grpc 1.32.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +1086 -3054
- data/etc/roots.pem +257 -573
- data/include/grpc/compression.h +1 -1
- data/include/grpc/grpc.h +15 -7
- data/include/grpc/grpc_security.h +227 -171
- data/include/grpc/impl/codegen/atm_windows.h +4 -0
- data/include/grpc/impl/codegen/byte_buffer.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +10 -8
- data/include/grpc/impl/codegen/log.h +0 -2
- data/include/grpc/impl/codegen/port_platform.h +22 -55
- data/include/grpc/impl/codegen/sync_windows.h +4 -0
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/support/sync.h +3 -3
- data/include/grpc/support/time.h +7 -7
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +2788 -1535
- data/src/core/ext/filters/client_channel/client_channel.h +0 -6
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
- data/src/core/ext/filters/client_channel/config_selector.h +40 -8
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +186 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +10 -7
- data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -4
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +7 -8
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
- data/src/core/ext/filters/client_channel/lb_policy.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy.h +6 -7
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +204 -195
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +58 -26
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +14 -34
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +478 -145
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +810 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +722 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1384 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
- data/src/core/ext/filters/client_channel/resolver.cc +4 -5
- data/src/core/ext/filters/client_channel/resolver.h +5 -13
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +43 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +443 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +22 -23
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +21 -18
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +37 -30
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +566 -366
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
- data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +29 -74
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +12 -10
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
- data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
- data/src/core/ext/filters/client_channel/server_address.cc +86 -0
- data/src/core/ext/filters/client_channel/server_address.h +52 -36
- data/src/core/ext/filters/client_channel/service_config.cc +18 -13
- data/src/core/ext/filters/client_channel/service_config.h +8 -5
- data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -66
- data/src/core/ext/filters/client_channel/subchannel.h +14 -20
- data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
- data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
- data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +36 -33
- data/src/core/ext/filters/message_size/message_size_filter.cc +3 -2
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
- data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
- data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +20 -8
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +26 -14
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +226 -95
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +28 -42
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +10 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +13 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +5 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +18 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +52 -33
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +199 -34
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +171 -98
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +625 -202
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +24 -23
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +62 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +36 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +133 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +70 -45
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +275 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +31 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +107 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +149 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +74 -28
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +248 -43
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +41 -41
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +172 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +63 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +254 -60
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +42 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +126 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -14
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +49 -27
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +204 -48
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +181 -48
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +21 -17
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +96 -33
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +15 -13
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +70 -37
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +352 -199
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +1334 -443
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +8 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +34 -10
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -4
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +129 -80
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +525 -166
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +26 -24
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +121 -64
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +7 -6
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +70 -29
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +296 -63
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +51 -34
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +188 -75
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -8
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -3
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +22 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +830 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +54 -37
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +171 -59
- data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
- data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
- data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +251 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +543 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +136 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +272 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +135 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +107 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +195 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +193 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +101 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +938 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +285 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +504 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +170 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +246 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +142 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +80 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +80 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +69 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/{upb-generated/gogoproto/gogo.upb.h → upbdefs-generated/envoy/type/v3/http.upbdefs.h} +10 -9
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +310 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +61 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
- data/src/core/ext/xds/certificate_provider_registry.h +57 -0
- data/src/core/ext/xds/certificate_provider_store.cc +87 -0
- data/src/core/ext/xds/certificate_provider_store.h +112 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
- data/src/core/ext/xds/xds_api.cc +1149 -1058
- data/src/core/ext/xds/xds_api.h +215 -144
- data/src/core/ext/xds/xds_bootstrap.cc +228 -62
- data/src/core/ext/xds/xds_bootstrap.h +35 -12
- data/src/core/ext/xds/xds_certificate_provider.cc +405 -0
- data/src/core/ext/xds/xds_certificate_provider.h +151 -0
- data/src/core/ext/xds/xds_channel_args.h +6 -3
- data/src/core/ext/xds/xds_client.cc +620 -495
- data/src/core/ext/xds/xds_client.h +121 -58
- data/src/core/ext/xds/xds_client_stats.cc +61 -17
- data/src/core/ext/xds/xds_client_stats.h +35 -7
- data/src/core/ext/xds/xds_server_config_fetcher.cc +267 -0
- data/src/core/lib/channel/channel_args.cc +9 -8
- data/src/core/lib/channel/channel_args.h +0 -1
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channel_trace.h +1 -1
- data/src/core/lib/channel/channelz.cc +23 -59
- data/src/core/lib/channel/channelz.h +13 -22
- data/src/core/lib/channel/channelz_registry.cc +12 -11
- data/src/core/lib/channel/channelz_registry.h +3 -1
- data/src/core/lib/channel/handshaker.cc +4 -7
- data/src/core/lib/channel/handshaker.h +3 -3
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_args.cc +3 -2
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats.h +2 -2
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/debug/stats_data.h +13 -13
- data/src/core/lib/gpr/alloc.cc +3 -2
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log.cc +59 -17
- data/src/core/lib/gpr/log_linux.cc +19 -3
- data/src/core/lib/gpr/log_posix.cc +15 -1
- data/src/core/lib/gpr/log_windows.cc +18 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +23 -22
- data/src/core/lib/gpr/string.h +5 -6
- data/src/core/lib/gpr/sync.cc +4 -4
- data/src/core/lib/gpr/time.cc +12 -12
- data/src/core/lib/gpr/time_precise.cc +5 -2
- data/src/core/lib/gpr/time_precise.h +6 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/arena.h +3 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +331 -0
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +91 -68
- data/src/core/lib/gprpp/ref_counted_ptr.h +166 -7
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +2 -2
- data/src/core/lib/gprpp/thd_posix.cc +42 -37
- data/src/core/lib/gprpp/thd_windows.cc +3 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +3 -3
- data/src/core/lib/http/parser.cc +47 -27
- data/src/core/lib/iomgr/call_combiner.cc +8 -5
- data/src/core/lib/iomgr/combiner.cc +2 -1
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -5
- data/src/core/lib/iomgr/error.cc +17 -12
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -13
- data/src/core/lib/iomgr/ev_epollex_linux.cc +29 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
- data/src/core/lib/iomgr/exec_ctx.cc +1 -1
- data/src/core/lib/iomgr/exec_ctx.h +16 -12
- data/src/core/lib/iomgr/executor.cc +2 -1
- data/src/core/lib/iomgr/executor.h +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +4 -4
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/load_file.h +1 -1
- data/src/core/lib/iomgr/lockfree_event.cc +19 -14
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/parse_address.cc +127 -43
- data/src/core/lib/iomgr/parse_address.h +32 -8
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
- data/src/core/lib/iomgr/python_util.h +4 -4
- data/src/core/lib/iomgr/resolve_address.cc +4 -4
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/resource_quota.cc +4 -4
- data/src/core/lib/iomgr/sockaddr_utils.cc +11 -11
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_mutator.cc +3 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_custom.cc +22 -17
- data/src/core/lib/iomgr/tcp_posix.cc +16 -12
- data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
- data/src/core/lib/iomgr/timer_custom.cc +5 -5
- data/src/core/lib/iomgr/timer_generic.cc +3 -3
- data/src/core/lib/iomgr/timer_manager.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +1 -2
- data/src/core/lib/iomgr/udp_server.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +32 -21
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +12 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.cc +58 -0
