cc +3 -3
  569. data/src/core/lib/iomgr/timer_manager.cc +2 -2
  570. data/src/core/lib/iomgr/udp_server.cc +1 -2
  571. data/src/core/lib/iomgr/udp_server.h +1 -2
  572. data/src/core/lib/iomgr/unix_sockets_posix.cc +32 -21
  573. data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
  574. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
  575. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
  576. data/src/core/lib/json/json.h +12 -2
  577. data/src/core/lib/json/json_reader.cc +8 -4
  578. data/src/core/lib/json/json_util.cc +58 -0
  579. data/src/core/lib/json/json_util.h +204 -0
  580. data/src/core/lib/json/json_writer.cc +2 -1
  581. data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
  582. data/src/core/lib/security/authorization/authorization_engine.h +84 -0
  583. data/src/core/lib/security/authorization/evaluate_args.cc +148 -0
  584. data/src/core/lib/security/authorization/evaluate_args.h +59 -0
  585. data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
  586. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +44 -0
  587. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +69 -0
  588. data/src/core/lib/security/authorization/mock_cel/cel_value.h +97 -0
  589. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
  590. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +57 -0
  591. data/src/core/lib/security/context/security_context.cc +4 -3
  592. data/src/core/lib/security/context/security_context.h +3 -1
  593. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  594. data/src/core/lib/security/credentials/credentials.cc +7 -7
  595. data/src/core/lib/security/credentials/credentials.h +3 -3
  596. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
  597. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
  598. data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
  599. data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
  600. data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
  601. data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
  602. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
  603. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
  604. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
  605. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
  606. data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -1
  607. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +74 -50
  608. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
  609. data/src/core/lib/security/credentials/jwt/json_token.cc +6 -3
  610. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
  611. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +8 -4
  612. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +39 -46
  613. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
  614. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
  615. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +5 -5
  616. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
  617. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +346 -0
  618. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +213 -0
  619. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
  620. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
  621. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -150
  622. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +57 -187
  623. data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
  624. data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
  625. data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
  626. data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
  627. data/src/core/lib/security/credentials/xds/xds_credentials.cc +175 -0
  628. data/src/core/lib/security/credentials/xds/xds_credentials.h +69 -0
  629. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
  630. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +10 -15
  631. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
  632. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
  633. data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
  634. data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
  635. data/src/core/lib/security/security_connector/local/local_security_connector.cc +3 -3
  636. data/src/core/lib/security/security_connector/security_connector.cc +4 -3
  637. data/src/core/lib/security/security_connector/security_connector.h +4 -2
  638. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
  639. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
  640. data/src/core/lib/security/security_connector/ssl_utils.h +19 -19
  641. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +342 -279
  642. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +105 -61
  643. data/src/core/lib/security/transport/secure_endpoint.cc +9 -3
  644. data/src/core/lib/security/transport/security_handshaker.cc +3 -3
  645. data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
  646. data/src/core/lib/security/util/json_util.h +1 -0
  647. data/src/core/lib/slice/slice.cc +7 -4
  648. data/src/core/lib/slice/slice_buffer.cc +2 -1
  649. data/src/core/lib/slice/slice_intern.cc +6 -7
  650. data/src/core/lib/slice/slice_internal.h +2 -2
  651. data/src/core/lib/surface/call.cc +53 -44
  652. data/src/core/lib/surface/call.h +2 -1
  653. data/src/core/lib/surface/call_details.cc +8 -8
  654. data/src/core/lib/surface/channel.cc +53 -61
  655. data/src/core/lib/surface/channel.h +21 -5
  656. data/src/core/lib/surface/channel_init.cc +1 -1
  657. data/src/core/lib/surface/completion_queue.cc +38 -294
  658. data/src/core/lib/surface/completion_queue.h +16 -24
  659. data/src/core/lib/surface/init.cc +32 -16
  660. data/src/core/lib/surface/lame_client.cc +20 -46
  661. data/src/core/lib/surface/lame_client.h +4 -0
  662. data/src/core/lib/surface/server.cc +1107 -1239
  663. data/src/core/lib/surface/server.h +394 -86
  664. data/src/core/lib/surface/validate_metadata.h +3 -0
  665. data/src/core/lib/surface/version.cc +2 -2
  666. data/src/core/lib/transport/authority_override.cc +40 -0
  667. data/src/core/lib/transport/authority_override.h +37 -0
  668. data/src/core/lib/transport/bdp_estimator.cc +1 -1
  669. data/src/core/lib/transport/bdp_estimator.h +2 -1
  670. data/src/core/lib/transport/byte_stream.h +3 -3
  671. data/src/core/lib/transport/connectivity_state.cc +18 -13
  672. data/src/core/lib/transport/connectivity_state.h +26 -12
  673. data/src/core/lib/transport/error_utils.cc +13 -0
  674. data/src/core/lib/transport/error_utils.h +7 -1
  675. data/src/core/lib/transport/metadata.cc +11 -1
  676. data/src/core/lib/transport/metadata.h +2 -2
  677. data/src/core/lib/transport/metadata_batch.h +4 -4
  678. data/src/core/lib/transport/static_metadata.cc +296 -277
  679. data/src/core/lib/transport/static_metadata.h +80 -73
  680. data/src/core/lib/transport/status_metadata.cc +4 -3
  681. data/src/core/lib/transport/timeout_encoding.cc +4 -4
  682. data/src/core/lib/transport/transport.cc +5 -3
  683. data/src/core/lib/transport/transport.h +15 -8
  684. data/src/core/lib/uri/uri_parser.cc +131 -247
  685. data/src/core/lib/uri/uri_parser.h +58 -20
  686. data/src/core/plugin_registry/grpc_plugin_registry.cc +41 -20
  687. data/src/core/tsi/alts/crypt/gsec.cc +5 -4
  688. data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
  689. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  690. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +49 -26
  691. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
  692. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
  693. data/src/core/tsi/fake_transport_security.cc +6 -3
  694. data/src/core/tsi/local_transport_security.cc +5 -1
  695. data/src/core/tsi/local_transport_security.h +6 -7
  696. data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
  697. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  698. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
  699. data/src/core/tsi/ssl_transport_security.cc +81 -67
  700. data/src/core/tsi/ssl_transport_security.h +9 -6
  701. data/src/core/tsi/transport_security.cc +10 -8
  702. data/src/core/tsi/transport_security_interface.h +1 -1
  703. data/src/ruby/ext/grpc/extconf.rb +1 -1
  704. data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
  705. data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
  706. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +38 -18
  707. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +74 -44
  708. data/src/ruby/lib/grpc/version.rb +1 -1
  709. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +28 -0
  710. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
  711. data/src/ruby/spec/channel_credentials_spec.rb +10 -0
  712. data/src/ruby/spec/generic/active_call_spec.rb +19 -8
  713. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
  714. data/third_party/abseil-cpp/absl/algorithm/container.h +1764 -0
  715. data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
  716. data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
  717. data/third_party/abseil-cpp/absl/base/casts.h +9 -6
  718. data/third_party/abseil-cpp/absl/base/config.h +60 -17
  719. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
  720. data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
  721. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +166 -0
  722. data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
  723. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
  724. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
  725. data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
  726. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
  727. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
  728. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
  729. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
  730. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
  731. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
  732. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
  733. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
  734. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
  735. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
  736. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
  737. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
  738. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
  739. data/third_party/abseil-cpp/absl/base/macros.h +36 -109
  740. data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
  741. data/third_party/abseil-cpp/absl/base/options.h +31 -4
  742. data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
  743. data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
  744. data/third_party/abseil-cpp/absl/container/fixed_array.h +532 -0
  745. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
  746. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +504 -0
  747. data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
  748. data/third_party/abseil-cpp/absl/container/internal/common.h +206 -0
  749. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
  750. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +460 -0
  751. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +161 -0
  752. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +208 -0
  753. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
  754. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +270 -0
  755. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +321 -0
  756. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
  757. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +50 -0
  758. data/third_party/abseil-cpp/absl/container/internal/layout.h +743 -0
  759. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
  760. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
  761. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1903 -0
  762. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +139 -0
  763. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
  764. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1945 -0
  765. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
  766. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
  767. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
  768. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +196 -0
  769. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +134 -0
  770. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +89 -0
  771. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +108 -0
  772. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
  773. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
  774. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +93 -0
  775. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
  776. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +149 -0
  777. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +173 -0
  778. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
  779. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
  780. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
  781. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +36 -0
  782. data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
  783. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
  784. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1560 -0
  785. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
  786. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
  787. data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
  788. data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
  789. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
  790. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
  791. data/third_party/abseil-cpp/absl/hash/hash.h +325 -0
  792. data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
  793. data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
  794. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
  795. data/third_party/abseil-cpp/absl/hash/internal/hash.h +996 -0
  796. data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
  797. data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
  798. data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
  799. data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
  800. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
  801. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
  802. data/third_party/abseil-cpp/absl/status/status.cc +445 -0
  803. data/third_party/abseil-cpp/absl/status/status.h +817 -0
  804. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +38 -0
  805. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
  806. data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
  807. data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
  808. data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
  809. data/third_party/abseil-cpp/absl/strings/cord.cc +1998 -0
  810. data/third_party/abseil-cpp/absl/strings/cord.h +1276 -0
  811. data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
  812. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
  813. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
  814. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
  815. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  816. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +173 -0
  817. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
  818. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
  819. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
  820. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
  821. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
  822. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
  823. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
  824. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
  825. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
  826. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
  827. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
  828. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
  829. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
  830. data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
  831. data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
  832. data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
  833. data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
  834. data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
  835. data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
  836. data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
