grpc 1.33.0.pre1 → 1.37.0.pre1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (1106) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1075 -2814
  3. data/etc/roots.pem +257 -573
  4. data/include/grpc/compression.h +1 -1
  5. data/include/grpc/grpc.h +29 -2
  6. data/include/grpc/grpc_security.h +215 -175
  7. data/include/grpc/impl/codegen/atm_windows.h +4 -0
  8. data/include/grpc/impl/codegen/byte_buffer.h +1 -1
  9. data/include/grpc/impl/codegen/grpc_types.h +10 -3
  10. data/include/grpc/impl/codegen/log.h +0 -2
  11. data/include/grpc/impl/codegen/port_platform.h +24 -55
  12. data/include/grpc/impl/codegen/sync_windows.h +4 -0
  13. data/include/grpc/slice_buffer.h +3 -3
  14. data/include/grpc/support/sync.h +3 -3
  15. data/include/grpc/support/time.h +7 -7
  16. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
  17. data/src/core/ext/filters/client_channel/client_channel.cc +2829 -1588
  18. data/src/core/ext/filters/client_channel/client_channel.h +0 -6
  19. data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
  20. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
  21. data/src/core/ext/filters/client_channel/config_selector.h +15 -4
  22. data/src/core/ext/filters/client_channel/dynamic_filters.cc +191 -0
  23. data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
  24. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
  25. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
  26. data/src/core/ext/filters/client_channel/health/health_check_client.cc +10 -7
  27. data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -4
  28. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +7 -8
  29. data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
  30. data/src/core/ext/filters/client_channel/lb_policy.cc +9 -2
  31. data/src/core/ext/filters/client_channel/lb_policy.h +5 -6
  32. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +1 -1
  33. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
  34. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +115 -106
  35. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
  36. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
  37. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
  38. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
  39. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
  40. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +3 -3
  41. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +55 -23
  42. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
  43. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
  44. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +2 -2
  45. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +8 -5
  46. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
  47. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +370 -109
  48. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
  49. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
  50. data/src/core/ext/filters/client_channel/lb_policy/xds/{eds_drop.cc → xds_cluster_impl.cc} +332 -108
  51. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +22 -27
  52. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1384 -0
  53. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
  54. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
  55. data/src/core/ext/filters/client_channel/resolver.cc +7 -5
  56. data/src/core/ext/filters/client_channel/resolver.h +5 -13
  57. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +42 -58
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
  59. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
  60. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
  61. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +444 -22
  62. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
  63. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +22 -23
  64. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +21 -18
  65. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
  66. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
  67. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +37 -30
  68. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +342 -133
  69. data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
  70. data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
  71. data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
  72. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +24 -38
  73. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +8 -8
  74. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
  75. data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
  76. data/src/core/ext/filters/client_channel/server_address.cc +9 -0
  77. data/src/core/ext/filters/client_channel/server_address.h +31 -4
  78. data/src/core/ext/filters/client_channel/service_config.cc +3 -1
  79. data/src/core/ext/filters/client_channel/service_config.h +1 -1
  80. data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
  81. data/src/core/ext/filters/client_channel/subchannel.cc +117 -207
  82. data/src/core/ext/filters/client_channel/subchannel.h +75 -113
  83. data/src/core/ext/filters/client_channel/subchannel_interface.h +7 -15
  84. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
  85. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +16 -10
  86. data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
  87. data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
  88. data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
  89. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +495 -0
  90. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
  91. data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
  92. data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
  93. data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
  94. data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
  95. data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
  96. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
  97. data/src/core/ext/filters/max_age/max_age_filter.cc +36 -33
  98. data/src/core/ext/filters/message_size/message_size_filter.cc +1 -1
  99. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
  100. data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
  101. data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
  102. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
  103. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
  104. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +23 -10
  105. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
  106. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +29 -16
  107. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +629 -211
  108. data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
  109. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
  110. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
  111. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
  112. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
  113. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +50 -39
  114. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
  115. data/src/core/ext/transport/chttp2/transport/flow_control.h +3 -3
  116. data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
  117. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
  118. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
  119. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
  120. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
  121. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
  122. data/src/core/ext/transport/chttp2/transport/internal.h +1 -1
  123. data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -1
  124. data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
  125. data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
  126. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
  127. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
  128. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
  129. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
  130. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
  131. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +27 -28
  132. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +139 -40
  133. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
  134. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
  135. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
  136. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
  137. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +119 -124
  138. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +450 -284
  139. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
  140. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
  141. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +24 -23
  142. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +62 -21
  143. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +21 -21
  144. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +88 -39
  145. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
  146. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
  147. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +69 -45
  148. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +275 -78
  149. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +19 -19
  150. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +80 -43
  151. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
  152. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
  153. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +7 -7
  154. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +27 -11
  155. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +30 -30
  156. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +136 -49
  157. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +41 -41
  158. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +172 -89
  159. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
  160. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
  161. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +53 -47
  162. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +188 -78
  163. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -2
  164. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
  165. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
  166. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
  167. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
  168. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +48 -7
  169. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -14
  170. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
  171. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
  172. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
  173. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
  174. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
  175. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
  176. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
  177. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +34 -32
  178. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +151 -61
  179. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +33 -29
  180. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +138 -54
  181. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -3
  182. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
  183. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
  184. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
  185. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
  186. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
  187. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +16 -16
  188. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +81 -35
  189. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +15 -13
  190. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +70 -37
  191. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +257 -216
  192. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +995 -495
  193. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +5 -5
  194. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +26 -6
  195. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -4
  196. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
  197. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
  198. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
  199. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
  200. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
  201. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
  202. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
  203. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
  204. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
  205. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +96 -98
  206. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +378 -226
  207. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
  208. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
  209. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +28 -25
  210. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +124 -53
  211. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +9 -12
  212. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +29 -24
  213. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +32 -33
  214. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +118 -67
  215. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
  216. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
  217. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
  218. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
  219. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +51 -44
  220. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +179 -129
  221. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -4
  222. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
  223. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -4
  224. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
  225. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -8
  226. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
  227. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -3
  228. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
  229. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
  230. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
  231. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
  232. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
  233. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
  234. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
  235. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
  236. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
  237. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
  238. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
  239. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
  240. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
  241. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
  242. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
  243. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +2 -3
  244. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +16 -3
  245. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
  246. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
  247. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
  248. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
  249. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
  250. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
  251. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
  252. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
  253. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
  254. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
  255. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
  256. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
  257. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
  258. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
  259. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
  260. data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
  261. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +34 -34
  262. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +149 -72
  263. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +54 -37
  264. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +171 -59
  265. data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
  266. data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
  267. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
  268. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
  269. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