- data/src/core/lib/json/json_util.h +204 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/security/authorization/evaluate_args.cc +5 -10
- data/src/core/lib/security/authorization/evaluate_args.h +1 -1
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +13 -7
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
- data/src/core/lib/security/context/security_context.cc +4 -3
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/credentials.cc +7 -7
- data/src/core/lib/security/credentials/credentials.h +5 -4
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +25 -18
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -4
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +39 -46
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +7 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +346 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +213 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -150
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +57 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +18 -13
- data/src/core/lib/security/credentials/tls/tls_credentials.h +3 -3
- data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +244 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.h +69 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -13
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +3 -3
- data/src/core/lib/security/security_connector/security_connector.cc +4 -3
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +19 -19
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +354 -279
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +105 -61
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +4 -6
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +7 -8
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/surface/call.cc +41 -32
- data/src/core/lib/surface/call_details.cc +8 -8
- data/src/core/lib/surface/channel.cc +25 -41
- data/src/core/lib/surface/channel.h +9 -3
- data/src/core/lib/surface/channel_init.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +30 -24
- data/src/core/lib/surface/completion_queue.h +16 -16
- data/src/core/lib/surface/init.cc +45 -29
- data/src/core/lib/surface/lame_client.cc +20 -46
- data/src/core/lib/surface/lame_client.h +4 -0
- data/src/core/lib/surface/server.cc +66 -20
- data/src/core/lib/surface/server.h +42 -7
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +6 -4
- data/src/core/lib/transport/authority_override.h +7 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/bdp_estimator.h +2 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +11 -9
- data/src/core/lib/transport/error_utils.h +1 -1
- data/src/core/lib/transport/metadata.cc +16 -2
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/static_metadata.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +4 -3
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +8 -8
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +47 -20
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +18 -21
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +43 -47
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
- data/src/core/tsi/fake_transport_security.cc +7 -4
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +3 -2
- data/src/core/tsi/ssl_transport_security.cc +75 -58
- data/src/core/tsi/ssl_transport_security.h +6 -6
- data/src/core/tsi/transport_security.cc +10 -8
- data/src/core/tsi/transport_security_interface.h +1 -1
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +36 -16
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +70 -40
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +4 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +728 -720
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +107 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +155 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +112 -36
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +63 -9
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +118 -49
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +267 -95
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +210 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +8 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +27 -21
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +32 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +38 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +25 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +32 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +42 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +10 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -546
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +15 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +21 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +62 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +10 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +16 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +106 -27
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +31 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +42 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +462 -163
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +593 -440
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +22 -21
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +13 -23
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +82 -26
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +49 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +87 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +18 -22
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +537 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +59 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +194 -58
- data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
- data/third_party/upb/upb/decode.c +248 -167
- data/third_party/upb/upb/decode.h +20 -1
- data/third_party/upb/upb/decode.int.h +163 -0
- data/third_party/upb/upb/decode_fast.c +1040 -0
- data/third_party/upb/upb/decode_fast.h +126 -0
- data/third_party/upb/upb/def.c +2178 -0
- data/third_party/upb/upb/def.h +315 -0
- data/third_party/upb/upb/def.hpp +439 -0
- data/third_party/upb/upb/encode.c +227 -169
- data/third_party/upb/upb/encode.h +27 -2
- data/third_party/upb/upb/json_decode.c +1443 -0
- data/third_party/upb/upb/json_decode.h +23 -0
- data/third_party/upb/upb/json_encode.c +713 -0
- data/third_party/upb/upb/json_encode.h +36 -0
- data/third_party/upb/upb/msg.c +167 -88
- data/third_party/upb/upb/msg.h +174 -34
- data/third_party/upb/upb/port_def.inc +74 -61
- data/third_party/upb/upb/port_undef.inc +3 -7
- data/third_party/upb/upb/reflection.c +408 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/table.c +34 -197
- data/third_party/upb/upb/table.int.h +14 -5
- data/third_party/upb/upb/text_encode.c +421 -0
- data/third_party/upb/upb/text_encode.h +38 -0
- data/third_party/upb/upb/upb.c +18 -41
- data/third_party/upb/upb/upb.h +36 -7
- data/third_party/upb/upb/upb.hpp +4 -4
- data/third_party/upb/upb/upb.int.h +29 -0
- metadata +309 -63
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -946
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -537
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1141
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -354
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -142
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
- data/src/core/ext/xds/xds_channel.h +0 -46
- data/src/core/ext/xds/xds_channel_secure.cc +0 -103
- data/src/core/lib/gprpp/map.h +0 -53
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
- data/third_party/upb/upb/port.c +0 -26
@@ -105,7 +105,7 @@ BSSL_NAMESPACE_BEGIN
|
|
105
105
|
// sslVersion INTEGER, -- protocol version number
|
106
106
|
// cipher OCTET STRING, -- two bytes long
|
107
107
|
// sessionID OCTET STRING,
|
108
|
-
//
|
108
|
+
// secret OCTET STRING,
|
109
109
|
// time [1] INTEGER, -- seconds since UNIX epoch
|
110
110
|
// timeout [2] INTEGER, -- in seconds
|
111
111
|
// peer [3] Certificate OPTIONAL,
|
@@ -131,6 +131,10 @@ BSSL_NAMESPACE_BEGIN
|
|
131
131
|
// earlyALPN [26] OCTET STRING OPTIONAL,
|
132
132
|
// isQuic [27] BOOLEAN OPTIONAL,
|
133
133
|
// quicEarlyDataHash [28] OCTET STRING OPTIONAL,
|
134
|
+
// localALPS [29] OCTET STRING OPTIONAL,
|
135
|
+
// peerALPS [30] OCTET STRING OPTIONAL,
|
136
|
+
// -- Either both or none of localALPS and peerALPS must be present. If both
|
137
|
+
// -- are present, earlyALPN must be present and non-empty.
|
134
138
|
// }
|
135
139
|
//
|
136
140
|
// Note: historically this serialization has included other optional
|
@@ -194,6 +198,10 @@ static const unsigned kIsQuicTag =
|
|
194
198
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27;
|
195
199
|
static const unsigned kQuicEarlyDataContextTag =
|
196
200
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28;
|
201
|
+
static const unsigned kLocalALPSTag =
|
202
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 29;
|
203
|
+
static const unsigned kPeerALPSTag =
|
204
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 30;
|
197
205
|
|
198
206
|
static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
|
199
207
|
int for_ticket) {
|
@@ -210,8 +218,7 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
|
|
210
218
|
// The session ID is irrelevant for a session ticket.
|
211
219
|
!CBB_add_asn1_octet_string(&session, in->session_id,
|
212
220
|
for_ticket ? 0 : in->session_id_length) ||
|
213
|
-
!CBB_add_asn1_octet_string(&session, in->
|
214
|
-
in->master_key_length) ||
|
221
|
+
!CBB_add_asn1_octet_string(&session, in->secret, in->secret_length) ||
|
215
222
|
!CBB_add_asn1(&session, &child, kTimeTag) ||
|
216
223
|
!CBB_add_asn1_uint64(&child, in->time) ||
|
217
224
|
!CBB_add_asn1(&session, &child, kTimeoutTag) ||
|
@@ -411,6 +418,19 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, CBB *cbb,
|
|
411
418
|
}
|
412
419
|
}
|
413
420
|
|
421
|
+
if (in->has_application_settings) {
|
422
|
+
if (!CBB_add_asn1(&session, &child, kLocalALPSTag) ||
|
423
|
+
!CBB_add_asn1_octet_string(&child,
|
424
|
+
in->local_application_settings.data(),
|
425
|
+
in->local_application_settings.size()) ||
|
426
|
+
!CBB_add_asn1(&session, &child, kPeerALPSTag) ||
|
427
|
+
!CBB_add_asn1_octet_string(&child, in->peer_application_settings.data(),
|
428
|
+
in->peer_application_settings.size())) {
|
429
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
430
|
+
return 0;
|
431
|
+
}
|
432
|
+
}
|
433
|
+
|
414
434
|
return CBB_flush(cbb);
|
415
435
|
}
|
416
436
|
|
@@ -572,18 +592,18 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
|
|
572
592
|
return nullptr;
|
573
593
|
}
|
574
594
|
|
575
|
-
CBS session_id,
|
595
|
+
CBS session_id, secret;
|
576
596
|
if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) ||
|
577
597
|
CBS_len(&session_id) > SSL3_MAX_SSL_SESSION_ID_LENGTH ||
|
578
|
-
!CBS_get_asn1(&session, &
|
579
|
-
CBS_len(&
|
598
|
+
!CBS_get_asn1(&session, &secret, CBS_ASN1_OCTETSTRING) ||
|
599
|
+
CBS_len(&secret) > SSL_MAX_MASTER_KEY_LENGTH) {
|
580
600
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
581
601
|
return nullptr;
|
582
602
|
}
|
583
603
|
OPENSSL_memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));
|
584
604
|
ret->session_id_length = CBS_len(&session_id);
|
585
|
-
OPENSSL_memcpy(ret->
|
586
|
-
ret->
|
605
|
+
OPENSSL_memcpy(ret->secret, CBS_data(&secret), CBS_len(&secret));
|
606
|
+
ret->secret_length = CBS_len(&secret);
|
587
607
|
|
588
608
|
CBS child;
|
589
609
|
uint64_t timeout;
|
@@ -753,13 +773,33 @@ UniquePtr<SSL_SESSION> SSL_SESSION_parse(CBS *cbs,
|
|
753
773
|
!CBS_get_optional_asn1_bool(&session, &is_quic, kIsQuicTag,
|
754
774
|
/*default_value=*/false) ||
|
755
775
|
!SSL_SESSION_parse_octet_string(&session, &ret->quic_early_data_context,
|
756
|
-
kQuicEarlyDataContextTag)
|
776
|
+
kQuicEarlyDataContextTag)) {
|
777
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
778
|
+
return nullptr;
|
779
|
+
}
|
780
|
+
|
781
|
+
CBS settings;
|
782
|
+
int has_local_alps, has_peer_alps;
|
783
|
+
if (!CBS_get_optional_asn1_octet_string(&session, &settings, &has_local_alps,
|
784
|
+
kLocalALPSTag) ||
|
785
|
+
!ret->local_application_settings.CopyFrom(settings) ||
|
786
|
+
!CBS_get_optional_asn1_octet_string(&session, &settings, &has_peer_alps,
|
787
|
+
kPeerALPSTag) ||
|
788
|
+
!ret->peer_application_settings.CopyFrom(settings) ||
|
757
789
|
CBS_len(&session) != 0) {
|
758
790
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
759
791
|
return nullptr;
|
760
792
|
}
|
761
793
|
ret->is_quic = is_quic;
|
762
794
|
|
795
|
+
// The two ALPS values and ALPN must be consistent.