  837. data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
  838. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
  839. data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
  840. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
  841. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
  842. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
  843. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
  844. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
  845. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
  846. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
  847. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +249 -0
  848. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
  849. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
  850. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +492 -0
  851. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
  852. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2739 -0
  853. data/third_party/abseil-cpp/absl/synchronization/mutex.h +1065 -0
  854. data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
  855. data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
  856. data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
  857. data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
  858. data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
  859. data/third_party/abseil-cpp/absl/time/format.cc +43 -36
  860. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
  861. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
  862. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
  863. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
  864. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
  865. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
  866. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
  867. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
  868. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
  869. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
  870. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
  871. data/third_party/abseil-cpp/absl/time/time.h +15 -16
  872. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
  873. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
  874. data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
  875. data/third_party/abseil-cpp/absl/types/optional.h +9 -9
  876. data/third_party/abseil-cpp/absl/types/span.h +49 -36
  877. data/third_party/abseil-cpp/absl/types/variant.h +861 -0
  878. data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
  879. data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
  880. data/third_party/boringssl-with-bazel/err_data.c +479 -467
  881. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
  882. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
  883. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
  884. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
  885. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
  886. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
  887. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +16 -0
  888. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
  889. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
  890. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  891. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
  892. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
  893. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +56 -22
  894. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
  895. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +543 -0
  896. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +237 -0
  897. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +118 -49
  898. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +267 -95
  899. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +210 -34
  900. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
  901. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
  902. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +6 -4
  903. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
  904. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
  905. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
  906. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
  907. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
  908. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
  909. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
  910. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
  911. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
  912. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
  913. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
  914. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
  915. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
  916. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
  917. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
  918. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
  919. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
  920. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
  921. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
  922. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
  923. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
  924. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
  925. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
  926. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
  927. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
  928. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
  929. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
  930. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +54 -0
  931. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
  932. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -3
  933. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
  934. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
  935. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
  936. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
  937. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
  938. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
  939. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
  940. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
  941. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
  942. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +103 -10
  943. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +5 -2
  944. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +42 -14
  945. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +199 -78
  946. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +482 -432
  947. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
  948. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
  949. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
  950. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
  951. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
  952. data/third_party/boringssl-with-bazel/src/ssl/internal.h +49 -10
  953. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
  954. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
  955. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
  956. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +77 -0
  957. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
  958. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +250 -20
  959. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
  960. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +57 -19
  961. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +140 -41
  962. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
  963. data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
  964. data/third_party/upb/upb/decode.c +275 -145
  965. data/third_party/upb/upb/decode.h +20 -1
  966. data/third_party/upb/upb/decode.int.h +163 -0
  967. data/third_party/upb/upb/decode_fast.c +1040 -0
  968. data/third_party/upb/upb/decode_fast.h +126 -0
  969. data/third_party/upb/upb/def.c +2178 -0
  970. data/third_party/upb/upb/def.h +315 -0
  971. data/third_party/upb/upb/def.hpp +439 -0
  972. data/third_party/upb/upb/encode.c +229 -171
  973. data/third_party/upb/upb/encode.h +27 -2
  974. data/third_party/upb/upb/json_decode.c +1443 -0
  975. data/third_party/upb/upb/json_decode.h +23 -0
  976. data/third_party/upb/upb/json_encode.c +713 -0
  977. data/third_party/upb/upb/json_encode.h +36 -0
  978. data/third_party/upb/upb/msg.c +167 -88
  979. data/third_party/upb/upb/msg.h +175 -35
  980. data/third_party/upb/upb/port_def.inc +75 -62
  981. data/third_party/upb/upb/port_undef.inc +3 -7
  982. data/third_party/upb/upb/reflection.c +408 -0
  983. data/third_party/upb/upb/reflection.h +168 -0
  984. data/third_party/upb/upb/table.c +34 -208
  985. data/third_party/upb/upb/table.int.h +14 -14
  986. data/third_party/upb/upb/text_encode.c +421 -0
  987. data/third_party/upb/upb/text_encode.h +38 -0
  988. data/third_party/upb/upb/upb.c +33 -54
  989. data/third_party/upb/upb/upb.h +56 -1
  990. data/third_party/upb/upb/upb.hpp +6 -4
  991. data/third_party/upb/upb/upb.int.h +29 -0
  992. metadata +508 -172
  993. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -938
  994. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -528
  995. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1143
  996. data/src/core/ext/filters/client_channel/parse_address.h +0 -53
  997. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
  998. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
  999. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -353
  1000. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -142
  1001. data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -2110
  1002. data/src/core/ext/filters/client_channel/xds/xds_api.h +0 -345
  1003. data/src/core/ext/filters/client_channel/xds/xds_channel.h +0 -46
  1004. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +0 -106
  1005. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
  1006. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -34
  1007. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
  1008. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -429
  1009. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
  1010. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -198
  1011. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
  1012. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -388
  1013. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -52
  1014. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
  1015. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1453
  1016. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
  1017. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -226
  1018. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +0 -35
  1019. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
  1020. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +0 -55
  1021. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -323
  1022. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
  1023. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -334
  1024. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +0 -35
  1025. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -79
  1026. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
  1027. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -891
  1028. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
  1029. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -328
  1030. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
  1031. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -71
  1032. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
  1033. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -649
  1034. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
  1035. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -693
  1036. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +0 -36
  1037. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
  1038. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
  1039. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -536
  1040. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -88
  1041. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
  1042. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -386
  1043. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -52
  1044. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
  1045. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -224
  1046. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
  1047. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -32
  1048. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
  1049. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -273
  1050. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
  1051. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -332
  1052. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -52
  1053. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
  1054. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -415
  1055. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
  1056. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -32
  1057. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
  1058. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -538
  1059. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
  1060. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -111
  1061. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -52
  1062. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
  1063. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -204
  1064. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
  1065. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -32
  1066. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
  1067. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -2984
  1068. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
  1069. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -135
  1070. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -52
  1071. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
  1072. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -732
  1073. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
  1074. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1167
  1075. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +0 -33
  1076. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
  1077. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
  1078. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
  1079. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -49
  1080. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
  1081. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -136
  1082. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
  1083. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -145
  1084. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
  1085. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
  1086. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
  1087. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
  1088. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +0 -39
  1089. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -86
  1090. data/src/core/ext/upb-generated/envoy/type/range.upb.c +0 -50
  1091. data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -111
  1092. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -61
  1093. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
  1094. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -250
  1095. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
  1096. data/src/core/lib/gprpp/map.h +0 -53
  1097. data/src/core/lib/security/transport/target_authority_table.cc +0 -75
  1098. data/src/core/lib/security/transport/target_authority_table.h +0 -40
  1099. data/src/core/lib/slice/slice_hash_table.h +0 -199
  1100. data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
  1101. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
  1102. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
  1103. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
  1104. data/third_party/upb/upb/port.c +0 -26
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c CHANGED
@@ -122,6 +122,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, uint8_t *out, size_t len) {
122
122
 