  270. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
  271. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
  272. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
  273. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
  274. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
  275. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
  276. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
  277. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
  278. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
  279. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
  280. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
  281. data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
  282. data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
  283. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
  284. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
  285. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
  286. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
  287. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
  288. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
  289. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
  290. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
  291. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
  292. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
  293. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
  294. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
  295. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +1 -1
  296. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +7 -0
  297. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
  298. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
  299. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
  300. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
  301. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
  302. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
  303. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
  304. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
  305. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
  306. data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
  307. data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
  308. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +6 -6
  309. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
  310. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
  311. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
  312. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
  313. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
  314. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
  315. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
  316. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
  317. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
  318. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
  319. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
  320. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
  321. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
  322. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
  323. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
  324. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
  325. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
  326. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +251 -0
  327. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
  328. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
  329. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
  330. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
  331. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
  332. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +543 -0
  333. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
  334. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
  335. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
  336. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +136 -0
  337. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
  338. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
  339. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
  340. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
  341. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
  342. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +272 -0
  343. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +135 -0
  344. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
  345. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
  346. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
  347. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
  348. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
  349. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
  350. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
  351. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
  352. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
  353. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
  354. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
  355. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
  356. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +231 -0
  357. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +85 -0
  358. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +43 -0
  359. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
  360. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
  361. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
  362. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +68 -0
  363. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
  364. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +107 -0
  365. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
  366. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
  367. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
  368. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
  369. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
  370. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
  371. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
  372. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +195 -0
  373. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
  374. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +193 -0
  375. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
  376. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +59 -0
  377. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
  378. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
  379. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
  380. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
  381. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
  382. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +101 -0
  383. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
  384. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +944 -0
  385. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +290 -0
  386. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
  387. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
  388. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +61 -0
  389. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
  390. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
  391. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  392. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
  393. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
  394. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
  395. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
  396. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
  397. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
  398. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +505 -0
  399. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
  400. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +44 -0
  401. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
  402. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +170 -0
  403. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
  404. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +97 -0
  405. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
  406. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +246 -0
  407. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
  408. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
  409. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
  410. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
  411. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
  412. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +142 -0
  413. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +65 -0
  414. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +73 -0
  415. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
  416. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +72 -0
  417. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
  418. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +80 -0
  419. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
  420. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +80 -0
  421. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
  422. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
  423. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
  424. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
  425. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
  426. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
  427. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
  428. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
  429. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
  430. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
  431. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
  432. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
  433. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
  434. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
  435. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
  436. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +69 -0
  437. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
  438. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
  439. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
  440. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
  441. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
  442. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
  443. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
  444. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
  445. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
  446. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
  447. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +30 -0
  448. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
  449. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
  450. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
  451. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
  452. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
  453. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
  454. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
  455. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
  456. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
  457. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
  458. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +39 -0
  459. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
  460. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
  461. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
  462. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +40 -0
  463. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
  464. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
  465. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
  466. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
  467. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
  468. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +40 -0
  469. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
  470. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
  471. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
  472. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
  473. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
  474. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
  475. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
  476. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
  477. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
  478. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
  479. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
  480. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
  481. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
  482. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
  483. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
  484. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
  485. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
  486. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +310 -0
  487. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
  488. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
  489. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  490. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
  491. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  492. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
  493. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  494. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
  495. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  496. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
  497. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  498. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
  499. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  500. data/src/core/ext/xds/certificate_provider_factory.h +7 -5
  501. data/src/core/ext/xds/certificate_provider_store.cc +87 -0
  502. data/src/core/ext/xds/certificate_provider_store.h +70 -8
  503. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
  504. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
  505. data/src/core/ext/xds/xds_api.cc +2378 -1183
  506. data/src/core/ext/xds/xds_api.h +373 -99
  507. data/src/core/ext/xds/xds_bootstrap.cc +250 -68
  508. data/src/core/ext/xds/xds_bootstrap.h +40 -13
  509. data/src/core/ext/xds/xds_certificate_provider.cc +405 -0
  510. data/src/core/ext/xds/xds_certificate_provider.h +151 -0
  511. data/src/core/ext/xds/xds_client.cc +364 -182
  512. data/src/core/ext/xds/xds_client.h +47 -12
  513. data/src/core/ext/xds/xds_client_stats.cc +43 -5
  514. data/src/core/ext/xds/xds_client_stats.h +4 -4
  515. data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
  516. data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
  517. data/src/core/ext/xds/xds_http_filters.cc +114 -0
  518. data/src/core/ext/xds/xds_http_filters.h +130 -0
  519. data/src/core/ext/xds/xds_server_config_fetcher.cc +532 -0
  520. data/src/core/lib/channel/channel_args.cc +9 -8
  521. data/src/core/lib/channel/channel_stack.cc +12 -0
  522. data/src/core/lib/channel/channel_stack.h +7 -0
  523. data/src/core/lib/channel/channel_trace.cc +4 -2
  524. data/src/core/lib/channel/channel_trace.h +1 -1
  525. data/src/core/lib/channel/channelz.cc +105 -18
  526. data/src/core/lib/channel/channelz.h +32 -4
  527. data/src/core/lib/channel/channelz_registry.cc +14 -0
  528. data/src/core/lib/channel/channelz_registry.h +0 -1
  529. data/src/core/lib/channel/handshaker.cc +4 -46
  530. data/src/core/lib/channel/handshaker.h +3 -20
  531. data/src/core/lib/channel/status_util.cc +12 -2
  532. data/src/core/lib/channel/status_util.h +5 -0
  533. data/src/core/lib/compression/compression.cc +8 -4
  534. data/src/core/lib/compression/compression_args.cc +3 -2
  535. data/src/core/lib/compression/compression_internal.cc +10 -5
  536. data/src/core/lib/compression/compression_internal.h +2 -1
  537. data/src/core/lib/compression/stream_compression_identity.cc +1 -3
  538. data/src/core/lib/debug/stats.h +2 -2
  539. data/src/core/lib/debug/stats_data.cc +1 -0
  540. data/src/core/lib/debug/stats_data.h +13 -13
  541. data/src/core/lib/gpr/alloc.cc +3 -2
  542. data/src/core/lib/gpr/cpu_iphone.cc +10 -2
  543. data/src/core/lib/gpr/log.cc +59 -17
  544. data/src/core/lib/gpr/log_linux.cc +19 -3
  545. data/src/core/lib/gpr/log_posix.cc +15 -1
  546. data/src/core/lib/gpr/log_windows.cc +18 -4
  547. data/src/core/lib/gpr/murmur_hash.cc +1 -1
  548. data/src/core/lib/gpr/spinlock.h +10 -2
  549. data/src/core/lib/gpr/string.cc +23 -22
  550. data/src/core/lib/gpr/string.h +5 -6
  551. data/src/core/lib/gpr/sync.cc +4 -4