|
796
|
+
if (has_local_alps != has_peer_alps ||
|
797
|
+
(has_local_alps && ret->early_alpn.empty())) {
|
798
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
799
|
+
return nullptr;
|
800
|
+
}
|
801
|
+
ret->has_application_settings = has_local_alps;
|
802
|
+
|
763
803
|
if (!x509_method->session_cache_objects(ret.get())) {
|
764
804
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
|
765
805
|
return nullptr;
|
@@ -1279,14 +1279,6 @@ bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
|
|
1279
1279
|
return true;
|
1280
1280
|
}
|
1281
1281
|
|
1282
|
-
uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
|
1283
|
-
uint32_t id = cipher->id;
|
1284
|
-
// All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
|
1285
|
-
// to SSLv2 vs SSLv3.
|
1286
|
-
assert((id & 0xff000000) == 0x03000000);
|
1287
|
-
return id & 0xffff;
|
1288
|
-
}
|
1289
|
-
|
1290
1282
|
uint32_t ssl_cipher_auth_mask_for_key(const EVP_PKEY *key) {
|
1291
1283
|
switch (EVP_PKEY_id(key)) {
|
1292
1284
|
case EVP_PKEY_RSA:
|
@@ -1376,10 +1368,17 @@ const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
|
|
1376
1368
|
|
1377
1369
|
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
|
1378
1370
|
|
1379
|
-
uint16_t
|
1371
|
+
uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher) {
|
1372
|
+
// All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
|
1373
|
+
// to SSLv2 vs SSLv3.
|
1374
|
+
assert((cipher->id & 0xff000000) == 0x03000000);
|
1380
1375
|
return static_cast<uint16_t>(cipher->id);
|
1381
1376
|
}
|
1382
1377
|
|
1378
|
+
uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) {
|
1379
|
+
return SSL_CIPHER_get_protocol_id(cipher);
|
1380
|
+
}
|
1381
|
+
|
1383
1382
|
int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher) {
|
1384
1383
|
return (cipher->algorithm_mac & SSL_AEAD) != 0;
|
1385
1384
|
}
|
@@ -565,7 +565,6 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
|
|
565
565
|
grease_enabled(false),
|
566
566
|
allow_unknown_alpn_protos(false),
|
567
567
|
false_start_allowed_without_alpn(false),
|
568
|
-
ignore_tls13_downgrade(false),
|
569
568
|
handoff(false),
|
570
569
|
enable_early_data(false) {
|
571
570
|
CRYPTO_MUTEX_init(&lock);
|
@@ -711,7 +710,6 @@ SSL *SSL_new(SSL_CTX *ctx) {
|
|
711
710
|
ctx->signed_cert_timestamps_enabled;
|
712
711
|
ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
|
713
712
|
ssl->config->handoff = ctx->handoff;
|
714
|
-
ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade;
|
715
713
|
ssl->quic_method = ctx->quic_method;
|
716
714
|
|
717
715
|
if (!ssl->method->ssl_new(ssl.get()) ||
|
@@ -724,6 +722,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
|
|
724
722
|
|
725
723
|
SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
|
726
724
|
: ssl(ssl_arg),
|
725
|
+
ech_grease_enabled(false),
|
727
726
|
signed_cert_timestamps_enabled(false),
|
728
727
|
ocsp_stapling_enabled(false),
|
729
728
|
channel_id_enabled(false),
|
@@ -731,8 +730,8 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
|
|
731
730
|
retain_only_sha256_of_client_certs(false),
|
732
731
|
handoff(false),
|
733
732
|
shed_handshake_config(false),
|
734
|
-
|
735
|
-
|
733
|
+
jdk11_workaround(false),
|
734
|
+
quic_use_legacy_codepoint(true) {
|
736
735
|
assert(ssl);
|
737
736
|
}
|
738
737
|
|
@@ -1294,6 +1293,43 @@ enum ssl_early_data_reason_t SSL_get_early_data_reason(const SSL *ssl) {
|
|
1294
1293
|
return ssl->s3->early_data_reason;
|
1295
1294
|
}
|
1296
1295
|
|
1296
|
+
const char *SSL_early_data_reason_string(enum ssl_early_data_reason_t reason) {
|
1297
|
+
switch (reason) {
|
1298
|
+
case ssl_early_data_unknown:
|
1299
|
+
return "unknown";
|
1300
|
+
case ssl_early_data_disabled:
|
1301
|
+
return "disabled";
|
1302
|
+
case ssl_early_data_accepted:
|
1303
|
+
return "accepted";
|
1304
|
+
case ssl_early_data_protocol_version:
|
1305
|
+
return "protocol_version";
|
1306
|
+
case ssl_early_data_peer_declined:
|
1307
|
+
return "peer_declined";
|
1308
|
+
case ssl_early_data_no_session_offered:
|
1309
|
+
return "no_session_offered";
|
1310
|
+
case ssl_early_data_session_not_resumed:
|
1311
|
+
return "session_not_resumed";
|
1312
|
+
case ssl_early_data_unsupported_for_session:
|
1313
|
+
return "unsupported_for_session";
|
1314
|
+
case ssl_early_data_hello_retry_request:
|
1315
|
+
return "hello_retry_request";
|
1316
|
+
case ssl_early_data_alpn_mismatch:
|
1317
|
+
return "alpn_mismatch";
|
1318
|
+
case ssl_early_data_channel_id:
|
1319
|
+
return "channel_id";
|
1320
|
+
case ssl_early_data_token_binding:
|
1321
|
+
return "token_binding";
|
1322
|
+
case ssl_early_data_ticket_age_skew:
|
1323
|
+
return "ticket_age_skew";
|
1324
|
+
case ssl_early_data_quic_parameter_mismatch:
|
1325
|
+
return "quic_parameter_mismatch";
|
1326
|
+
case ssl_early_data_alps_mismatch:
|
1327
|
+
return "alps_mismatch";
|
1328
|
+
}
|
1329
|
+
|
1330
|
+
return nullptr;
|
1331
|
+
}
|
1332
|
+
|
1297
1333
|
static int bio_retry_reason_to_error(int reason) {
|
1298
1334
|
switch (reason) {
|
1299
1335
|
case BIO_RR_CONNECT:
|
@@ -1432,6 +1468,13 @@ const char *SSL_error_description(int err) {
|
|
1432
1468
|
}
|
1433
1469
|
}
|
1434
1470
|
|
1471
|
+
void SSL_set_enable_ech_grease(SSL *ssl, int enable) {
|
1472
|
+
if (!ssl->config) {
|
1473
|
+
return;
|
1474
|
+
}
|
1475
|
+
ssl->config->ech_grease_enabled = !!enable;
|
1476
|
+
}
|
1477
|
+
|
1435
1478
|
uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
|
1436
1479
|
ctx->options |= options;
|
1437
1480
|
return ctx->options;
|
@@ -2241,6 +2284,36 @@ void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) {
|
|
2241
2284
|
ctx->allow_unknown_alpn_protos = !!enabled;
|
2242
2285
|
}
|
2243
2286
|
|
2287
|
+
int SSL_add_application_settings(SSL *ssl, const uint8_t *proto,
|
2288
|
+
size_t proto_len, const uint8_t *settings,
|
2289
|
+
size_t settings_len) {
|
2290
|
+
if (!ssl->config) {
|
2291
|
+
return 0;
|
2292
|
+
}
|
2293
|
+
ALPSConfig config;
|
2294
|
+
if (!config.protocol.CopyFrom(MakeConstSpan(proto, proto_len)) ||
|
2295
|
+
!config.settings.CopyFrom(MakeConstSpan(settings, settings_len)) ||
|
2296
|
+
!ssl->config->alps_configs.Push(std::move(config))) {
|
2297
|
+
return 0;
|
2298
|
+
}
|
2299
|
+
return 1;
|
2300
|
+
}
|
2301
|
+
|
2302
|
+
void SSL_get0_peer_application_settings(const SSL *ssl,
|
2303
|
+
const uint8_t **out_data,
|
2304
|
+
size_t *out_len) {
|
2305
|
+
const SSL_SESSION *session = SSL_get_session(ssl);
|
2306
|
+
Span<const uint8_t> settings =
|
2307
|
+
session ? session->peer_application_settings : Span<const uint8_t>();
|
2308
|
+
*out_data = settings.data();
|
2309
|
+
*out_len = settings.size();
|
2310
|
+
}
|
2311
|
+
|
2312
|
+
int SSL_has_application_settings(const SSL *ssl) {
|
2313
|
+
const SSL_SESSION *session = SSL_get_session(ssl);
|
2314
|
+
return session && session->has_application_settings;
|
2315
|
+
}
|
2316
|
+
|
2244
2317
|
int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, uint16_t alg_id,
|
2245
2318
|
ssl_cert_compression_func_t compress,
|
2246
2319
|
ssl_cert_decompression_func_t decompress) {
|
@@ -2862,22 +2935,15 @@ void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
|
|
2862
2935
|
ctx->false_start_allowed_without_alpn = !!allowed;
|
2863
2936
|
}
|
2864
2937
|
|
2865
|
-
int SSL_is_tls13_downgrade(const SSL *ssl) { return
|
2938
|
+
int SSL_is_tls13_downgrade(const SSL *ssl) { return 0; }
|
2866
2939
|
|
2867
2940
|
int SSL_used_hello_retry_request(const SSL *ssl) {
|
2868
2941
|
return ssl->s3->used_hello_retry_request;
|
2869
2942
|
}
|
2870
2943
|
|
2871
|
-
void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {
|
2872
|
-
ctx->ignore_tls13_downgrade = !!ignore;
|
2873
|
-
}
|
2944
|
+
void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {}
|
2874
2945
|
|
2875
|
-
void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {
|
2876
|
-
if (!ssl->config) {
|
2877
|
-
return;
|
2878
|
-
}
|
2879
|
-
ssl->config->ignore_tls13_downgrade = !!ignore;
|
2880
|
-
}
|
2946
|
+
void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {}
|
2881
2947
|
|
2882
2948
|
void SSL_set_shed_handshake_config(SSL *ssl, int enable) {
|
2883
2949
|
if (!ssl->config) {
|
@@ -2893,6 +2959,13 @@ void SSL_set_jdk11_workaround(SSL *ssl, int enable) {
|
|
2893
2959
|
ssl->config->jdk11_workaround = !!enable;
|
2894
2960
|
}
|
2895
2961
|
|
2962
|
+
void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) {
|
2963
|
+
if (!ssl->config) {
|
2964
|
+
return;
|
2965
|
+
}
|
2966
|
+
ssl->config->quic_use_legacy_codepoint = !!use_legacy;
|
2967
|
+
}
|
2968
|
+
|
2896
2969
|
int SSL_clear(SSL *ssl) {
|
2897
2970
|
if (!ssl->config) {
|
2898
2971
|
return 0; // SSL_clear may not be used after shedding config.