123
123
  uint32_t EVP_MD_meth_get_flags(const EVP_MD *md) { return EVP_MD_flags(md); }
124
124
 
125
+ void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) {}
126
+
125
127
  int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
126
128
  // |in->digest| may be NULL if this is a signing |EVP_MD_CTX| for, e.g.,
127
129
  // Ed25519 which does not hash with |EVP_MD_CTX|.
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h CHANGED
@@ -108,6 +108,10 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len,
108
108
  int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from,
109
109
  size_t from_len);
110
110
 
111
+ // rsa_check_public_key checks that |rsa|'s public modulus and exponent are
112
+ // within DoS bounds.
113
+ int rsa_check_public_key(const RSA *rsa);
114
+
111
115
  // RSA_private_transform calls either the method-specific |private_transform|
112
116
  // function (if given) or the generic one. See the comment for
113
117
  // |private_transform| in |rsa_meth_st|.
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c CHANGED
@@ -661,6 +661,9 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv,
661
661
  return 1;
662
662
  }
663
663
 
664
+ // Note |bn_mul_consttime| and |bn_div_consttime| do not scale linearly, but
665
+ // checking |ainv| is in range bounds the running time, assuming |m|'s bounds
666
+ // were checked by the caller.
664
667
  BN_CTX_start(ctx);
665
668
  BIGNUM *tmp = BN_CTX_get(ctx);
666
669
  int ret = tmp != NULL &&
@@ -674,22 +677,35 @@ static int check_mod_inverse(int *out_ok, const BIGNUM *a, const BIGNUM *ainv,
674
677
  }
675
678
 
676
679
  int RSA_check_key(const RSA *key) {
680
+ // TODO(davidben): RSA key initialization is spread across
681
+ // |rsa_check_public_key|, |RSA_check_key|, |freeze_private_key|, and
682
+ // |BN_MONT_CTX_set_locked| as a result of API issues. See
683
+ // https://crbug.com/boringssl/316. As a result, we inconsistently check RSA
684
+ // invariants. We should fix this and integrate that logic.
685
+
677
686
  if (RSA_is_opaque(key)) {
678
687
  // Opaque keys can't be checked.
679
688
  return 1;
680
689
  }
681
690
 
691
+ if (!rsa_check_public_key(key)) {
692
+ return 0;
693
+ }
694
+
682
695
  if ((key->p != NULL) != (key->q != NULL)) {
683
696
  OPENSSL_PUT_ERROR(RSA, RSA_R_ONLY_ONE_OF_P_Q_GIVEN);
684
697
  return 0;
685
698
  }
686
699
 
687
- if (!key->n || !key->e) {
688
- OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);
700
+ // |key->d| must be bounded by |key->n|. This ensures bounds on |RSA_bits|
701
+ // translate to bounds on the running time of private key operations.
702
+ if (key->d != NULL &&
703
+ (BN_is_negative(key->d) || BN_cmp(key->d, key->n) >= 0)) {
704
+ OPENSSL_PUT_ERROR(RSA, RSA_R_D_OUT_OF_RANGE);
689
705
  return 0;
690
706
  }
691
707
 
692
- if (!key->d || !key->p) {
708
+ if (key->d == NULL || key->p == NULL) {
693
709
  // For a public key, or without p and q, there's nothing that can be
694
710
  // checked.
695
711
  return 1;
@@ -709,24 +725,28 @@ int RSA_check_key(const RSA *key) {
709
725
  BN_init(&qm1);
710
726
  BN_init(&dmp1);
711
727
  BN_init(&dmq1);
728
+
729
+ // Check that p * q == n. Before we multiply, we check that p and q are in
730
+ // bounds, to avoid a DoS vector in |bn_mul_consttime| below. Note that
731
+ // n was bound by |rsa_check_public_key|.
732
+ if (BN_is_negative(key->p) || BN_cmp(key->p, key->n) >= 0 ||
733
+ BN_is_negative(key->q) || BN_cmp(key->q, key->n) >= 0) {
734
+ OPENSSL_PUT_ERROR(RSA, RSA_R_N_NOT_EQUAL_P_Q);
735
+ goto out;
736
+ }
712
737
  if (!bn_mul_consttime(&tmp, key->p, key->q, ctx)) {
713
738
  OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
714
739
  goto out;
715
740
  }
716
-
717
741
  if (BN_cmp(&tmp, key->n) != 0) {
718
742
  OPENSSL_PUT_ERROR(RSA, RSA_R_N_NOT_EQUAL_P_Q);
719
743
  goto out;
720
744
  }
721
745
 
722
- if (BN_is_negative(key->d) || BN_cmp(key->d, key->n) >= 0) {
723
- OPENSSL_PUT_ERROR(RSA, RSA_R_D_OUT_OF_RANGE);
724
- goto out;
725
- }
726
-
727
746
  // d must be an inverse of e mod the Carmichael totient, lcm(p-1, q-1), but it
728
747
  // may be unreduced because other implementations use the Euler totient. We
729
- // simply check that d * e is one mod p-1 and mod q-1.
748
+ // simply check that d * e is one mod p-1 and mod q-1. Note d and e were bound
749
+ // by earlier checks in this function.
730
750
  if (!bn_usub_consttime(&pm1, key->p, BN_value_one()) ||
731
751
  !bn_usub_consttime(&qm1, key->q, BN_value_one()) ||
732
752
  !bn_mul_consttime(&de, key->d, key->e, ctx) ||
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c CHANGED
@@ -73,7 +73,12 @@
73
73
  #include "../rand/fork_detect.h"
74
74
 