  552. data/src/core/lib/gpr/sync_abseil.cc +3 -6
  553. data/src/core/lib/gpr/sync_windows.cc +2 -2
  554. data/src/core/lib/gpr/time.cc +12 -12
  555. data/src/core/lib/gpr/time_precise.cc +3 -2
  556. data/src/core/lib/gpr/tls.h +4 -0
  557. data/src/core/lib/gpr/tls_msvc.h +2 -0
  558. data/src/core/lib/gpr/tls_stdcpp.h +48 -0
  559. data/src/core/lib/gpr/useful.h +5 -4
  560. data/src/core/lib/gprpp/arena.h +3 -2
  561. data/src/core/lib/gprpp/atomic.h +3 -3
  562. data/src/core/lib/gprpp/dual_ref_counted.h +46 -51
  563. data/src/core/lib/gprpp/examine_stack.cc +43 -0
  564. data/src/core/lib/gprpp/examine_stack.h +46 -0
  565. data/src/core/lib/gprpp/fork.cc +2 -2
  566. data/src/core/lib/gprpp/manual_constructor.h +1 -1
  567. data/src/core/lib/gprpp/mpscq.cc +2 -2
  568. data/src/core/lib/gprpp/orphanable.h +4 -8
  569. data/src/core/lib/gprpp/ref_counted.h +42 -48
  570. data/src/core/lib/gprpp/ref_counted_ptr.h +20 -12
  571. data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
  572. data/src/core/lib/gprpp/stat_posix.cc +49 -0
  573. data/src/core/lib/gprpp/stat_windows.cc +48 -0
  574. data/src/core/lib/gprpp/sync.h +129 -40
  575. data/src/core/lib/gprpp/thd.h +3 -3
  576. data/src/core/lib/gprpp/thd_posix.cc +42 -37
  577. data/src/core/lib/gprpp/thd_windows.cc +3 -1
  578. data/src/core/lib/gprpp/time_util.cc +77 -0
  579. data/src/core/lib/gprpp/time_util.h +42 -0
  580. data/src/core/lib/http/httpcli.cc +1 -1
  581. data/src/core/lib/http/httpcli.h +2 -3
  582. data/src/core/lib/http/httpcli_security_connector.cc +3 -3
  583. data/src/core/lib/http/parser.cc +47 -27
  584. data/src/core/lib/iomgr/buffer_list.h +1 -1
  585. data/src/core/lib/iomgr/call_combiner.cc +8 -5
  586. data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
  587. data/src/core/lib/iomgr/combiner.cc +2 -1
  588. data/src/core/lib/iomgr/endpoint.h +1 -1
  589. data/src/core/lib/iomgr/error.cc +17 -12
  590. data/src/core/lib/iomgr/error.h +1 -1
  591. data/src/core/lib/iomgr/error_internal.h +1 -1
  592. data/src/core/lib/iomgr/ev_apple.cc +11 -8
  593. data/src/core/lib/iomgr/ev_epoll1_linux.cc +23 -16
  594. data/src/core/lib/iomgr/ev_epollex_linux.cc +29 -21
  595. data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
  596. data/src/core/lib/iomgr/ev_posix.cc +3 -3
  597. data/src/core/lib/iomgr/exec_ctx.cc +7 -3
  598. data/src/core/lib/iomgr/exec_ctx.h +6 -4
  599. data/src/core/lib/iomgr/executor.cc +2 -1
  600. data/src/core/lib/iomgr/executor.h +1 -1
  601. data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
  602. data/src/core/lib/iomgr/executor/threadpool.h +4 -4
  603. data/src/core/lib/iomgr/iomgr.cc +1 -1
  604. data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
  605. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
  606. data/src/core/lib/iomgr/load_file.h +1 -1
  607. data/src/core/lib/iomgr/lockfree_event.cc +19 -14
  608. data/src/core/lib/iomgr/lockfree_event.h +2 -2
  609. data/src/core/lib/iomgr/parse_address.cc +127 -43
  610. data/src/core/lib/iomgr/parse_address.h +32 -8
  611. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
  612. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
  613. data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
  614. data/src/core/lib/iomgr/python_util.h +4 -4
  615. data/src/core/lib/iomgr/resolve_address.cc +4 -4
  616. data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
  617. data/src/core/lib/iomgr/resource_quota.cc +5 -5
  618. data/src/core/lib/iomgr/sockaddr_utils.cc +131 -11
  619. data/src/core/lib/iomgr/sockaddr_utils.h +26 -1
  620. data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
  621. data/src/core/lib/iomgr/socket_mutator.cc +3 -2
  622. data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
  623. data/src/core/lib/iomgr/tcp_client.cc +3 -3
  624. data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
  625. data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
  626. data/src/core/lib/iomgr/tcp_custom.cc +22 -17
  627. data/src/core/lib/iomgr/tcp_posix.cc +17 -16
  628. data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
  629. data/src/core/lib/iomgr/tcp_uv.cc +2 -2
  630. data/src/core/lib/iomgr/timer_custom.cc +5 -5
  631. data/src/core/lib/iomgr/timer_generic.cc +5 -5
  632. data/src/core/lib/iomgr/timer_manager.cc +3 -3
  633. data/src/core/lib/iomgr/udp_server.cc +1 -2
  634. data/src/core/lib/iomgr/udp_server.h +1 -2
  635. data/src/core/lib/iomgr/unix_sockets_posix.cc +32 -21
  636. data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
  637. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
  638. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
  639. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
  640. data/src/core/lib/json/json.h +12 -2
  641. data/src/core/lib/json/json_reader.cc +8 -4
  642. data/src/core/lib/json/json_util.h +167 -0
  643. data/src/core/lib/json/json_writer.cc +2 -1
  644. data/src/core/lib/matchers/matchers.cc +339 -0
  645. data/src/core/lib/matchers/matchers.h +160 -0
  646. data/src/core/lib/security/context/security_context.cc +4 -3
  647. data/src/core/lib/security/context/security_context.h +3 -1
  648. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
  649. data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
  650. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  651. data/src/core/lib/security/credentials/credentials.cc +7 -7
  652. data/src/core/lib/security/credentials/credentials.h +5 -4
  653. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
  654. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
  655. data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
  656. data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
  657. data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
  658. data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
  659. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
  660. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
  661. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
  662. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
  663. data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -2
  664. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +25 -18
  665. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
  666. data/src/core/lib/security/credentials/jwt/json_token.cc +3 -3
  667. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
  668. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -4
  669. data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
  670. data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
  671. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +39 -46
  672. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
  673. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
  674. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +7 -6
  675. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -2
  676. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +30 -5
  677. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +13 -14
  678. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
  679. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
  680. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -150
  681. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +57 -187
  682. data/src/core/lib/security/credentials/tls/tls_credentials.cc +18 -13
  683. data/src/core/lib/security/credentials/tls/tls_credentials.h +3 -3
  684. data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
  685. data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
  686. data/src/core/lib/security/credentials/xds/xds_credentials.cc +209 -10
  687. data/src/core/lib/security/credentials/xds/xds_credentials.h +27 -9
  688. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
  689. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +3 -3
  690. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
  691. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
  692. data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
  693. data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
  694. data/src/core/lib/security/security_connector/local/local_security_connector.cc +3 -3
  695. data/src/core/lib/security/security_connector/security_connector.cc +4 -3
  696. data/src/core/lib/security/security_connector/security_connector.h +4 -2
  697. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
  698. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -6
  699. data/src/core/lib/security/security_connector/ssl_utils.h +16 -21
  700. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +360 -279
  701. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +105 -61
  702. data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
  703. data/src/core/lib/security/transport/security_handshaker.cc +36 -8
  704. data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
  705. data/src/core/lib/security/util/json_util.h +1 -0
  706. data/src/core/lib/slice/slice.cc +7 -4
  707. data/src/core/lib/slice/slice_buffer.cc +2 -1
  708. data/src/core/lib/slice/slice_intern.cc +11 -13
  709. data/src/core/lib/slice/slice_internal.h +2 -2
  710. data/src/core/lib/surface/call.cc +41 -32
  711. data/src/core/lib/surface/call_details.cc +8 -8
  712. data/src/core/lib/surface/channel.cc +16 -10
  713. data/src/core/lib/surface/channel.h +6 -5
  714. data/src/core/lib/surface/channel_init.cc +1 -1
  715. data/src/core/lib/surface/completion_queue.cc +31 -25
  716. data/src/core/lib/surface/completion_queue.h +16 -16
  717. data/src/core/lib/surface/init.cc +19 -20
  718. data/src/core/lib/surface/lame_client.cc +47 -54
  719. data/src/core/lib/surface/lame_client.h +5 -0
  720. data/src/core/lib/surface/server.cc +106 -53
  721. data/src/core/lib/surface/server.h +114 -20
  722. data/src/core/lib/surface/validate_metadata.h +3 -0
  723. data/src/core/lib/surface/version.cc +2 -2
  724. data/src/core/lib/transport/authority_override.cc +6 -4
  725. data/src/core/lib/transport/authority_override.h +7 -2
  726. data/src/core/lib/transport/bdp_estimator.cc +1 -1
  727. data/src/core/lib/transport/byte_stream.h +3 -3
  728. data/src/core/lib/transport/connectivity_state.h +9 -7
  729. data/src/core/lib/transport/error_utils.h +1 -1
  730. data/src/core/lib/transport/metadata.cc +6 -2
  731. data/src/core/lib/transport/metadata.h +2 -2
  732. data/src/core/lib/transport/metadata_batch.cc +27 -0
  733. data/src/core/lib/transport/metadata_batch.h +18 -4
  734. data/src/core/lib/transport/static_metadata.cc +1 -1
  735. data/src/core/lib/transport/status_metadata.cc +4 -3
  736. data/src/core/lib/transport/timeout_encoding.cc +4 -4
  737. data/src/core/lib/transport/transport.cc +5 -3
  738. data/src/core/lib/transport/transport.h +8 -8
  739. data/src/core/lib/uri/uri_parser.cc +131 -249
  740. data/src/core/lib/uri/uri_parser.h +57 -21
  741. data/src/core/plugin_registry/grpc_plugin_registry.cc +26 -8
  742. data/src/core/tsi/alts/crypt/gsec.cc +5 -4
  743. data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
  744. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -25
  745. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +43 -47
  746. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
  747. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
  748. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
  749. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
  750. data/src/core/tsi/fake_transport_security.cc +17 -5
  751. data/src/core/tsi/local_transport_security.cc +5 -1
  752. data/src/core/tsi/local_transport_security.h +6 -7
  753. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  754. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
  755. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +3 -2
  756. data/src/core/tsi/ssl_transport_security.cc +73 -56
  757. data/src/core/tsi/ssl_transport_security.h +6 -6
  758. data/src/core/tsi/transport_security.cc +10 -8
  759. data/src/core/tsi/transport_security_interface.h +1 -1
  760. data/src/ruby/ext/grpc/extconf.rb +10 -2
  761. data/src/ruby/ext/grpc/rb_channel.c +10 -1
  762. data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
  763. data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
  764. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  765. data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
  766. data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
  767. data/src/ruby/ext/grpc/rb_grpc.c +4 -0
  768. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +36 -14
  769. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +70 -37
  770. data/src/ruby/ext/grpc/rb_server.c +13 -1
  771. data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
  772. data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
  773. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
  774. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
  775. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
  776. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
  777. data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
  778. data/src/ruby/lib/grpc/version.rb +1 -1
  779. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
  780. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
  781. data/src/ruby/spec/call_spec.rb +1 -1
  782. data/src/ruby/spec/channel_credentials_spec.rb +32 -0
  783. data/src/ruby/spec/channel_spec.rb +17 -6
  784. data/src/ruby/spec/client_auth_spec.rb +27 -1
  785. data/src/ruby/spec/errors_spec.rb +1 -1
  786. data/src/ruby/spec/generic/active_call_spec.rb +2 -2
  787. data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
  788. data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
  789. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
  790. data/src/ruby/spec/server_credentials_spec.rb +25 -0
  791. data/src/ruby/spec/server_spec.rb +22 -0
  792. data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
  793. data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
  794. data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
  795. data/third_party/abseil-cpp/absl/base/casts.h +9 -6
  796. data/third_party/abseil-cpp/absl/base/config.h +60 -17
  797. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
  798. data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
  799. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
  800. data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
  801. data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
  802. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
  803. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
  804. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
  805. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
  806. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
  807. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
  808. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
  809. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
  810. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
  811. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
  812. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
  813. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
  814. data/third_party/abseil-cpp/absl/base/macros.h +36 -109
  815. data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
  816. data/third_party/abseil-cpp/absl/base/options.h +31 -4
  817. data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
  818. data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
  819. data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
  820. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
  821. data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
  822. data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
  823. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
  824. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
  825. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
  826. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
  827. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
  828. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
  829. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
  830. data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
  831. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
  832. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
  833. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
  834. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
  835. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
  836. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
  837. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
  838. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
  839. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