|
@@ -202,9 +202,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
202
202
|
OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
|
203
203
|
|
204
204
|
// Copy the key material.
|
205
|
-
new_session->
|
206
|
-
OPENSSL_memcpy(new_session->
|
207
|
-
session->master_key_length);
|
205
|
+
new_session->secret_length = session->secret_length;
|
206
|
+
OPENSSL_memcpy(new_session->secret, session->secret, session->secret_length);
|
208
207
|
new_session->cipher = session->cipher;
|
209
208
|
|
210
209
|
// Copy authentication state.
|
@@ -264,13 +263,15 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
264
263
|
new_session->ticket_age_add = session->ticket_age_add;
|
265
264
|
new_session->ticket_max_early_data = session->ticket_max_early_data;
|
266
265
|
new_session->extended_master_secret = session->extended_master_secret;
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
session->
|
266
|
+
new_session->has_application_settings = session->has_application_settings;
|
267
|
+
|
268
|
+
if (!new_session->early_alpn.CopyFrom(session->early_alpn) ||
|
269
|
+
!new_session->quic_early_data_context.CopyFrom(
|
270
|
+
session->quic_early_data_context) ||
|
271
|
+
!new_session->local_application_settings.CopyFrom(
|
272
|
+
session->local_application_settings) ||
|
273
|
+
!new_session->peer_application_settings.CopyFrom(
|
274
|
+
session->peer_application_settings)) {
|
274
275
|
return nullptr;
|
275
276
|
}
|
276
277
|
}
|
@@ -364,12 +365,6 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
364
365
|
session->is_server = is_server;
|
365
366
|
session->ssl_version = ssl->version;
|
366
367
|
session->is_quic = ssl->quic_method != nullptr;
|
367
|
-
if (is_server && ssl->enable_early_data && session->is_quic) {
|
368
|
-
if (!session->quic_early_data_context.CopyFrom(
|
369
|
-
hs->config->quic_early_data_context)) {
|
370
|
-
return 0;
|
371
|
-
}
|
372
|
-
}
|
373
368
|
|
374
369
|
// Fill in the time from the |SSL_CTX|'s clock.
|
375
370
|
struct OPENSSL_timeval now;
|
@@ -870,7 +865,8 @@ ssl_session_st::ssl_session_st(const SSL_X509_METHOD *method)
|
|
870
865
|
not_resumable(false),
|
871
866
|
ticket_age_add_valid(false),
|
872
867
|
is_server(false),
|
873
|
-
is_quic(false)
|
868
|
+
is_quic(false),
|
869
|
+
has_application_settings(false) {
|
874
870
|
CRYPTO_new_ex_data(&ex_data);
|
875
871
|
time = ::time(nullptr);
|
876
872
|
}
|
@@ -966,14 +962,14 @@ void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
|
|
966
962
|
|
967
963
|
size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
|
968
964
|
size_t max_out) {
|
969
|
-
// TODO(davidben): Fix
|
965
|
+
// TODO(davidben): Fix secret_length's type and remove these casts.
|
970
966
|
if (max_out == 0) {
|
971
|
-
return (size_t)session->
|
967
|
+
return (size_t)session->secret_length;
|
972
968
|
}
|
973
|
-
if (max_out > (size_t)session->
|
974
|
-
max_out = (size_t)session->
|
969
|
+
if (max_out > (size_t)session->secret_length) {
|
970
|
+
max_out = (size_t)session->secret_length;
|
975
971
|
}
|
976
|
-
OPENSSL_memcpy(out, session->
|
972
|
+
OPENSSL_memcpy(out, session->secret, max_out);
|
977
973
|
return max_out;
|
978
974
|
}
|
979
975
|
|
@@ -265,8 +265,8 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len,
|
|
265
265
|
|
266
266
|
static const size_t kFinishedLen = 12;
|
267
267
|
if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen),
|
268
|
-
MakeConstSpan(session->
|
269
|
-
|
268
|
+
MakeConstSpan(session->secret, session->secret_length), label,
|
269
|
+
MakeConstSpan(digest, digest_len), {})) {
|
270
270
|
return false;
|
271
271
|
}
|
272
272
|
|
@@ -191,15 +191,14 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len,
|
|
191
191
|
|
192
192
|
static bool generate_key_block(const SSL *ssl, Span<uint8_t> out,
|
193
193
|
const SSL_SESSION *session) {
|
194
|
-
auto
|
195
|
-
MakeConstSpan(session->master_key, session->master_key_length);
|
194
|
+
auto secret = MakeConstSpan(session->secret, session->secret_length);
|
196
195
|
static const char kLabel[] = "key expansion";
|
197
196
|
auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1);
|
198
197
|
|
199
198
|
const EVP_MD *digest = ssl_session_get_digest(session);
|
200
199
|
// Note this function assumes that |session|'s key material corresponds to
|
201
200
|
// |ssl->s3->client_random| and |ssl->s3->server_random|.
|
202
|
-
return tls1_prf(digest, out,
|
201
|
+
return tls1_prf(digest, out, secret, label, ssl->s3->server_random,
|
203
202
|
ssl->s3->client_random);
|
204
203
|
}
|
205
204
|
|
@@ -379,8 +378,7 @@ int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
|
|
379
378
|
|
380
379
|
const SSL_SESSION *session = SSL_get_session(ssl);
|
381
380
|
const EVP_MD *digest = ssl_session_get_digest(session);
|
382
|
-
return tls1_prf(
|
383
|
-
|
384
|
-
|
385
|
-
MakeConstSpan(label, label_len), seed, {});
|
381
|
+
return tls1_prf(digest, MakeSpan(out, out_len),
|
382
|
+
MakeConstSpan(session->secret, session->secret_length),
|
383
|
+
MakeConstSpan(label, label_len), seed, {});
|
386
384
|
}
|
@@ -113,10 +113,13 @@
|
|
113
113
|
#include <stdlib.h>
|
114
114
|
#include <string.h>
|
115
115
|
|
116
|
+
#include <algorithm>
|
116
117
|
#include <utility>
|
117
118
|
|
119
|
+
#include <openssl/aead.h>
|
118
120
|
#include <openssl/bytestring.h>
|
119
121
|
#include <openssl/chacha.h>
|
122
|
+
#include <openssl/curve25519.h>
|
120
123
|
#include <openssl/digest.h>
|
121
124
|
#include <openssl/err.h>
|
122
125
|
#include <openssl/evp.h>
|
@@ -125,13 +128,15 @@
|
|
125
128
|
#include <openssl/nid.h>
|
126
129
|
#include <openssl/rand.h>
|
127
130
|
|
128
|
-
#include "internal.h"
|
131
|
+
#include "../crypto/hpke/internal.h"
|
129
132
|
#include "../crypto/internal.h"
|
133
|
+
#include "internal.h"
|
130
134
|
|
131
135
|
|
132
136
|
BSSL_NAMESPACE_BEGIN
|
133
137
|
|
134
138
|
static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
|
139
|
+
static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs);
|
135
140
|
|
136
141
|
static int compare_uint16_t(const void *p1, const void *p2) {
|
137
142
|
uint16_t u1 = *((const uint16_t *)p1);
|
@@ -512,7 +517,7 @@ struct tls_extension {
|
|
512
517
|
};
|
513
518
|
|
514
519
|
static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
515
|
-
|
520
|
+
CBS *contents) {
|
516
521
|
if (contents != NULL) {
|
517
522
|
// Servers MUST NOT send this extension.