75
75
 
76
- static int check_modulus_and_exponent_sizes(const RSA *rsa) {
76
+ int rsa_check_public_key(const RSA *rsa) {
77
+ if (rsa->n == NULL || rsa->e == NULL) {
78
+ OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);
79
+ return 0;
80
+ }
81
+
77
82
  unsigned rsa_bits = BN_num_bits(rsa->n);
78
83
 
79
84
  if (rsa_bits > 16 * 1024) {
@@ -253,8 +258,7 @@ size_t rsa_default_size(const RSA *rsa) {
253
258
 
254
259
  int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
255
260
  const uint8_t *in, size_t in_len, int padding) {
256
- if (rsa->n == NULL || rsa->e == NULL) {
257
- OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);
261
+ if (!rsa_check_public_key(rsa)) {
258
262
  return 0;
259
263
  }
260
264
 
@@ -269,10 +273,6 @@ int RSA_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
269
273
  return 0;
270
274
  }
271
275
 
272
- if (!check_modulus_and_exponent_sizes(rsa)) {
273
- return 0;
274
- }
275
-
276
276
  ctx = BN_CTX_new();
277
277
  if (ctx == NULL) {
278
278
  goto err;
@@ -592,8 +592,7 @@ static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
592
592
 
593
593
  int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
594
594
  const uint8_t *in, size_t in_len, int padding) {
595
- if (rsa->n == NULL || rsa->e == NULL) {
596
- OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);
595
+ if (!rsa_check_public_key(rsa)) {
597
596
  return 0;
598
597
  }
599
598
 
@@ -610,10 +609,6 @@ int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
610
609
  return 0;
611
610
  }
612
611
 
613
- if (!check_modulus_and_exponent_sizes(rsa)) {
614
- return 0;
615
- }
616
-
617
612
  BN_CTX *ctx = BN_CTX_new();
618
613
  if (ctx == NULL) {
619
614
  return 0;
@@ -938,20 +933,57 @@ static int ensure_bignum(BIGNUM **out) {
938
933
  return *out != NULL;
939
934
  }
940
935
 
941
- // kBoringSSLRSASqrtTwo is the BIGNUM representation of ⌊2¹⁵³⁵×√2⌋. This is
942
- // chosen to give enough precision for 3072-bit RSA, the largest key size FIPS
936
+ // kBoringSSLRSASqrtTwo is the BIGNUM representation of ⌊2²⁰⁴⁷×√2⌋. This is
937
+ // chosen to give enough precision for 4096-bit RSA, the largest key size FIPS
943
938
  // specifies. Key sizes beyond this will round up.
944
939
  //
945
- // To verify this number, check that < 2³⁰⁷¹ < (n+1)², where n is value
940
+ // To calculate, use the following Haskell code:
941
+ //
942
+ // import Text.Printf (printf)
943
+ // import Data.List (intercalate)
944
+ //
945
+ // pow2 = 4095
946
+ // target = 2^pow2
947
+ //
948
+ // f x = x*x - (toRational target)
949
+ //
950
+ // fprime x = 2*x
951
+ //
952
+ // newtonIteration x = x - (f x) / (fprime x)
953
+ //
954
+ // converge x =
955
+ // let n = floor x in
956
+ // if n*n - target < 0 && (n+1)*(n+1) - target > 0
957
+ // then n
958
+ // else converge (newtonIteration x)
959
+ //
960
+ // divrem bits x = (x `div` (2^bits), x `rem` (2^bits))
961
+ //
962
+ // bnWords :: Integer -> [Integer]
963
+ // bnWords x =
964
+ // if x == 0
965
+ // then []
966
+ // else let (high, low) = divrem 64 x in low : bnWords high
967
+ //
968
+ // showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" high low
969
+ //
970
+ // output :: String
971
+ // output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 `div` 2))
972
+ //
973
+ // To verify this number, check that n² < 2⁴⁰⁹⁵ < (n+1)², where n is value
946
974
  // represented here. Note the components are listed in little-endian order. Here
947
975
  // is some sample Python code to check:
948
976
  //
949
977
  // >>> TOBN = lambda a, b: a << 32 | b
950
978
  // >>> l = [ <paste the contents of kSqrtTwo> ]
951
979
  // >>> n = sum(a * 2**(64*i) for i, a in enumerate(l))
952
- // >>> n**2 < 2**3071 < (n+1)**2
980
+ // >>> n**2 < 2**4095 < (n+1)**2
953
981
  // True
954
982
  const BN_ULONG kBoringSSLRSASqrtTwo[] = {
983
+ TOBN(0x4d7c60a5, 0xe633e3e1), TOBN(0x5fcf8f7b, 0xca3ea33b),
984
+ TOBN(0xc246785e, 0x92957023), TOBN(0xf9acce41, 0x797f2805),
985
+ TOBN(0xfdfe170f, 0xd3b1f780), TOBN(0xd24f4a76, 0x3facb882),
986
+ TOBN(0x18838a2e, 0xaff5f3b2), TOBN(0xc1fcbdde, 0xa2f7dc33),
955
987
  TOBN(0xdea06241, 0xf7aa81c2), TOBN(0xf6a1be3f, 0xca221307),
956
988
  TOBN(0x332a5e9f, 0x7bda1ebf), TOBN(0x0104dc01, 0xfe32352f),
957
989
  TOBN(0xb8cf341b, 0x6f8236c7), TOBN(0x4264dabc, 0xd528b651),
@@ -1121,8 +1153,8 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value,
1121
1153
 
1122
1154
  // Reject excessively large public exponents. Windows CryptoAPI and Go don't
1123
1155
  // support values larger than 32 bits, so match their limits for generating
1124
- // keys. (|check_modulus_and_exponent_sizes| uses a slightly more conservative
1125
- // value, but we don't need to support generating such keys.)
1156
+ // keys. (|rsa_check_public_key| uses a slightly more conservative value, but
1157
+ // we don't need to support generating such keys.)
1126
1158
  // https://github.com/golang/go/issues/3161
1127
1159
  // https://msdn.microsoft.com/en-us/library/aa387685(VS.85).aspx
1128
1160
  if (BN_num_bits(e_value) > 32) {
@@ -1172,13 +1204,13 @@ static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value,
1172
1204
  int sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2;
1173
1205
  assert(sqrt2_bits == (int)BN_num_bits(sqrt2));
1174
1206
  if (sqrt2_bits > prime_bits) {
1175
- // For key sizes up to 3072 (prime_bits = 1536), this is exactly
1207
+ // For key sizes up to 4096 (prime_bits = 2048), this is exactly
1176
1208
  // ⌊2^(prime_bits-1)×√2⌋.
1177
1209
  if (!BN_rshift(sqrt2, sqrt2, sqrt2_bits - prime_bits)) {
1178
1210
  goto bn_err;
1179
1211
  }
1180
1212
  } else if (prime_bits > sqrt2_bits) {
1181
- // For key sizes beyond 3072, this is approximate. We err towards retrying
1213
+ // For key sizes beyond 4096, this is approximate. We err towards retrying
1182
1214
  // to ensure our key is the right size and round up.
1183
1215
  if (!BN_add_word(sqrt2, 1) ||
1184
1216
  !BN_lshift(sqrt2, sqrt2, prime_bits - sqrt2_bits)) {
@@ -1335,7 +1367,9 @@ int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
1335
1367
  int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) {
1336
1368
  // FIPS 186-4 allows 2048-bit and 3072-bit RSA keys (1024-bit and 1536-bit
1337
1369
  // primes, respectively) with the prime generation method we use.
1338
- if (bits != 2048 && bits != 3072) {
1370
+ // Subsequently, IG A.14 stated that larger modulus sizes can be used and ACVP
1371
+ // testing supports 4096 bits.
1372
+ if (bits != 2048 && bits != 3072 && bits != 4096) {
1339
1373
  OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);
1340
1374
  return 0;
1341
1375
  }
data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c CHANGED
@@ -611,7 +611,7 @@ int boringssl_fips_self_test(
611
611
  goto err;
612
612
  }
613
613
 