  840. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
  841. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
  842. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
  843. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
  844. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
  845. data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
  846. data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
  847. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
  848. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
  849. data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
  850. data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
  851. data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
  852. data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
  853. data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
  854. data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
  855. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
  856. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
  857. data/third_party/abseil-cpp/absl/status/status.cc +4 -6
  858. data/third_party/abseil-cpp/absl/status/status.h +502 -113
  859. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
  860. data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
  861. data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
  862. data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
  863. data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
  864. data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
  865. data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
  866. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
  867. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
  868. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
  869. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  870. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
  871. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
  872. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
  873. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
  874. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
  875. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
  876. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
  877. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
  878. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
  879. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
  880. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
  881. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
  882. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
  883. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
  884. data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
  885. data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
  886. data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
  887. data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
  888. data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
  889. data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
  890. data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
  891. data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
  892. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
  893. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +4 -3
  894. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
  895. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
  896. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
  897. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
  898. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
  899. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
  900. data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
  901. data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
  902. data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
  903. data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
  904. data/third_party/abseil-cpp/absl/time/format.cc +43 -36
  905. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
  906. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
  907. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
  908. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
  909. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
  910. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
  911. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
  912. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
  913. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
  914. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
  915. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
  916. data/third_party/abseil-cpp/absl/time/time.h +15 -16
  917. data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
  918. data/third_party/abseil-cpp/absl/types/optional.h +9 -9
  919. data/third_party/abseil-cpp/absl/types/span.h +49 -36
  920. data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
  921. data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
  922. data/third_party/boringssl-with-bazel/err_data.c +728 -722
  923. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  924. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
  925. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
  926. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
  927. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  928. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
  929. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
  930. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
  931. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
  932. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
  933. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
  934. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
  935. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
  936. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
  937. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
  938. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
  939. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  940. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
  941. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  942. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
  943. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
  944. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  945. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
  946. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  947. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
  948. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
  949. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  950. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
  951. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
  952. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  953. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
  954. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  955. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
  956. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
  957. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
  958. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
  959. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  960. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
  961. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
  962. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
  963. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
  964. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
  965. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
  966. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +97 -39
  967. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +155 -2
  968. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
  969. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
  970. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
  971. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  972. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  973. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
  974. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
  975. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  976. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +90 -63
  977. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +60 -60
  978. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +179 -47
  979. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
  980. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +10 -0
  981. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
  982. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -29
  983. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
  984. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
  985. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
  986. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
  987. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
  988. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
  989. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
  990. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  991. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
  992. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  993. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
  994. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
  995. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +25 -24
  996. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
  997. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
  998. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
  999. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
  1000. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
  1001. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  1002. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
  1003. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +2 -2
  1004. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
  1005. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
  1006. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
  1007. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +10 -8
  1008. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
  1009. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
  1010. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +14 -6
  1011. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
  1012. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  1013. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
  1014. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +19 -0
  1015. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
  1016. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
  1017. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
  1018. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  1019. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
  1020. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
  1021. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
  1022. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
  1023. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
  1024. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
  1025. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +122 -34
  1026. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +31 -8
  1027. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +31 -23
  1028. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -99
  1029. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +546 -402
  1030. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
  1031. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
  1032. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
  1033. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
  1034. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
  1035. data/third_party/boringssl-with-bazel/src/ssl/internal.h +73 -17
  1036. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
  1037. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +49 -9
  1038. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +87 -14
  1039. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +18 -22
  1040. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
  1041. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
  1042. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +570 -53
  1043. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +55 -13
  1044. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
  1045. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +192 -56
  1046. data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
  1047. data/third_party/upb/upb/decode.c +248 -167
  1048. data/third_party/upb/upb/decode.h +20 -1
  1049. data/third_party/upb/upb/decode.int.h +163 -0
  1050. data/third_party/upb/upb/decode_fast.c +1040 -0
  1051. data/third_party/upb/upb/decode_fast.h +126 -0
  1052. data/third_party/upb/upb/def.c +2178 -0
  1053. data/third_party/upb/upb/def.h +315 -0
  1054. data/third_party/upb/upb/def.hpp +439 -0
  1055. data/third_party/upb/upb/encode.c +227 -169
  1056. data/third_party/upb/upb/encode.h +27 -2
  1057. data/third_party/upb/upb/msg.c +167 -88
  1058. data/third_party/upb/upb/msg.h +174 -34
  1059. data/third_party/upb/upb/port_def.inc +74 -61
  1060. data/third_party/upb/upb/port_undef.inc +3 -7
  1061. data/third_party/upb/upb/reflection.c +408 -0
  1062. data/third_party/upb/upb/reflection.h +168 -0
  1063. data/third_party/upb/upb/table.c +34 -197
  1064. data/third_party/upb/upb/table.int.h +14 -5
  1065. data/third_party/upb/upb/text_encode.c +421 -0
  1066. data/third_party/upb/upb/text_encode.h +38 -0
  1067. data/third_party/upb/upb/upb.c +18 -41
  1068. data/third_party/upb/upb/upb.h +36 -7
  1069. data/third_party/upb/upb/upb.hpp +4 -4
  1070. data/third_party/upb/upb/upb.int.h +29 -0
  1071. data/third_party/xxhash/xxhash.h +5443 -0
  1072. metadata +335 -75
  1073. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -1136
  1074. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
  1075. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
  1076. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -355
  1077. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -138
  1078. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -53
  1079. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
  1080. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -129
  1081. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
  1082. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -77
  1083. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +0 -36
  1084. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -85
  1085. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
  1086. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -160
  1087. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
  1088. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -84
  1089. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +0 -377
  1090. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +0 -102
  1091. data/src/core/lib/gprpp/map.h +0 -53
  1092. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
  1093. data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
  1094. data/src/core/lib/security/authorization/authorization_engine.h +0 -84
  1095. data/src/core/lib/security/authorization/evaluate_args.cc +0 -153
  1096. data/src/core/lib/security/authorization/evaluate_args.h +0 -59
  1097. data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
  1098. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -42
  1099. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -68
  1100. data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -93
  1101. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
  1102. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -56
  1103. data/src/core/lib/security/certificate_provider.h +0 -60
  1104. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
  1105. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -503
  1106. data/third_party/upb/upb/port.c +0 -26
@@ -565,7 +565,6 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
565
565
  grease_enabled(false),
566
566
  allow_unknown_alpn_protos(false),
567
567
  false_start_allowed_without_alpn(false),
568
- ignore_tls13_downgrade(false),
569
568
  handoff(false),
570
569
  enable_early_data(false) {
571
570
  CRYPTO_MUTEX_init(&lock);
@@ -711,7 +710,6 @@ SSL *SSL_new(SSL_CTX *ctx) {
711
710
  ctx->signed_cert_timestamps_enabled;
712
711
  ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
713
712
  ssl->config->handoff = ctx->handoff;
714
- ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade;
715
713
  ssl->quic_method = ctx->quic_method;
716
714
 