|
518
523
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
@@ -524,7 +529,7 @@ static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
524
529
|
}
|
525
530
|
|
526
531
|
static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
527
|
-
|
532
|
+
CBS *contents) {
|
528
533
|
// This extension from the client is handled elsewhere.
|
529
534
|
return true;
|
530
535
|
}
|
@@ -586,6 +591,182 @@ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
586
591
|
}
|
587
592
|
|
588
593
|
|
594
|
+
// Encrypted Client Hello (ECH)
|
595
|
+
//
|
596
|
+
// https://tools.ietf.org/html/draft-ietf-tls-esni-09
|
597
|
+
|
598
|
+
// random_size returns a random value between |min| and |max|, inclusive.
|
599
|
+
static size_t random_size(size_t min, size_t max) {
|
600
|
+
assert(min < max);
|
601
|
+
size_t value;
|
602
|
+
RAND_bytes(reinterpret_cast<uint8_t *>(&value), sizeof(value));
|
603
|
+
return value % (max - min + 1) + min;
|
604
|
+
}
|
605
|
+
|
606
|
+
static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) {
|
607
|
+
// If we are responding to the server's HelloRetryRequest, we repeat the bytes
|
608
|
+
// of the first ECH GREASE extension.
|
609
|
+
if (hs->ssl->s3->used_hello_retry_request) {
|
610
|
+
CBB ech_body;
|
611
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
612
|
+
!CBB_add_u16_length_prefixed(out, &ech_body) ||
|
613
|
+
!CBB_add_bytes(&ech_body, hs->ech_grease.data(),
|
614
|
+
hs->ech_grease.size()) ||
|
615
|
+
!CBB_flush(out)) {
|
616
|
+
return false;
|
617
|
+
}
|
618
|
+
return true;
|
619
|
+
}
|
620
|
+
|
621
|
+
constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256;
|
622
|
+
const uint16_t aead_id = EVP_has_aes_hardware()
|
623
|
+
? EVP_HPKE_AEAD_AES_GCM_128
|
624
|
+
: EVP_HPKE_AEAD_CHACHA20POLY1305;
|
625
|
+
const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id);
|
626
|
+
assert(aead != nullptr);
|
627
|
+
|
628
|
+
uint8_t ech_config_id[8];
|
629
|
+
RAND_bytes(ech_config_id, sizeof(ech_config_id));
|
630
|
+
|
631
|
+
uint8_t ech_enc[X25519_PUBLIC_VALUE_LEN];
|
632
|
+
uint8_t private_key_unused[X25519_PRIVATE_KEY_LEN];
|
633
|
+
X25519_keypair(ech_enc, private_key_unused);
|
634
|
+
|
635
|
+
// To determine a plausible length for the payload, we first estimate the size
|
636
|
+
// of a typical EncodedClientHelloInner, with an expected use of
|
637
|
+
// outer_extensions. To limit the size, we only consider initial ClientHellos
|
638
|
+
// that do not offer resumption.
|
639
|
+
//
|
640
|
+
// Field/Extension Size
|
641
|
+
// ---------------------------------------------------------------------
|
642
|
+
// version 2
|
643
|
+
// random 32
|
644
|
+
// legacy_session_id 1
|
645
|
+
// - Has a U8 length prefix, but body is
|
646
|
+
// always empty string in inner CH.
|
647
|
+
// cipher_suites 2 (length prefix)
|
648
|
+
// - Only includes TLS 1.3 ciphers (3). 6
|
649
|
+
// - Maybe also include a GREASE suite. 2
|
650
|
+
// legacy_compression_methods 2 (length prefix)
|
651
|
+
// - Always has "null" compression method. 1
|
652
|
+
// extensions: 2 (length prefix)
|
653
|
+
// - encrypted_client_hello (empty). 4 (id + length prefix)
|
654
|
+
// - supported_versions. 4 (id + length prefix)
|
655
|
+
// - U8 length prefix 1
|
656
|
+
// - U16 protocol version (TLS 1.3) 2
|
657
|
+
// - outer_extensions. 4 (id + length prefix)
|
658
|
+
// - U8 length prefix 1
|
659
|
+
// - N extension IDs (2 bytes each):
|
660
|
+
// - key_share 2
|
661
|
+
// - sigalgs 2
|
662
|
+
// - sct 2
|
663
|
+
// - alpn 2
|
664
|
+
// - supported_groups. 2
|
665
|
+
// - status_request. 2
|
666
|
+
// - psk_key_exchange_modes. 2
|
667
|
+
// - compress_certificate. 2
|
668
|
+
//
|
669
|
+
// The server_name extension has an overhead of 9 bytes, plus up to an
|
670
|
+
// estimated 100 bytes of hostname. Rounding up to a multiple of 32 yields a
|
671
|
+
// range of 96 to 192. Note that this estimate does not fully capture
|
672
|
+
// optional extensions like GREASE, but the rounding gives some leeway.
|
673
|
+
|
674
|
+
uint8_t payload[EVP_AEAD_MAX_OVERHEAD + 192];
|
675
|
+
const size_t payload_len =
|
676
|
+
EVP_AEAD_max_overhead(aead) + 32 * random_size(96 / 32, 192 / 32);
|
677
|
+
assert(payload_len <= sizeof(payload));
|
678
|
+
RAND_bytes(payload, payload_len);
|
679
|
+
|
680
|
+
// Inside the TLS extension contents, write a serialized ClientEncryptedCH.
|
681
|
+
CBB ech_body, config_id_cbb, enc_cbb, payload_cbb;
|
682
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
683
|
+
!CBB_add_u16_length_prefixed(out, &ech_body) ||
|
684
|
+
!CBB_add_u16(&ech_body, kdf_id) || //
|
685
|
+
!CBB_add_u16(&ech_body, aead_id) ||
|
686
|
+
!CBB_add_u8_length_prefixed(&ech_body, &config_id_cbb) ||
|
687
|
+
!CBB_add_bytes(&config_id_cbb, ech_config_id, sizeof(ech_config_id)) ||
|
688
|
+
!CBB_add_u16_length_prefixed(&ech_body, &enc_cbb) ||
|
689
|
+
!CBB_add_bytes(&enc_cbb, ech_enc, OPENSSL_ARRAY_SIZE(ech_enc)) ||
|
690
|
+
!CBB_add_u16_length_prefixed(&ech_body, &payload_cbb) ||
|
691
|
+
!CBB_add_bytes(&payload_cbb, payload, payload_len) || //
|
692
|
+
!CBB_flush(&ech_body)) {
|
693
|
+
return false;
|
694
|
+
}
|
695
|
+
// Save the bytes of the newly-generated extension in case the server sends
|
696
|
+
// a HelloRetryRequest.
|
697
|
+
if (!hs->ech_grease.CopyFrom(
|
698
|
+
MakeConstSpan(CBB_data(&ech_body), CBB_len(&ech_body)))) {
|
699
|
+
return false;
|
700
|
+
}
|
701
|
+
return CBB_flush(out);
|
702
|
+
}
|
703
|
+
|
704
|
+
static bool ext_ech_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
705
|
+
if (hs->max_version < TLS1_3_VERSION) {
|
706
|
+
return true;
|
707
|
+
}
|
708
|
+
if (hs->config->ech_grease_enabled) {
|
709
|
+
return ext_ech_add_clienthello_grease(hs, out);
|
710
|
+
}
|
711
|
+
// Nothing to do, since we don't yet implement the non-GREASE parts of ECH.
|
712
|
+
return true;
|
713
|
+
}
|
714
|
+
|
715
|
+
static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
716
|
+
CBS *contents) {
|
717
|
+
if (contents == NULL) {
|
718
|
+
return true;
|
719
|
+
}
|
720
|
+
|
721
|
+
// If the client only sent GREASE, we must check the extension syntactically.