614
- // ECDSA Sign/Verify PWCT
614
+ // ECDSA Sign/Verify KAT
615
615
 
616
616
  // The 'k' value for ECDSA is fixed to avoid an entropy draw.
617
617
  ec_key->fixed_k = BN_new();
@@ -632,7 +632,13 @@ int boringssl_fips_self_test(
632
632
  !BN_bn2bin(sig->s, ecdsa_s_bytes) ||
633
633
  !check_test(kECDSASigR, ecdsa_r_bytes, sizeof(kECDSASigR), "ECDSA R") ||
634
634
  !check_test(kECDSASigS, ecdsa_s_bytes, sizeof(kECDSASigS), "ECDSA S")) {
635
- fprintf(stderr, "ECDSA KAT failed.\n");
635
+ fprintf(stderr, "ECDSA signature KAT failed.\n");
636
+ goto err;
637
+ }
638
+
639
+ if (!ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
640
+ ec_key)) {
641
+ fprintf(stderr, "ECDSA verification KAT failed.\n");
636
642
  goto err;
637
643
  }
638
644
 
data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c ADDED
@@ -0,0 +1,543 @@
1
+ /* Copyright (c) 2020, Google Inc.
2
+ *
3
+ * Permission to use, copy, modify, and/or distribute this software for any
4
+ * purpose with or without fee is hereby granted, provided that the above
5
+ * copyright notice and this permission notice appear in all copies.
6
+ *
7
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
+
15
+ #include <assert.h>
16
+ #include <string.h>
17
+
18
+ #include <openssl/aead.h>
19
+ #include <openssl/bytestring.h>
20
+ #include <openssl/digest.h>
21
+ #include <openssl/err.h>
22
+ #include <openssl/evp.h>
23
+ #include <openssl/hkdf.h>
24
+ #include <openssl/sha.h>
25
+
26
+ #include "../internal.h"
27
+ #include "internal.h"
28
+
29
+
30
+ // This file implements draft-irtf-cfrg-hpke-05.
31
+
32
+ #define KEM_CONTEXT_LEN (2 * X25519_PUBLIC_VALUE_LEN)
33
+
34
+ // HPKE KEM scheme IDs.
35
+ #define HPKE_DHKEM_X25519_HKDF_SHA256 0x0020
36
+
37
+ // This is strlen("HPKE") + 3 * sizeof(uint16_t).
38
+ #define HPKE_SUITE_ID_LEN 10
39
+
40
+ #define HPKE_MODE_BASE 0
41
+ #define HPKE_MODE_PSK 1
42
+
43
+ static const char kHpkeRfcId[] = "HPKE-05 ";
44
+
45
+ static int add_label_string(CBB *cbb, const char *label) {
46
+ return CBB_add_bytes(cbb, (const uint8_t *)label, strlen(label));
47
+ }
48
+
49
+ // The suite_id for the KEM is defined as concat("KEM", I2OSP(kem_id, 2)). Note
50
+ // that the suite_id used outside of the KEM also includes the kdf_id and
51
+ // aead_id.
52
+ static const uint8_t kX25519SuiteID[] = {
53
+ 'K', 'E', 'M', HPKE_DHKEM_X25519_HKDF_SHA256 >> 8,
54
+ HPKE_DHKEM_X25519_HKDF_SHA256 & 0x00ff};
55
+
56
+ // The suite_id for non-KEM pieces of HPKE is defined as concat("HPKE",
57
+ // I2OSP(kem_id, 2), I2OSP(kdf_id, 2), I2OSP(aead_id, 2)).
58
+ static int hpke_build_suite_id(uint8_t out[HPKE_SUITE_ID_LEN], uint16_t kdf_id,
59
+ uint16_t aead_id) {
60
+ CBB cbb;
61
+ int ret = CBB_init_fixed(&cbb, out, HPKE_SUITE_ID_LEN) &&
62
+ add_label_string(&cbb, "HPKE") &&
63
+ CBB_add_u16(&cbb, HPKE_DHKEM_X25519_HKDF_SHA256) &&
64
+ CBB_add_u16(&cbb, kdf_id) &&
65
+ CBB_add_u16(&cbb, aead_id);
66
+ CBB_cleanup(&cbb);
67
+ return ret;
68
+ }
69
+
70
+ static int hpke_labeled_extract(const EVP_MD *hkdf_md, uint8_t *out_key,
71
+ size_t *out_len, const uint8_t *salt,
72
+ size_t salt_len, const uint8_t *suite_id,
73
+ size_t suite_id_len, const char *label,
74
+ const uint8_t *ikm, size_t ikm_len) {
75
+ // labeledIKM = concat("RFCXXXX ", suite_id, label, IKM)
76
+ CBB labeled_ikm;
77
+ int ok = CBB_init(&labeled_ikm, 0) &&
78
+ add_label_string(&labeled_ikm, kHpkeRfcId) &&
79
+ CBB_add_bytes(&labeled_ikm, suite_id, suite_id_len) &&
80
+ add_label_string(&labeled_ikm, label) &&
81
+ CBB_add_bytes(&labeled_ikm, ikm, ikm_len) &&
82
+ HKDF_extract(out_key, out_len, hkdf_md, CBB_data(&labeled_ikm),
83
+ CBB_len(&labeled_ikm), salt, salt_len);
84
+ CBB_cleanup(&labeled_ikm);
85
+ return ok;
86
+ }
87
+
88
+ static int hpke_labeled_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
89
+ size_t out_len, const uint8_t *prk,
90
+ size_t prk_len, const uint8_t *suite_id,
91
+ size_t suite_id_len, const char *label,
92
+ const uint8_t *info, size_t info_len) {
93
+ // labeledInfo = concat(I2OSP(L, 2), "RFCXXXX ", suite_id, label, info)
94
+ CBB labeled_info;
95
+ int ok = CBB_init(&labeled_info, 0) &&
96
+ CBB_add_u16(&labeled_info, out_len) &&
97
+ add_label_string(&labeled_info, kHpkeRfcId) &&
98
+ CBB_add_bytes(&labeled_info, suite_id, suite_id_len) &&
99
+ add_label_string(&labeled_info, label) &&
100
+ CBB_add_bytes(&labeled_info, info, info_len) &&
101
+ HKDF_expand(out_key, out_len, hkdf_md, prk, prk_len,
102
+ CBB_data(&labeled_info), CBB_len(&labeled_info));
103
+ CBB_cleanup(&labeled_info);
104
+ return ok;
105
+ }
106
+
107
+ static int hpke_extract_and_expand(const EVP_MD *hkdf_md, uint8_t *out_key,
108
+ size_t out_len,
109
+ const uint8_t dh[X25519_PUBLIC_VALUE_LEN],
110
+ const uint8_t kem_context[KEM_CONTEXT_LEN]) {
111
+ uint8_t prk[EVP_MAX_MD_SIZE];
112
+ size_t prk_len;
113
+ static const char kEaePrkLabel[] = "eae_prk";
114
+ if (!hpke_labeled_extract(hkdf_md, prk, &prk_len, NULL, 0, kX25519SuiteID,
115
+ sizeof(kX25519SuiteID), kEaePrkLabel, dh,
116
+ X25519_PUBLIC_VALUE_LEN)) {
117
+ return 0;
118
+ }
119
+ static const char kPRKExpandLabel[] = "shared_secret";
120
+ if (!hpke_labeled_expand(hkdf_md, out_key, out_len, prk, prk_len,