717
715
  if (!ssl->method->ssl_new(ssl.get()) ||
@@ -724,6 +722,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
724
722
 
725
723
  SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
726
724
  : ssl(ssl_arg),
725
+ ech_grease_enabled(false),
727
726
  signed_cert_timestamps_enabled(false),
728
727
  ocsp_stapling_enabled(false),
729
728
  channel_id_enabled(false),
@@ -731,8 +730,8 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
731
730
  retain_only_sha256_of_client_certs(false),
732
731
  handoff(false),
733
732
  shed_handshake_config(false),
734
- ignore_tls13_downgrade(false),
735
- jdk11_workaround(false) {
733
+ jdk11_workaround(false),
734
+ quic_use_legacy_codepoint(true) {
736
735
  assert(ssl);
737
736
  }
738
737
 
@@ -1294,6 +1293,43 @@ enum ssl_early_data_reason_t SSL_get_early_data_reason(const SSL *ssl) {
1294
1293
  return ssl->s3->early_data_reason;
1295
1294
  }
1296
1295
 
1296
+ const char *SSL_early_data_reason_string(enum ssl_early_data_reason_t reason) {
1297
+ switch (reason) {
1298
+ case ssl_early_data_unknown:
1299
+ return "unknown";
1300
+ case ssl_early_data_disabled:
1301
+ return "disabled";
1302
+ case ssl_early_data_accepted:
1303
+ return "accepted";
1304
+ case ssl_early_data_protocol_version:
1305
+ return "protocol_version";
1306
+ case ssl_early_data_peer_declined:
1307
+ return "peer_declined";
1308
+ case ssl_early_data_no_session_offered:
1309
+ return "no_session_offered";
1310
+ case ssl_early_data_session_not_resumed:
1311
+ return "session_not_resumed";
1312
+ case ssl_early_data_unsupported_for_session:
1313
+ return "unsupported_for_session";
1314
+ case ssl_early_data_hello_retry_request:
1315
+ return "hello_retry_request";
1316
+ case ssl_early_data_alpn_mismatch:
1317
+ return "alpn_mismatch";
1318
+ case ssl_early_data_channel_id:
1319
+ return "channel_id";
1320
+ case ssl_early_data_token_binding:
1321
+ return "token_binding";
1322
+ case ssl_early_data_ticket_age_skew:
1323
+ return "ticket_age_skew";
1324
+ case ssl_early_data_quic_parameter_mismatch:
1325
+ return "quic_parameter_mismatch";
1326
+ case ssl_early_data_alps_mismatch:
1327
+ return "alps_mismatch";
1328
+ }
1329
+
1330
+ return nullptr;
1331
+ }
1332
+
1297
1333
  static int bio_retry_reason_to_error(int reason) {
1298
1334
  switch (reason) {
1299
1335
  case BIO_RR_CONNECT:
@@ -1432,6 +1468,13 @@ const char *SSL_error_description(int err) {
1432
1468
  }
1433
1469
  }
1434
1470
 
1471
+ void SSL_set_enable_ech_grease(SSL *ssl, int enable) {
1472
+ if (!ssl->config) {
1473
+ return;
1474
+ }
1475
+ ssl->config->ech_grease_enabled = !!enable;
1476
+ }
1477
+
1435
1478
  uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
1436
1479
  ctx->options |= options;
1437
1480
  return ctx->options;
@@ -2241,6 +2284,36 @@ void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) {
2241
2284
  ctx->allow_unknown_alpn_protos = !!enabled;
2242
2285
  }
2243
2286
 
2287
+ int SSL_add_application_settings(SSL *ssl, const uint8_t *proto,
2288
+ size_t proto_len, const uint8_t *settings,
2289
+ size_t settings_len) {
2290
+ if (!ssl->config) {
2291
+ return 0;
2292
+ }
2293
+ ALPSConfig config;
2294
+ if (!config.protocol.CopyFrom(MakeConstSpan(proto, proto_len)) ||
2295
+ !config.settings.CopyFrom(MakeConstSpan(settings, settings_len)) ||
2296
+ !ssl->config->alps_configs.Push(std::move(config))) {
2297
+ return 0;
2298
+ }
2299
+ return 1;
2300
+ }
2301
+
2302
+ void SSL_get0_peer_application_settings(const SSL *ssl,
2303
+ const uint8_t **out_data,
2304
+ size_t *out_len) {
2305
+ const SSL_SESSION *session = SSL_get_session(ssl);
2306
+ Span<const uint8_t> settings =
2307
+ session ? session->peer_application_settings : Span<const uint8_t>();
2308
+ *out_data = settings.data();
2309
+ *out_len = settings.size();
2310
+ }
2311
+
2312
+ int SSL_has_application_settings(const SSL *ssl) {
2313
+ const SSL_SESSION *session = SSL_get_session(ssl);
2314
+ return session && session->has_application_settings;
2315
+ }
2316
+
2244
2317
  int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, uint16_t alg_id,
2245
2318
  ssl_cert_compression_func_t compress,
2246
2319
  ssl_cert_decompression_func_t decompress) {
@@ -2862,22 +2935,15 @@ void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
2862
2935
  ctx->false_start_allowed_without_alpn = !!allowed;
2863
2936
  }
2864
2937
 