|
722
|
+
CBS ech_configs;
|
723
|
+
if (!CBS_get_u16_length_prefixed(contents, &ech_configs) ||
|
724
|
+
CBS_len(&ech_configs) == 0 || //
|
725
|
+
CBS_len(contents) > 0) {
|
726
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
727
|
+
return false;
|
728
|
+
}
|
729
|
+
while (CBS_len(&ech_configs) > 0) {
|
730
|
+
// Do a top-level parse of the ECHConfig, stopping before ECHConfigContents.
|
731
|
+
uint16_t version;
|
732
|
+
CBS ech_config_contents;
|
733
|
+
if (!CBS_get_u16(&ech_configs, &version) ||
|
734
|
+
!CBS_get_u16_length_prefixed(&ech_configs, &ech_config_contents)) {
|
735
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
736
|
+
return false;
|
737
|
+
}
|
738
|
+
}
|
739
|
+
return true;
|
740
|
+
}
|
741
|
+
|
742
|
+
static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
743
|
+
CBS *contents) {
|
744
|
+
if (contents != nullptr) {
|
745
|
+
hs->ech_present = true;
|
746
|
+
return true;
|
747
|
+
}
|
748
|
+
return true;
|
749
|
+
}
|
750
|
+
|
751
|
+
static bool ext_ech_is_inner_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
752
|
+
return true;
|
753
|
+
}
|
754
|
+
|
755
|
+
static bool ext_ech_is_inner_parse_clienthello(SSL_HANDSHAKE *hs,
|
756
|
+
uint8_t *out_alert,
|
757
|
+
CBS *contents) {
|
758
|
+
if (contents == nullptr) {
|
759
|
+
return true;
|
760
|
+
}
|
761
|
+
if (CBS_len(contents) > 0) {
|
762
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
763
|
+
return false;
|
764
|
+
}
|
765
|
+
hs->ech_is_inner_present = true;
|
766
|
+
return true;
|
767
|
+
}
|
768
|
+
|
769
|
+
|
589
770
|
// Renegotiation indication.
|
590
771
|
//
|
591
772
|
// https://tools.ietf.org/html/rfc5746
|
@@ -1380,7 +1561,6 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1380
1561
|
CBS protocol_name_list_copy = protocol_name_list;
|
1381
1562
|
while (CBS_len(&protocol_name_list_copy) > 0) {
|
1382
1563
|
CBS protocol_name;
|
1383
|
-
|
1384
1564
|
if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
|
1385
1565
|
// Empty protocol names are forbidden.
|
1386
1566
|
CBS_len(&protocol_name) == 0) {
|
@@ -1946,6 +2126,21 @@ static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
1946
2126
|
//
|
1947
2127
|
// https://tools.ietf.org/html/rfc8446#section-4.2.10
|
1948
2128
|
|
2129
|
+
// ssl_get_local_application_settings looks up the configured ALPS value for
|
2130
|
+
// |protocol|. If found, it sets |*out_settings| to the value and returns true.
|
2131
|
+
// Otherwise, it returns false.
|
2132
|
+
static bool ssl_get_local_application_settings(
|
2133
|
+
const SSL_HANDSHAKE *hs, Span<const uint8_t> *out_settings,
|
2134
|
+
Span<const uint8_t> protocol) {
|
2135
|
+
for (const ALPSConfig &config : hs->config->alps_configs) {
|
2136
|
+
if (protocol == config.protocol) {
|
2137
|
+
*out_settings = config.settings;
|
2138
|
+
return true;
|
2139
|
+
}
|
2140
|
+
}
|
2141
|
+
return false;
|
2142
|
+
}
|
2143
|
+
|
1949
2144
|
static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
1950
2145
|
SSL *const ssl = hs->ssl;
|
1951
2146
|
// The second ClientHello never offers early data, and we must have already
|
@@ -1978,13 +2173,25 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1978
2173
|
return true;
|
1979
2174
|
}
|
1980
2175
|
|
1981
|
-
|
1982
|
-
|
1983
|
-
|
1984
|
-
|
1985
|
-
|
1986
|
-
|
1987
|
-
|
2176
|
+
if (!ssl->session->early_alpn.empty()) {
|
2177
|
+
if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
|
2178
|
+
// Avoid reporting a confusing value in |SSL_get0_alpn_selected|.
|
2179
|
+
ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
|
2180
|
+
return true;
|
2181
|
+
}
|
2182
|
+
|
2183
|
+
// If the previous connection negotiated ALPS, only offer 0-RTT when the
|
2184
|
+
// local are settings are consistent with what we'd offer for this
|
2185
|
+
// connection.
|
2186
|
+
if (ssl->session->has_application_settings) {
|
2187
|
+
Span<const uint8_t> settings;
|
2188
|
+
if (!ssl_get_local_application_settings(hs, &settings,
|
2189
|
+
ssl->session->early_alpn) ||
|
2190
|
+
settings != ssl->session->local_application_settings) {
|
2191
|
+
ssl->s3->early_data_reason = ssl_early_data_alps_mismatch;
|
2192
|
+
return true;
|
2193
|
+
}
|
2194
|
+
}
|
1988
2195
|
}
|
1989
2196
|
|
1990
2197
|
// |early_data_reason| will be filled in later when the server responds.
|
@@ -2258,7 +2465,8 @@ bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
2258
2465
|
return true;
|
2259
2466
|
}
|
2260
2467
|
|
2261
|
-
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out
|
2468
|
+
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out,
|
2469
|
+
bool dry_run) {
|
2262
2470
|
uint16_t group_id;
|
2263
2471
|
CBB kse_bytes, public_key;
|
2264
2472
|
if (!tls1_get_shared_group(hs, &group_id) ||
|
@@ -2271,10 +2479,10 @@ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2271
2479
|
!CBB_flush(out)) {
|
2272
2480
|
return false;
|
2273
2481
|
}
|
2274
|
-
|
2275
|
-
|
2276
|
-
|
2277
|
-
|
2482
|
+
if (!dry_run) {
|
2483
|
+
hs->ecdh_public_key.Reset();
|
2484
|
+
hs->new_session->group_id = group_id;
|
2485
|
+
}
|
2278
2486
|
return true;
|
2279
2487
|
}
|
2280
2488
|
|
@@ -2568,8 +2776,8 @@ static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2568
2776
|
|
2569
2777
|
// QUIC Transport Parameters
|
2570
2778
|
|
2571
|
-
static bool
|
2572
|
-
|
2779
|
+
static bool ext_quic_transport_params_add_clienthello_impl(
|
2780
|
+
SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
|
2573
2781
|
if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
|
2574
2782
|
return true;
|
2575
2783
|
}
|
@@ -2581,9 +2789,18 @@ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
|
2581
2789
|
return false;
|
2582
2790
|
}
|
2583
2791
|
assert(hs->min_version > TLS1_2_VERSION);
|
2792
|
+
if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
2793
|
+
// Do nothing, we'll send the other codepoint.
|
2794
|
+
return true;
|
2795
|
+
}
|
2796
|
+
|
2797
|
+
uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
|
2798
|
+
if (hs->config->quic_use_legacy_codepoint) {
|
2799
|
+
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
|
2800
|
+
}
|
2584
2801
|
|
2585
2802
|
CBB contents;
|
2586
|
-
if (!CBB_add_u16(out,
|
2803
|
+
if (!CBB_add_u16(out, extension_type) ||
|
2587
2804
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2588
2805
|
!CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
|
2589
2806
|
hs->config->quic_transport_params.size()) ||
|
@@ -2593,31 +2810,57 @@ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
|
2593
2810
|
return true;
|
2594
2811
|
}
|
2595
2812
|
|
2596
|
-
static bool
|
2597
|
-
|
2598
|
-
|
2813
|
+
static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
2814
|
+
CBB *out) {
|
2815
|
+
return ext_quic_transport_params_add_clienthello_impl(
|
2816
|
+
hs, out, /*use_legacy_codepoint=*/false);
|
2817
|
+
}
|
2818
|
+
|
2819
|
+
static bool ext_quic_transport_params_add_clienthello_legacy(SSL_HANDSHAKE *hs,
|
2820
|
+
CBB *out) {
|
2821
|
+
return ext_quic_transport_params_add_clienthello_impl(
|
2822
|
+
hs, out, /*use_legacy_codepoint=*/true);
|
2823
|
+
}
|
2824
|
+
|
2825
|
+
static bool ext_quic_transport_params_parse_serverhello_impl(
|
2826
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
|
2827
|
+
bool used_legacy_codepoint) {
|
2599
2828
|
SSL *const ssl = hs->ssl;
|
2600
2829
|
if (contents == nullptr) {
|
2830
|
+
if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
2831
|
+
// Silently ignore because we expect the other QUIC codepoint.
|
2832
|
+
return true;
|
2833
|
+
}
|
2601
2834
|
if (!ssl->quic_method) {
|
2602
2835
|
return true;
|
2603
2836
|
}
|
2604
|
-
assert(ssl->quic_method);
|
2605
2837
|
*out_alert = SSL_AD_MISSING_EXTENSION;
|
2606
2838
|
return false;
|
2607
2839
|
}
|
2608
|
-
|
2609
|
-
|
2610
|
-
|
2611
|
-
}
|
2612
|
-
// QUIC requires TLS 1.3.