121
+ kX25519SuiteID, sizeof(kX25519SuiteID),
122
+ kPRKExpandLabel, kem_context, KEM_CONTEXT_LEN)) {
123
+ return 0;
124
+ }
125
+ return 1;
126
+ }
127
+
128
+ static const EVP_AEAD *hpke_get_aead(uint16_t aead_id) {
129
+ switch (aead_id) {
130
+ case EVP_HPKE_AEAD_AES_GCM_128:
131
+ return EVP_aead_aes_128_gcm();
132
+ case EVP_HPKE_AEAD_AES_GCM_256:
133
+ return EVP_aead_aes_256_gcm();
134
+ case EVP_HPKE_AEAD_CHACHA20POLY1305:
135
+ return EVP_aead_chacha20_poly1305();
136
+ }
137
+ OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
138
+ return NULL;
139
+ }
140
+
141
+ static const EVP_MD *hpke_get_kdf(uint16_t kdf_id) {
142
+ switch (kdf_id) {
143
+ case EVP_HPKE_HKDF_SHA256:
144
+ return EVP_sha256();
145
+ case EVP_HPKE_HKDF_SHA384:
146
+ return EVP_sha384();
147
+ case EVP_HPKE_HKDF_SHA512:
148
+ return EVP_sha512();
149
+ }
150
+ OPENSSL_PUT_ERROR(EVP, ERR_R_INTERNAL_ERROR);
151
+ return NULL;
152
+ }
153
+
154
+ static int hpke_key_schedule(EVP_HPKE_CTX *hpke, uint8_t mode,
155
+ const uint8_t *shared_secret,
156
+ size_t shared_secret_len, const uint8_t *info,
157
+ size_t info_len, const uint8_t *psk,
158
+ size_t psk_len, const uint8_t *psk_id,
159
+ size_t psk_id_len) {
160
+ // Verify the PSK inputs.
161
+ switch (mode) {
162
+ case HPKE_MODE_BASE:
163
+ // This is an internal error, unreachable from the caller.
164
+ assert(psk_len == 0 && psk_id_len == 0);
165
+ break;
166
+ case HPKE_MODE_PSK:
167
+ if (psk_len == 0 || psk_id_len == 0) {
168
+ OPENSSL_PUT_ERROR(EVP, EVP_R_EMPTY_PSK);
169
+ return 0;
170
+ }
171
+ break;
172
+ default:
173
+ return 0;
174
+ }
175
+
176
+ // Attempt to get an EVP_AEAD*.
177
+ const EVP_AEAD *aead = hpke_get_aead(hpke->aead_id);
178
+ if (aead == NULL) {
179
+ return 0;
180
+ }
181
+
182
+ uint8_t suite_id[HPKE_SUITE_ID_LEN];
183
+ if (!hpke_build_suite_id(suite_id, hpke->kdf_id, hpke->aead_id)) {
184
+ return 0;
185
+ }
186
+
187
+ // psk_id_hash = LabeledExtract("", "psk_id_hash", psk_id)
188
+ static const char kPskIdHashLabel[] = "psk_id_hash";
189
+ uint8_t psk_id_hash[EVP_MAX_MD_SIZE];
190
+ size_t psk_id_hash_len;
191
+ if (!hpke_labeled_extract(hpke->hkdf_md, psk_id_hash, &psk_id_hash_len, NULL,
192
+ 0, suite_id, sizeof(suite_id), kPskIdHashLabel,
193
+ psk_id, psk_id_len)) {
194
+ return 0;
195
+ }
196
+
197
+ // info_hash = LabeledExtract("", "info_hash", info)
198
+ static const char kInfoHashLabel[] = "info_hash";
199
+ uint8_t info_hash[EVP_MAX_MD_SIZE];
200
+ size_t info_hash_len;
201
+ if (!hpke_labeled_extract(hpke->hkdf_md, info_hash, &info_hash_len, NULL, 0,
202
+ suite_id, sizeof(suite_id), kInfoHashLabel, info,
203
+ info_len)) {
204
+ return 0;
205
+ }
206
+
207
+ // key_schedule_context = concat(mode, psk_id_hash, info_hash)
208
+ uint8_t context[sizeof(uint8_t) + 2 * EVP_MAX_MD_SIZE];
209
+ size_t context_len;
210
+ CBB context_cbb;
211
+ if (!CBB_init_fixed(&context_cbb, context, sizeof(context)) ||
212
+ !CBB_add_u8(&context_cbb, mode) ||
213
+ !CBB_add_bytes(&context_cbb, psk_id_hash, psk_id_hash_len) ||
214
+ !CBB_add_bytes(&context_cbb, info_hash, info_hash_len) ||
215
+ !CBB_finish(&context_cbb, NULL, &context_len)) {
216
+ return 0;
217
+ }
218
+
219
+ // psk_hash = LabeledExtract("", "psk_hash", psk)
220
+ static const char kPskHashLabel[] = "psk_hash";
221
+ uint8_t psk_hash[EVP_MAX_MD_SIZE];
222
+ size_t psk_hash_len;
223
+ if (!hpke_labeled_extract(hpke->hkdf_md, psk_hash, &psk_hash_len, NULL, 0,
224
+ suite_id, sizeof(suite_id), kPskHashLabel, psk,
225
+ psk_len)) {
226
+ return 0;
227
+ }
228
+
229
+ // secret = LabeledExtract(psk_hash, "secret", shared_secret)
230
+ static const char kSecretExtractLabel[] = "secret";
231
+ uint8_t secret[EVP_MAX_MD_SIZE];
232
+ size_t secret_len;
233
+ if (!hpke_labeled_extract(hpke->hkdf_md, secret, &secret_len, psk_hash,
234
+ psk_hash_len, suite_id, sizeof(suite_id),
235
+ kSecretExtractLabel, shared_secret,
236
+ shared_secret_len)) {
237
+ return 0;
238
+ }
239
+
240
+ // key = LabeledExpand(secret, "key", key_schedule_context, Nk)
241
+ static const char kKeyExpandLabel[] = "key";
242
+ uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
243
+ const size_t kKeyLen = EVP_AEAD_key_length(aead);
244
+ if (!hpke_labeled_expand(hpke->hkdf_md, key, kKeyLen, secret, secret_len,
245
+ suite_id, sizeof(suite_id), kKeyExpandLabel, context,
246
+ context_len)) {
247
+ return 0;
248
+ }
249
+
250
+ // Initialize the HPKE context's AEAD context, storing a copy of |key|.
251
+ if (!EVP_AEAD_CTX_init(&hpke->aead_ctx, aead, key, kKeyLen, 0, NULL)) {
252
+ return 0;
253
+ }
254
+
255
+ // nonce = LabeledExpand(secret, "nonce", key_schedule_context, Nn)
256
+ static const char kNonceExpandLabel[] = "nonce";
257
+ if (!hpke_labeled_expand(hpke->hkdf_md, hpke->nonce,
258
+ EVP_AEAD_nonce_length(aead), secret, secret_len,
259
+ suite_id, sizeof(suite_id), kNonceExpandLabel,
260
+ context, context_len)) {
261
+ return 0;
262
+ }
263
+
264
+ // exporter_secret = LabeledExpand(secret, "exp", key_schedule_context, Nh)
265
+ static const char kExporterSecretExpandLabel[] = "exp";
266
+ if (!hpke_labeled_expand(hpke->hkdf_md, hpke->exporter_secret,
267
+ EVP_MD_size(hpke->hkdf_md), secret, secret_len,
268