2865
- int SSL_is_tls13_downgrade(const SSL *ssl) { return ssl->s3->tls13_downgrade; }
2938
+ int SSL_is_tls13_downgrade(const SSL *ssl) { return 0; }
2866
2939
 
2867
2940
  int SSL_used_hello_retry_request(const SSL *ssl) {
2868
2941
  return ssl->s3->used_hello_retry_request;
2869
2942
  }
2870
2943
 
2871
- void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {
2872
- ctx->ignore_tls13_downgrade = !!ignore;
2873
- }
2944
+ void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {}
2874
2945
 
2875
- void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {
2876
- if (!ssl->config) {
2877
- return;
2878
- }
2879
- ssl->config->ignore_tls13_downgrade = !!ignore;
2880
- }
2946
+ void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {}
2881
2947
 
2882
2948
  void SSL_set_shed_handshake_config(SSL *ssl, int enable) {
2883
2949
  if (!ssl->config) {
@@ -2893,6 +2959,13 @@ void SSL_set_jdk11_workaround(SSL *ssl, int enable) {
2893
2959
  ssl->config->jdk11_workaround = !!enable;
2894
2960
  }
2895
2961
 
2962
+ void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) {
2963
+ if (!ssl->config) {
2964
+ return;
2965
+ }
2966
+ ssl->config->quic_use_legacy_codepoint = !!use_legacy;
2967
+ }
2968
+
2896
2969
  int SSL_clear(SSL *ssl) {
2897
2970
  if (!ssl->config) {
2898
2971
  return 0; // SSL_clear may not be used after shedding config.
@@ -202,9 +202,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
202
202
  OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
203
203
 
204
204
  // Copy the key material.
205
- new_session->master_key_length = session->master_key_length;
206
- OPENSSL_memcpy(new_session->master_key, session->master_key,
207
- session->master_key_length);
205
+ new_session->secret_length = session->secret_length;
206
+ OPENSSL_memcpy(new_session->secret, session->secret, session->secret_length);
208
207
  new_session->cipher = session->cipher;
209
208
 
210
209
  // Copy authentication state.
@@ -264,13 +263,15 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
264
263
  new_session->ticket_age_add = session->ticket_age_add;
265
264
  new_session->ticket_max_early_data = session->ticket_max_early_data;
266
265
  new_session->extended_master_secret = session->extended_master_secret;
267
-
268
- if (!new_session->early_alpn.CopyFrom(session->early_alpn)) {
269
- return nullptr;
270
- }
271
-
272
- if (!new_session->quic_early_data_context.CopyFrom(
273
- session->quic_early_data_context)) {
266
+ new_session->has_application_settings = session->has_application_settings;
267
+
268
+ if (!new_session->early_alpn.CopyFrom(session->early_alpn) ||
269
+ !new_session->quic_early_data_context.CopyFrom(
270
+ session->quic_early_data_context) ||
271
+ !new_session->local_application_settings.CopyFrom(
272
+ session->local_application_settings) ||
273
+ !new_session->peer_application_settings.CopyFrom(
274
+ session->peer_application_settings)) {
274
275
  return nullptr;
275
276
  }
276
277
  }
@@ -364,12 +365,6 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
364
365
  session->is_server = is_server;
365
366
  session->ssl_version = ssl->version;
366
367
  session->is_quic = ssl->quic_method != nullptr;
367
- if (is_server && ssl->enable_early_data && session->is_quic) {
368
- if (!session->quic_early_data_context.CopyFrom(
369
- hs->config->quic_early_data_context)) {
370
- return 0;
371
- }
372
- }
373
368
 
374
369
  // Fill in the time from the |SSL_CTX|'s clock.
375
370
  struct OPENSSL_timeval now;
@@ -870,7 +865,8 @@ ssl_session_st::ssl_session_st(const SSL_X509_METHOD *method)
870
865
  not_resumable(false),
871
866
  ticket_age_add_valid(false),
872
867
  is_server(false),
873
- is_quic(false) {
868
+ is_quic(false),
869
+ has_application_settings(false) {
874
870
  CRYPTO_new_ex_data(&ex_data);
875
871
  time = ::time(nullptr);
876
872
  }
@@ -966,14 +962,14 @@ void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
966
962
 
967
963
  size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
968
964
  size_t max_out) {
969
- // TODO(davidben): Fix master_key_length's type and remove these casts.
965
+ // TODO(davidben): Fix secret_length's type and remove these casts.
970
966
  if (max_out == 0) {
971
- return (size_t)session->master_key_length;
967
+ return (size_t)session->secret_length;
972
968
  }
973
- if (max_out > (size_t)session->master_key_length) {
974
- max_out = (size_t)session->master_key_length;
969
+ if (max_out > (size_t)session->secret_length) {
970
+ max_out = (size_t)session->secret_length;
975
971
  }
976
- OPENSSL_memcpy(out, session->master_key, max_out);
972
+ OPENSSL_memcpy(out, session->secret, max_out);
977
973
  return max_out;
978
974
  }
979
975
 
@@ -265,8 +265,8 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len,
265
265
 
266
266
  static const size_t kFinishedLen = 12;
267
267
  if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen),
268
- MakeConstSpan(session->master_key, session->master_key_length),
269
- label, MakeConstSpan(digest, digest_len), {})) {
268
+ MakeConstSpan(session->secret, session->secret_length), label,
269
+ MakeConstSpan(digest, digest_len), {})) {
270
270
  return false;
271
271
  }
272
272
 
@@ -191,15 +191,14 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len,
191
191
 
192
192
  static bool generate_key_block(const SSL *ssl, Span<uint8_t> out,
193
193
  const SSL_SESSION *session) {
194
- auto master_key =
195
- MakeConstSpan(session->master_key, session->master_key_length);
194
+ auto secret = MakeConstSpan(session->secret, session->secret_length);
196
195
  static const char kLabel[] = "key expansion";
197
196
  auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1);
198
197
 
199
198
  const EVP_MD *digest = ssl_session_get_digest(session);
200
199
  // Note this function assumes that |session|'s key material corresponds to
201
200
  // |ssl->s3->client_random| and |ssl->s3->server_random|.
202
- return tls1_prf(digest, out, master_key, label, ssl->s3->server_random,
201
+ return tls1_prf(digest, out, secret, label, ssl->s3->server_random,
203
202
  ssl->s3->client_random);
204
203
  }
205
204
 
@@ -379,8 +378,7 @@ int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
379
378
 
380
379
  const SSL_SESSION *session = SSL_get_session(ssl);
381
380
  const EVP_MD *digest = ssl_session_get_digest(session);
382
- return tls1_prf(
383
- digest, MakeSpan(out, out_len),
384
- MakeConstSpan(session->master_key, session->master_key_length),
385
- MakeConstSpan(label, label_len), seed, {});
381
+ return tls1_prf(digest, MakeSpan(out, out_len),
382
+ MakeConstSpan(session->secret, session->secret_length),
383
+ MakeConstSpan(label, label_len), seed, {});
386
384
  }
@@ -113,10 +113,13 @@
113
113
  #include <stdlib.h>
114
114
  #include <string.h>
115
115
 