|
2840
|
+
// The extensions parser will check for unsolicited extensions before
|
2841
|
+
// calling the callback.
|
2842
|
+
assert(ssl->quic_method != nullptr);
|
2613
2843
|
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
2614
|
-
|
2844
|
+
assert(used_legacy_codepoint == hs->config->quic_use_legacy_codepoint);
|
2615
2845
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2616
2846
|
}
|
2617
2847
|
|
2618
|
-
static bool
|
2848
|
+
static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
|
2619
2849
|
uint8_t *out_alert,
|
2620
2850
|
CBS *contents) {
|
2851
|
+
return ext_quic_transport_params_parse_serverhello_impl(
|
2852
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/false);
|
2853
|
+
}
|
2854
|
+
|
2855
|
+
static bool ext_quic_transport_params_parse_serverhello_legacy(
|
2856
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
|
2857
|
+
return ext_quic_transport_params_parse_serverhello_impl(
|
2858
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/true);
|
2859
|
+
}
|
2860
|
+
|
2861
|
+
static bool ext_quic_transport_params_parse_clienthello_impl(
|
2862
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
|
2863
|
+
bool used_legacy_codepoint) {
|
2621
2864
|
SSL *const ssl = hs->ssl;
|
2622
2865
|
if (!contents) {
|
2623
2866
|
if (!ssl->quic_method) {
|
@@ -2628,29 +2871,72 @@ static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2628
2871
|
// for QUIC.
|
2629
2872
|
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2630
2873
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
2874
|
+
return false;
|
2875
|
+
}
|
2876
|
+
if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
2877
|
+
// Silently ignore because we expect the other QUIC codepoint.
|
2878
|
+
return true;
|
2631
2879
|
}
|
2632
2880
|
*out_alert = SSL_AD_MISSING_EXTENSION;
|
2633
2881
|
return false;
|
2634
2882
|
}
|
2635
2883
|
if (!ssl->quic_method) {
|
2884
|
+
if (used_legacy_codepoint) {
|
2885
|
+
// Ignore the legacy private-use codepoint because that could be sent
|
2886
|
+
// to mean something else than QUIC transport parameters.
|
2887
|
+
return true;
|
2888
|
+
}
|
2889
|
+
// Fail if we received the codepoint registered with IANA for QUIC
|
2890
|
+
// because that is not allowed outside of QUIC.
|
2636
2891
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
2637
2892
|
return false;
|
2638
2893
|
}
|
2639
2894
|
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
2895
|
+
if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
2896
|
+
// Silently ignore because we expect the other QUIC codepoint.
|
2897
|
+
return true;
|
2898
|
+
}
|
2640
2899
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
2641
2900
|
}
|
2642
2901
|
|
2643
|
-
static bool
|
2644
|
-
|
2902
|
+
static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
|
2903
|
+
uint8_t *out_alert,
|
2904
|
+
CBS *contents) {
|
2905
|
+
return ext_quic_transport_params_parse_clienthello_impl(
|
2906
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/false);
|
2907
|
+
}
|
2908
|
+
|
2909
|
+
static bool ext_quic_transport_params_parse_clienthello_legacy(
|
2910
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
|
2911
|
+
return ext_quic_transport_params_parse_clienthello_impl(
|
2912
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/true);
|
2913
|
+
}
|
2914
|
+
|
2915
|
+
static bool ext_quic_transport_params_add_serverhello_impl(
|
2916
|
+
SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
|
2917
|
+
if (hs->ssl->quic_method == nullptr && use_legacy_codepoint) {
|
2918
|
+
// Ignore the legacy private-use codepoint because that could be sent
|
2919
|
+
// to mean something else than QUIC transport parameters.
|
2920
|
+
return true;
|
2921
|
+
}
|
2645
2922
|
assert(hs->ssl->quic_method != nullptr);
|
2646
2923
|
if (hs->config->quic_transport_params.empty()) {
|
2647
2924
|
// Transport parameters must be set when using QUIC.
|
2648
2925
|
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
2649
2926
|
return false;
|
2650
2927
|
}
|
2928
|
+
if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
2929
|
+
// Do nothing, we'll send the other codepoint.
|
2930
|
+
return true;
|
2931
|
+
}
|
2932
|
+
|
2933
|
+
uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
|
2934
|
+
if (hs->config->quic_use_legacy_codepoint) {
|
2935
|
+
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
|
2936
|
+
}
|
2651
2937
|
|
2652
2938
|
CBB contents;
|
2653
|
-
if (!CBB_add_u16(out,
|
2939
|
+
if (!CBB_add_u16(out, extension_type) ||
|
2654
2940
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
2655
2941
|
!CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
|
2656
2942
|
hs->config->quic_transport_params.size()) ||
|
@@ -2661,6 +2947,18 @@ static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
|
|
2661
2947
|
return true;
|
2662
2948
|
}
|
2663
2949
|
|
2950
|
+
static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
|
2951
|
+
CBB *out) {
|
2952
|
+
return ext_quic_transport_params_add_serverhello_impl(
|
2953
|
+
hs, out, /*use_legacy_codepoint=*/false);
|
2954
|
+
}
|
2955
|
+
|
2956
|
+
static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs,
|
2957
|
+
CBB *out) {
|
2958
|
+
return ext_quic_transport_params_add_serverhello_impl(
|
2959
|
+
hs, out, /*use_legacy_codepoint=*/true);
|
2960
|
+
}
|
2961
|
+
|
2664
2962
|
// Delegated credentials.
|
2665
2963
|
//
|
2666
2964
|
// https://tools.ietf.org/html/draft-ietf-tls-subcerts
|
@@ -2797,6 +3095,144 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2797
3095
|
return true;
|
2798
3096
|
}
|
2799
3097
|
|
3098
|
+
// Application-level Protocol Settings
|
3099
|
+
//
|
3100
|
+
// https://tools.ietf.org/html/draft-vvv-tls-alps-01
|
3101
|
+
|
3102
|
+
static bool ext_alps_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
3103
|
+
SSL *const ssl = hs->ssl;
|
3104
|
+
if (// ALPS requires TLS 1.3.
|
3105
|
+
hs->max_version < TLS1_3_VERSION ||
|
3106
|
+
// Do not offer ALPS without ALPN.
|
3107
|
+
hs->config->alpn_client_proto_list.empty() ||
|
3108
|
+
// Do not offer ALPS if not configured.
|
3109
|
+
hs->config->alps_configs.empty() ||
|
3110
|
+
// Do not offer ALPS on renegotiation handshakes.
|
3111
|
+
ssl->s3->initial_handshake_complete) {
|
3112
|
+
return true;
|
3113
|
+
}
|
3114
|
+
|
3115
|
+
CBB contents, proto_list, proto;
|
3116
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
|
3117
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
3118
|
+
!CBB_add_u16_length_prefixed(&contents, &proto_list)) {
|
3119
|
+
return false;
|
3120
|
+
}
|
3121
|
+
|
3122
|
+
for (const ALPSConfig &config : hs->config->alps_configs) {
|
3123
|
+
if (!CBB_add_u8_length_prefixed(&proto_list, &proto) ||
|
3124
|
+
!CBB_add_bytes(&proto, config.protocol.data(),
|
3125
|
+
config.protocol.size())) {
|
3126
|
+
return false;
|
3127
|
+
}
|
3128
|
+
}
|
3129
|
+
|
3130
|
+
return CBB_flush(out);
|
3131
|
+
}
|
3132
|
+
|
3133
|
+
static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
3134
|
+
CBS *contents) {
|
3135
|
+
SSL *const ssl = hs->ssl;
|
3136
|
+
if (contents == nullptr) {
|
3137
|
+
return true;
|
3138
|
+
}
|
3139
|
+
|
3140
|
+
assert(!ssl->s3->initial_handshake_complete);
|
3141
|
+
assert(!hs->config->alpn_client_proto_list.empty());
|
3142
|
+
assert(!hs->config->alps_configs.empty());
|
3143
|
+
|
3144
|
+
// ALPS requires TLS 1.3.
|
3145
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
3146
|
+
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
3147
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
3148
|
+
return false;
|
3149
|
+
}
|
3150
|
+
|
3151
|
+
// Note extension callbacks may run in any order, so we defer checking
|
3152
|
+
// consistency with ALPN to |ssl_check_serverhello_tlsext|.
|
3153
|
+
if (!hs->new_session->peer_application_settings.CopyFrom(*contents)) {
|
3154
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
3155
|
+
return false;
|
3156
|
+
}
|
3157
|
+
|
3158
|
+
hs->new_session->has_application_settings = true;
|
3159
|
+
return true;
|
3160
|
+
}
|
3161
|
+
|
3162
|
+
static bool ext_alps_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
3163
|
+
SSL *const ssl = hs->ssl;
|
3164
|
+
// If early data is accepted, we omit the ALPS extension. It is implicitly
|
3165
|
+
// carried over from the previous connection.