+ suite_id, sizeof(suite_id),
269
+ kExporterSecretExpandLabel, context, context_len)) {
270
+ return 0;
271
+ }
272
+
273
+ return 1;
274
+ }
275
+
276
+ // The number of bytes written to |out_shared_secret| is the size of the KEM's
277
+ // KDF (currently we only support SHA256).
278
+ static int hpke_encap(EVP_HPKE_CTX *hpke,
279
+ uint8_t out_shared_secret[SHA256_DIGEST_LENGTH],
280
+ const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN],
281
+ const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
282
+ const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) {
283
+ uint8_t dh[X25519_PUBLIC_VALUE_LEN];
284
+ if (!X25519(dh, ephemeral_private, public_key_r)) {
285
+ OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
286
+ return 0;
287
+ }
288
+
289
+ uint8_t kem_context[KEM_CONTEXT_LEN];
290
+ OPENSSL_memcpy(kem_context, ephemeral_public, X25519_PUBLIC_VALUE_LEN);
291
+ OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r,
292
+ X25519_PUBLIC_VALUE_LEN);
293
+ if (!hpke_extract_and_expand(EVP_sha256(), out_shared_secret,
294
+ SHA256_DIGEST_LENGTH, dh, kem_context)) {
295
+ return 0;
296
+ }
297
+ return 1;
298
+ }
299
+
300
+ static int hpke_decap(const EVP_HPKE_CTX *hpke,
301
+ uint8_t out_shared_secret[SHA256_DIGEST_LENGTH],
302
+ const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
303
+ const uint8_t public_key_r[X25519_PUBLIC_VALUE_LEN],
304
+ const uint8_t secret_key_r[X25519_PRIVATE_KEY_LEN]) {
305
+ uint8_t dh[X25519_PUBLIC_VALUE_LEN];
306
+ if (!X25519(dh, secret_key_r, enc)) {
307
+ OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
308
+ return 0;
309
+ }
310
+ uint8_t kem_context[KEM_CONTEXT_LEN];
311
+ OPENSSL_memcpy(kem_context, enc, X25519_PUBLIC_VALUE_LEN);
312
+ OPENSSL_memcpy(kem_context + X25519_PUBLIC_VALUE_LEN, public_key_r,
313
+ X25519_PUBLIC_VALUE_LEN);
314
+ if (!hpke_extract_and_expand(EVP_sha256(), out_shared_secret,
315
+ SHA256_DIGEST_LENGTH, dh, kem_context)) {
316
+ return 0;
317
+ }
318
+ return 1;
319
+ }
320
+
321
+ void EVP_HPKE_CTX_init(EVP_HPKE_CTX *ctx) {
322
+ OPENSSL_memset(ctx, 0, sizeof(EVP_HPKE_CTX));
323
+ EVP_AEAD_CTX_zero(&ctx->aead_ctx);
324
+ }
325
+
326
+ void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx) {
327
+ EVP_AEAD_CTX_cleanup(&ctx->aead_ctx);
328
+ }
329
+
330
+ int EVP_HPKE_CTX_setup_base_s_x25519(
331
+ EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
332
+ uint16_t kdf_id, uint16_t aead_id,
333
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
334
+ const uint8_t *info, size_t info_len) {
335
+ // The GenerateKeyPair() step technically belongs in the KEM's Encap()
336
+ // function, but we've moved it up a layer to make it easier for tests to
337
+ // inject an ephemeral keypair.
338
+ uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN];
339
+ X25519_keypair(out_enc, ephemeral_private);
340
+ return EVP_HPKE_CTX_setup_base_s_x25519_for_test(
341
+ hpke, kdf_id, aead_id, peer_public_value, info, info_len,
342
+ ephemeral_private, out_enc);
343
+ }
344
+
345
+ int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
346
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
347
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
348
+ const uint8_t *info, size_t info_len,
349
+ const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
350
+ const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) {
351
+ hpke->is_sender = 1;
352
+ hpke->kdf_id = kdf_id;
353
+ hpke->aead_id = aead_id;
354
+ hpke->hkdf_md = hpke_get_kdf(kdf_id);
355
+ if (hpke->hkdf_md == NULL) {
356
+ return 0;
357
+ }
358
+ uint8_t shared_secret[SHA256_DIGEST_LENGTH];
359
+ if (!hpke_encap(hpke, shared_secret, peer_public_value, ephemeral_private,
360
+ ephemeral_public) ||
361
+ !hpke_key_schedule(hpke, HPKE_MODE_BASE, shared_secret,
362
+ sizeof(shared_secret), info, info_len, NULL, 0, NULL,
363
+ 0)) {
364
+ return 0;
365
+ }
366
+ return 1;
367
+ }
368
+
369
+ int EVP_HPKE_CTX_setup_base_r_x25519(
370
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
371
+ const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
372
+ const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
373
+ const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
374
+ size_t info_len) {
375
+ hpke->is_sender = 0;
376
+ hpke->kdf_id = kdf_id;
377
+ hpke->aead_id = aead_id;
378
+ hpke->hkdf_md = hpke_get_kdf(kdf_id);
379
+ if (hpke->hkdf_md == NULL) {
380
+ return 0;
381
+ }
382
+ uint8_t shared_secret[SHA256_DIGEST_LENGTH];
383
+ if (!hpke_decap(hpke, shared_secret, enc, public_key, private_key) ||
384
+ !hpke_key_schedule(hpke, HPKE_MODE_BASE, shared_secret,
385
+ sizeof(shared_secret), info, info_len, NULL, 0, NULL,
386
+ 0)) {
387
+ return 0;
388
+ }
389
+ return 1;
390
+ }
391
+
392
+ int EVP_HPKE_CTX_setup_psk_s_x25519(
393
+ EVP_HPKE_CTX *hpke, uint8_t out_enc[X25519_PUBLIC_VALUE_LEN],
394
+ uint16_t kdf_id, uint16_t aead_id,
395
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
396
+ const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
397
+ const uint8_t *psk_id, size_t psk_id_len) {
398
+ // The GenerateKeyPair() step technically belongs in the KEM's Encap()
399
+ // function, but we've moved it up a layer to make it easier for tests to