116
+ #include <algorithm>
116
117
  #include <utility>
117
118
 
119
+ #include <openssl/aead.h>
118
120
  #include <openssl/bytestring.h>
119
121
  #include <openssl/chacha.h>
122
+ #include <openssl/curve25519.h>
120
123
  #include <openssl/digest.h>
121
124
  #include <openssl/err.h>
122
125
  #include <openssl/evp.h>
@@ -125,13 +128,15 @@
125
128
  #include <openssl/nid.h>
126
129
  #include <openssl/rand.h>
127
130
 
128
- #include "internal.h"
131
+ #include "../crypto/hpke/internal.h"
129
132
  #include "../crypto/internal.h"
133
+ #include "internal.h"
130
134
 
131
135
 
132
136
  BSSL_NAMESPACE_BEGIN
133
137
 
134
138
  static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
139
+ static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs);
135
140
 
136
141
  static int compare_uint16_t(const void *p1, const void *p2) {
137
142
  uint16_t u1 = *((const uint16_t *)p1);
@@ -512,7 +517,7 @@ struct tls_extension {
512
517
  };
513
518
 
514
519
  static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
515
- CBS *contents) {
520
+ CBS *contents) {
516
521
  if (contents != NULL) {
517
522
  // Servers MUST NOT send this extension.
518
523
  *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
@@ -524,7 +529,7 @@ static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
524
529
  }
525
530
 
526
531
  static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
527
- CBS *contents) {
532
+ CBS *contents) {
528
533
  // This extension from the client is handled elsewhere.
529
534
  return true;
530
535
  }
@@ -586,6 +591,182 @@ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
586
591
  }
587
592
 
588
593
 
594
+ // Encrypted Client Hello (ECH)
595
+ //
596
+ // https://tools.ietf.org/html/draft-ietf-tls-esni-09
597
+
598
+ // random_size returns a random value between |min| and |max|, inclusive.
599
+ static size_t random_size(size_t min, size_t max) {
600
+ assert(min < max);
601
+ size_t value;
602
+ RAND_bytes(reinterpret_cast<uint8_t *>(&value), sizeof(value));
603
+ return value % (max - min + 1) + min;
604
+ }
605
+
606
+ static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) {
607
+ // If we are responding to the server's HelloRetryRequest, we repeat the bytes
608
+ // of the first ECH GREASE extension.
609
+ if (hs->ssl->s3->used_hello_retry_request) {
610
+ CBB ech_body;
611
+ if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
612
+ !CBB_add_u16_length_prefixed(out, &ech_body) ||
613
+ !CBB_add_bytes(&ech_body, hs->ech_grease.data(),
614
+ hs->ech_grease.size()) ||
615
+ !CBB_flush(out)) {
616
+ return false;
617
+ }
618
+ return true;
619
+ }
620
+
621
+ constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256;
622
+ const uint16_t aead_id = EVP_has_aes_hardware()
623
+ ? EVP_HPKE_AEAD_AES_GCM_128
624
+ : EVP_HPKE_AEAD_CHACHA20POLY1305;
625
+ const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id);
626
+ assert(aead != nullptr);
627
+
628
+ uint8_t ech_config_id[8];
629
+ RAND_bytes(ech_config_id, sizeof(ech_config_id));
630
+
631
+ uint8_t ech_enc[X25519_PUBLIC_VALUE_LEN];
632
+ uint8_t private_key_unused[X25519_PRIVATE_KEY_LEN];
633
+ X25519_keypair(ech_enc, private_key_unused);
634
+
635
+ // To determine a plausible length for the payload, we first estimate the size
636
+ // of a typical EncodedClientHelloInner, with an expected use of
637
+ // outer_extensions. To limit the size, we only consider initial ClientHellos
638
+ // that do not offer resumption.
639
+ //
640
+ // Field/Extension Size
641
+ // ---------------------------------------------------------------------
642
+ // version 2
643
+ // random 32
644
+ // legacy_session_id 1
645
+ // - Has a U8 length prefix, but body is
646
+ // always empty string in inner CH.
647
+ // cipher_suites 2 (length prefix)
648
+ // - Only includes TLS 1.3 ciphers (3). 6
649
+ // - Maybe also include a GREASE suite. 2
650
+ // legacy_compression_methods 2 (length prefix)
651
+ // - Always has "null" compression method. 1
652
+ // extensions: 2 (length prefix)
653
+ // - encrypted_client_hello (empty). 4 (id + length prefix)
654
+ // - supported_versions. 4 (id + length prefix)
655
+ // - U8 length prefix 1
656
+ // - U16 protocol version (TLS 1.3) 2
657
+ // - outer_extensions. 4 (id + length prefix)
658
+ // - U8 length prefix 1
659
+ // - N extension IDs (2 bytes each):
660
+ // - key_share 2
661
+ // - sigalgs 2
662
+ // - sct 2
663
+ // - alpn 2
664
+ // - supported_groups. 2
665
+ // - status_request. 2
666
+ // - psk_key_exchange_modes. 2
667
+ // - compress_certificate. 2
668
+ //
669
+ // The server_name extension has an overhead of 9 bytes, plus up to an
670
+ // estimated 100 bytes of hostname. Rounding up to a multiple of 32 yields a
671
+ // range of 96 to 192. Note that this estimate does not fully capture
672
+ // optional extensions like GREASE, but the rounding gives some leeway.
673
+
674
+ uint8_t payload[EVP_AEAD_MAX_OVERHEAD + 192];
675
+ const size_t payload_len =
676
+ EVP_AEAD_max_overhead(aead) + 32 * random_size(96 / 32, 192 / 32);
677
+ assert(payload_len <= sizeof(payload));
678
+ RAND_bytes(payload, payload_len);
679
+
680
+ // Inside the TLS extension contents, write a serialized ClientEncryptedCH.
681
+ CBB ech_body, config_id_cbb, enc_cbb, payload_cbb;
682
+ if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
683
+ !CBB_add_u16_length_prefixed(out, &ech_body) ||
684
+ !CBB_add_u16(&ech_body, kdf_id) || //
685
+ !CBB_add_u16(&ech_body, aead_id) ||
686
+ !CBB_add_u8_length_prefixed(&ech_body, &config_id_cbb) ||
687
+ !CBB_add_bytes(&config_id_cbb, ech_config_id, sizeof(ech_config_id)) ||
688
+ !CBB_add_u16_length_prefixed(&ech_body, &enc_cbb) ||
689
+ !CBB_add_bytes(&enc_cbb, ech_enc, OPENSSL_ARRAY_SIZE(ech_enc)) ||
690
+ !CBB_add_u16_length_prefixed(&ech_body, &payload_cbb) ||
691
+ !CBB_add_bytes(&payload_cbb, payload, payload_len) || //
692
+ !CBB_flush(&ech_body)) {
693
+ return false;
694
+ }
695
+ // Save the bytes of the newly-generated extension in case the server sends
696
+ // a HelloRetryRequest.
697
+ if (!hs->ech_grease.CopyFrom(
698
+ MakeConstSpan(CBB_data(&ech_body), CBB_len(&ech_body)))) {
699
+ return false;
700
+ }
701
+ return CBB_flush(out);
702
+ }
703
+
704
+ static bool ext_ech_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
705
+ if (hs->max_version < TLS1_3_VERSION) {
706
+ return true;
707
+ }
708
+ if (hs->config->ech_grease_enabled) {
709
+ return ext_ech_add_clienthello_grease(hs, out);
710
+ }
711
+ // Nothing to do, since we don't yet implement the non-GREASE parts of ECH.
712
+ return true;
713
+ }
714
+
715
+ static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
716
+ CBS *contents) {
717
+ if (contents == NULL) {
718
+ return true;
719
+ }
720
+
721
+ // If the client only sent GREASE, we must check the extension syntactically.
722
+ CBS ech_configs;
723
+ if (!CBS_get_u16_length_prefixed(contents, &ech_configs) ||
724
+ CBS_len(&ech_configs) == 0 || //
725
+ CBS_len(contents) > 0) {
726
+ *out_alert = SSL_AD_DECODE_ERROR;
727
+ return false;
728
+ }
729
+ while (CBS_len(&ech_configs) > 0) {
730
+ // Do a top-level parse of the ECHConfig, stopping before ECHConfigContents.
731
+ uint16_t version;
732
+ CBS ech_config_contents;
733
+ if (!CBS_get_u16(&ech_configs, &version) ||
734
+ !CBS_get_u16_length_prefixed(&ech_configs, &ech_config_contents)) {
735
+ *out_alert = SSL_AD_DECODE_ERROR;
736
+ return false;
737
+ }
738
+ }
739
+ return true;
740
+ }
741
+
742
+ static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
743
+ CBS *contents) {
744
+ if (contents != nullptr) {
745
+ hs->ech_present = true;
746
+ return true;
747
+ }
748
+ return true;
749
+ }
750
+
751
+ static bool ext_ech_is_inner_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
752
+ return true;
753
+ }
754
+
755
+ static bool ext_ech_is_inner_parse_clienthello(SSL_HANDSHAKE *hs,
756
+ uint8_t *out_alert,
757
+ CBS *contents) {
758
+ if (contents == nullptr) {
759
+ return true;
760
+ }
761
+ if (CBS_len(contents) > 0) {
762
+ *out_alert = SSL_AD_ILLEGAL_PARAMETER;
763
+ return false;
764
+ }
765
+ hs->ech_is_inner_present = true;
766
+ return true;
767
+ }
768
+
769
+
589
770
  // Renegotiation indication.
590
771
  //
591
772
  // https://tools.ietf.org/html/rfc5746
@@ -1247,7 +1428,7 @@ static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1247
1428
  SSL *const ssl = hs->ssl;
1248
1429
  if (hs->config->alpn_client_proto_list.empty() && ssl->quic_method) {
1249
1430
  // ALPN MUST be used with QUIC.
1250
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
1431
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1251
1432
  return false;
1252
1433
  }
1253
1434
 