|
3166
|
+
if (hs->new_session == nullptr ||
|
3167
|
+
!hs->new_session->has_application_settings ||
|
3168
|
+
ssl->s3->early_data_accepted) {
|
3169
|
+
return true;
|
3170
|
+
}
|
3171
|
+
|
3172
|
+
CBB contents;
|
3173
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
|
3174
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
3175
|
+
!CBB_add_bytes(&contents,
|
3176
|
+
hs->new_session->local_application_settings.data(),
|
3177
|
+
hs->new_session->local_application_settings.size()) ||
|
3178
|
+
!CBB_flush(out)) {
|
3179
|
+
return false;
|
3180
|
+
}
|
3181
|
+
|
3182
|
+
return true;
|
3183
|
+
}
|
3184
|
+
|
3185
|
+
bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
3186
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
3187
|
+
SSL *const ssl = hs->ssl;
|
3188
|
+
if (ssl->s3->alpn_selected.empty()) {
|
3189
|
+
return true;
|
3190
|
+
}
|
3191
|
+
|
3192
|
+
// If we negotiate ALPN over TLS 1.3, try to negotiate ALPS.
|
3193
|
+
CBS alps_contents;
|
3194
|
+
Span<const uint8_t> settings;
|
3195
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
|
3196
|
+
ssl_get_local_application_settings(hs, &settings,
|
3197
|
+
ssl->s3->alpn_selected) &&
|
3198
|
+
ssl_client_hello_get_extension(client_hello, &alps_contents,
|
3199
|
+
TLSEXT_TYPE_application_settings)) {
|
3200
|
+
// Check if the client supports ALPS with the selected ALPN.
|
3201
|
+
bool found = false;
|
3202
|
+
CBS alps_list;
|
3203
|
+
if (!CBS_get_u16_length_prefixed(&alps_contents, &alps_list) ||
|
3204
|
+
CBS_len(&alps_contents) != 0 ||
|
3205
|
+
CBS_len(&alps_list) == 0) {
|
3206
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
3207
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
3208
|
+
return false;
|
3209
|
+
}
|
3210
|
+
while (CBS_len(&alps_list) > 0) {
|
3211
|
+
CBS protocol_name;
|
3212
|
+
if (!CBS_get_u8_length_prefixed(&alps_list, &protocol_name) ||
|
3213
|
+
// Empty protocol names are forbidden.
|
3214
|
+
CBS_len(&protocol_name) == 0) {
|
3215
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
3216
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
3217
|
+
return false;
|
3218
|
+
}
|
3219
|
+
if (protocol_name == MakeConstSpan(ssl->s3->alpn_selected)) {
|
3220
|
+
found = true;
|
3221
|
+
}
|
3222
|
+
}
|
3223
|
+
|
3224
|
+
// Negotiate ALPS if both client also supports ALPS for this protocol.
|
3225
|
+
if (found) {
|
3226
|
+
hs->new_session->has_application_settings = true;
|
3227
|
+
if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
|
3228
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
3229
|
+
return false;
|
3230
|
+
}
|
3231
|
+
}
|
3232
|
+
}
|
3233
|
+
|
3234
|
+
return true;
|
3235
|
+
}
|
2800
3236
|
|
2801
3237
|
// kExtensions contains all the supported extensions.
|
2802
3238
|
static const struct tls_extension kExtensions[] = {
|
@@ -2808,6 +3244,22 @@ static const struct tls_extension kExtensions[] = {
|
|
2808
3244
|
ext_sni_parse_clienthello,
|
2809
3245
|
ext_sni_add_serverhello,
|
2810
3246
|
},
|
3247
|
+
{
|
3248
|
+
TLSEXT_TYPE_encrypted_client_hello,
|
3249
|
+
NULL,
|
3250
|
+
ext_ech_add_clienthello,
|
3251
|
+
ext_ech_parse_serverhello,
|
3252
|
+
ext_ech_parse_clienthello,
|
3253
|
+
dont_add_serverhello,
|
3254
|
+
},
|
3255
|
+
{
|
3256
|
+
TLSEXT_TYPE_ech_is_inner,
|
3257
|
+
NULL,
|
3258
|
+
ext_ech_is_inner_add_clienthello,
|
3259
|
+
forbid_parse_serverhello,
|
3260
|
+
ext_ech_is_inner_parse_clienthello,
|
3261
|
+
dont_add_serverhello,
|
3262
|
+
},
|
2811
3263
|
{
|
2812
3264
|
TLSEXT_TYPE_extended_master_secret,
|
2813
3265
|
NULL,
|
@@ -2947,13 +3399,21 @@ static const struct tls_extension kExtensions[] = {
|
|
2947
3399
|
dont_add_serverhello,
|
2948
3400
|
},
|
2949
3401
|
{
|
2950
|
-
|
3402
|
+
TLSEXT_TYPE_quic_transport_parameters_standard,
|
2951
3403
|
NULL,
|
2952
3404
|
ext_quic_transport_params_add_clienthello,
|
2953
3405
|
ext_quic_transport_params_parse_serverhello,
|
2954
3406
|
ext_quic_transport_params_parse_clienthello,
|
2955
3407
|
ext_quic_transport_params_add_serverhello,
|
2956
3408
|
},
|
3409
|
+
{
|
3410
|
+
TLSEXT_TYPE_quic_transport_parameters_legacy,
|
3411
|
+
NULL,
|
3412
|
+
ext_quic_transport_params_add_clienthello_legacy,
|
3413
|
+
ext_quic_transport_params_parse_serverhello_legacy,
|
3414
|
+
ext_quic_transport_params_parse_clienthello_legacy,
|
3415
|
+
ext_quic_transport_params_add_serverhello_legacy,
|
3416
|
+
},
|
2957
3417
|
{
|
2958
3418
|
TLSEXT_TYPE_token_binding,
|
2959
3419
|
NULL,
|
@@ -2978,6 +3438,15 @@ static const struct tls_extension kExtensions[] = {
|
|
2978
3438
|
ext_delegated_credential_parse_clienthello,
|
2979
3439
|
dont_add_serverhello,
|
2980
3440
|
},
|
3441
|
+
{
|
3442
|
+
TLSEXT_TYPE_application_settings,
|
3443
|
+
NULL,
|
3444
|
+
ext_alps_add_clienthello,
|
3445
|
+
ext_alps_parse_serverhello,
|
3446
|
+
// ALPS is negotiated late in |ssl_negotiate_alpn|.
|
3447
|
+
ignore_parse_clienthello,
|
3448
|
+
ext_alps_add_serverhello,
|
3449
|
+
},
|
2981
3450
|
};
|
2982
3451
|
|
2983
3452
|
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
|
@@ -3370,6 +3839,36 @@ static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
|
|
3370
3839
|
}
|
3371
3840
|
}
|
3372
3841
|
|
3842
|
+
static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) {
|
3843
|
+
SSL *const ssl = hs->ssl;
|
3844
|
+
// ALPS and ALPN have a dependency between each other, so we defer checking
|
3845
|
+
// consistency to after the callbacks run.
|
3846
|
+
if (hs->new_session != nullptr && hs->new_session->has_application_settings) {
|
3847
|
+
// ALPN must be negotiated.
|
3848
|
+
if (ssl->s3->alpn_selected.empty()) {
|
3849
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN);
|
3850
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
3851
|
+
return false;
|
3852
|
+
}
|
3853
|
+
|
3854
|
+
// The negotiated protocol must be one of the ones we advertised for ALPS.
|
3855
|
+
Span<const uint8_t> settings;
|
3856
|
+
if (!ssl_get_local_application_settings(hs, &settings,
|
3857
|
+
ssl->s3->alpn_selected)) {
|
3858
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
|
3859
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
3860
|
+
return false;
|
3861
|
+
}
|
3862
|
+
|
3863
|
+
if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
|
3864
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
3865
|
+
return false;
|
3866
|
+
}
|
3867
|
+
}
|
3868
|
+
|
3869
|
+
return true;
|
3870
|
+
}
|
3871
|
+
|
3373
3872
|
bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
|
3374
3873
|
SSL *const ssl = hs->ssl;
|
3375
3874
|
int alert = SSL_AD_DECODE_ERROR;
|
@@ -3378,6 +3877,10 @@ bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
|
|
3378
3877
|
return false;
|
3379
3878
|
}
|
3380
3879
|
|
3880
|
+
if (!ssl_check_serverhello_tlsext(hs)) {
|
3881
|
+
return false;
|
3882
|
+
}
|
3883
|
+
|
3381
3884
|
return true;
|
3382
3885
|
}
|
3383
3886
|
|