400
+ // inject an ephemeral keypair.
401
+ uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN];
402
+ X25519_keypair(out_enc, ephemeral_private);
403
+ return EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
404
+ hpke, kdf_id, aead_id, peer_public_value, info, info_len, psk, psk_len,
405
+ psk_id, psk_id_len, ephemeral_private, out_enc);
406
+ }
407
+
408
+ int EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
409
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
410
+ const uint8_t peer_public_value[X25519_PUBLIC_VALUE_LEN],
411
+ const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
412
+ const uint8_t *psk_id, size_t psk_id_len,
413
+ const uint8_t ephemeral_private[X25519_PRIVATE_KEY_LEN],
414
+ const uint8_t ephemeral_public[X25519_PUBLIC_VALUE_LEN]) {
415
+ hpke->is_sender = 1;
416
+ hpke->kdf_id = kdf_id;
417
+ hpke->aead_id = aead_id;
418
+ hpke->hkdf_md = hpke_get_kdf(kdf_id);
419
+ if (hpke->hkdf_md == NULL) {
420
+ return 0;
421
+ }
422
+ uint8_t shared_secret[SHA256_DIGEST_LENGTH];
423
+ if (!hpke_encap(hpke, shared_secret, peer_public_value, ephemeral_private,
424
+ ephemeral_public) ||
425
+ !hpke_key_schedule(hpke, HPKE_MODE_PSK, shared_secret,
426
+ sizeof(shared_secret), info, info_len, psk, psk_len,
427
+ psk_id, psk_id_len)) {
428
+ return 0;
429
+ }
430
+ return 1;
431
+ }
432
+
433
+ int EVP_HPKE_CTX_setup_psk_r_x25519(
434
+ EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
435
+ const uint8_t enc[X25519_PUBLIC_VALUE_LEN],
436
+ const uint8_t public_key[X25519_PUBLIC_VALUE_LEN],
437
+ const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
438
+ size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id,
439
+ size_t psk_id_len) {
440
+ hpke->is_sender = 0;
441
+ hpke->kdf_id = kdf_id;
442
+ hpke->aead_id = aead_id;
443
+ hpke->hkdf_md = hpke_get_kdf(kdf_id);
444
+ if (hpke->hkdf_md == NULL) {
445
+ return 0;
446
+ }
447
+ uint8_t shared_secret[SHA256_DIGEST_LENGTH];
448
+ if (!hpke_decap(hpke, shared_secret, enc, public_key, private_key) ||
449
+ !hpke_key_schedule(hpke, HPKE_MODE_PSK, shared_secret,
450
+ sizeof(shared_secret), info, info_len, psk, psk_len,
451
+ psk_id, psk_id_len)) {
452
+ return 0;
453
+ }
454
+ return 1;
455
+ }
456
+
457
+ static void hpke_nonce(const EVP_HPKE_CTX *hpke, uint8_t *out_nonce,
458
+ size_t nonce_len) {
459
+ assert(nonce_len >= 8);
460
+
461
+ // Write padded big-endian bytes of |hpke->seq| to |out_nonce|.
462
+ OPENSSL_memset(out_nonce, 0, nonce_len);
463
+ uint64_t seq_copy = hpke->seq;
464
+ for (size_t i = 0; i < 8; i++) {
465
+ out_nonce[nonce_len - i - 1] = seq_copy & 0xff;
466
+ seq_copy >>= 8;
467
+ }
468
+
469
+ // XOR the encoded sequence with the |hpke->nonce|.
470
+ for (size_t i = 0; i < nonce_len; i++) {
471
+ out_nonce[i] ^= hpke->nonce[i];
472
+ }
473
+ }
474
+
475
+ size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke) {
476
+ assert(hpke->is_sender);
477
+ return EVP_AEAD_max_overhead(hpke->aead_ctx.aead);
478
+ }
479
+
480
+ int EVP_HPKE_CTX_open(EVP_HPKE_CTX *hpke, uint8_t *out, size_t *out_len,
481
+ size_t max_out_len, const uint8_t *in, size_t in_len,
482
+ const uint8_t *ad, size_t ad_len) {
483
+ if (hpke->is_sender) {
484
+ OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
485
+ return 0;
486
+ }
487
+ if (hpke->seq == UINT64_MAX) {
488
+ OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW);
489
+ return 0;
490
+ }
491
+
492
+ uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
493
+ const size_t nonce_len = EVP_AEAD_nonce_length(hpke->aead_ctx.aead);
494
+ hpke_nonce(hpke, nonce, nonce_len);
495
+
496
+ if (!EVP_AEAD_CTX_open(&hpke->aead_ctx, out, out_len, max_out_len, nonce,
497
+ nonce_len, in, in_len, ad, ad_len)) {
498
+ return 0;
499
+ }
500
+ hpke->seq++;
501
+ return 1;
502
+ }
503
+
504
+ int EVP_HPKE_CTX_seal(EVP_HPKE_CTX *hpke, uint8_t *out, size_t *out_len,
505
+ size_t max_out_len, const uint8_t *in, size_t in_len,
506
+ const uint8_t *ad, size_t ad_len) {
507
+ if (!hpke->is_sender) {
508
+ OPENSSL_PUT_ERROR(EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
509
+ return 0;
510
+ }
511
+ if (hpke->seq == UINT64_MAX) {
512
+ OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW);
513
+ return 0;
514
+ }
515
+
516
+ uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
517
+ const size_t nonce_len = EVP_AEAD_nonce_length(hpke->aead_ctx.aead);
518
+ hpke_nonce(hpke, nonce, nonce_len);
519
+
520
+ if (!EVP_AEAD_CTX_seal(&hpke->aead_ctx, out, out_len, max_out_len, nonce,
521
+ nonce_len, in, in_len, ad, ad_len)) {
522
+ return 0;
523
+ }
524
+ hpke->seq++;
525
+ return 1;
526
+ }
527
+
528
+ int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
529
+ size_t secret_len, const uint8_t *context,
530
+ size_t context_len) {
531
+ uint8_t suite_id[HPKE_SUITE_ID_LEN];
532
+ if (!hpke_build_suite_id(suite_id, hpke->kdf_id, hpke->aead_id)) {
533
+ return 0;
534
+ }
535
+ static const char kExportExpandLabel[] = "sec";
536
+ if (!hpke_labeled_expand(hpke->hkdf_md, out, secret_len,
537
+ hpke->exporter_secret, EVP_MD_size(hpke->hkdf_md),
538
+ suite_id, sizeof(suite_id), kExportExpandLabel,
539
+ context, context_len)) {
540
+ return 0;
541
+ }
542
+ return 1;
543
+ }