@@ -1275,7 +1456,7 @@ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1275
1456
  if (contents == NULL) {
1276
1457
  if (ssl->quic_method) {
1277
1458
  // ALPN is required when QUIC is used.
1278
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
1459
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1279
1460
  *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1280
1461
  return false;
1281
1462
  }
@@ -1356,7 +1537,7 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1356
1537
  TLSEXT_TYPE_application_layer_protocol_negotiation)) {
1357
1538
  if (ssl->quic_method) {
1358
1539
  // ALPN is required when QUIC is used.
1359
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
1540
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1360
1541
  *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1361
1542
  return false;
1362
1543
  }
@@ -1380,7 +1561,6 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1380
1561
  CBS protocol_name_list_copy = protocol_name_list;
1381
1562
  while (CBS_len(&protocol_name_list_copy) > 0) {
1382
1563
  CBS protocol_name;
1383
-
1384
1564
  if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
1385
1565
  // Empty protocol names are forbidden.
1386
1566
  CBS_len(&protocol_name) == 0) {
@@ -1392,25 +1572,39 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
1392
1572
 
1393
1573
  const uint8_t *selected;
1394
1574
  uint8_t selected_len;
1395
- if (ssl->ctx->alpn_select_cb(
1396
- ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
1397
- CBS_len(&protocol_name_list),
1398
- ssl->ctx->alpn_select_cb_arg) == SSL_TLSEXT_ERR_OK) {
1399
- if (selected_len == 0) {
1400
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1401
- *out_alert = SSL_AD_INTERNAL_ERROR;
1575
+ int ret = ssl->ctx->alpn_select_cb(
1576
+ ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
1577
+ CBS_len(&protocol_name_list), ssl->ctx->alpn_select_cb_arg);
1578
+ // ALPN is required when QUIC is used.
1579
+ if (ssl->quic_method &&
1580
+ (ret == SSL_TLSEXT_ERR_NOACK || ret == SSL_TLSEXT_ERR_ALERT_WARNING)) {
1581
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
1582
+ }
1583
+ switch (ret) {
1584
+ case SSL_TLSEXT_ERR_OK:
1585
+ if (selected_len == 0) {
1586
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
1587
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1588
+ return false;
1589
+ }
1590
+ if (!ssl->s3->alpn_selected.CopyFrom(
1591
+ MakeConstSpan(selected, selected_len))) {
1592
+ *out_alert = SSL_AD_INTERNAL_ERROR;
1593
+ return false;
1594
+ }
1595
+ break;
1596
+ case SSL_TLSEXT_ERR_NOACK:
1597
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
1598
+ break;
1599
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
1600
+ *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1601
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
1402
1602
  return false;
1403
- }
1404
- if (!ssl->s3->alpn_selected.CopyFrom(
1405
- MakeConstSpan(selected, selected_len))) {
1603
+ default:
1604
+ // Invalid return value.
1406
1605
  *out_alert = SSL_AD_INTERNAL_ERROR;
1606
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1407
1607
  return false;
1408
- }
1409
- } else if (ssl->quic_method) {
1410
- // ALPN is required when QUIC is used.
1411
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
1412
- *out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
1413
- return false;
1414
1608
  }
1415
1609
 
1416
1610
  return true;
@@ -1946,6 +2140,21 @@ static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
1946
2140
  //
1947
2141
  // https://tools.ietf.org/html/rfc8446#section-4.2.10
1948
2142
 
2143
+ // ssl_get_local_application_settings looks up the configured ALPS value for
2144
+ // |protocol|. If found, it sets |*out_settings| to the value and returns true.
2145
+ // Otherwise, it returns false.
2146
+ static bool ssl_get_local_application_settings(
2147
+ const SSL_HANDSHAKE *hs, Span<const uint8_t> *out_settings,
2148
+ Span<const uint8_t> protocol) {
2149
+ for (const ALPSConfig &config : hs->config->alps_configs) {
2150
+ if (protocol == config.protocol) {
2151
+ *out_settings = config.settings;
2152
+ return true;
2153
+ }
2154
+ }
2155
+ return false;
2156
+ }
2157
+
1949
2158
  static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1950
2159
  SSL *const ssl = hs->ssl;
1951
2160
  // The second ClientHello never offers early data, and we must have already
@@ -1978,13 +2187,25 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
1978
2187
  return true;
1979
2188
  }
1980
2189
 
1981
- // In case ALPN preferences changed since this session was established, avoid
1982
- // reporting a confusing value in |SSL_get0_alpn_selected| and sending early
1983
- // data we know will be rejected.
1984
- if (!ssl->session->early_alpn.empty() &&
1985
- !ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
1986
- ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
1987
- return true;
2190
+ if (!ssl->session->early_alpn.empty()) {
2191
+ if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
2192
+ // Avoid reporting a confusing value in |SSL_get0_alpn_selected|.
2193
+ ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
2194
+ return true;
2195
+ }
2196
+
2197
+ // If the previous connection negotiated ALPS, only offer 0-RTT when the
2198
+ // local are settings are consistent with what we'd offer for this
2199
+ // connection.
2200
+ if (ssl->session->has_application_settings) {
2201
+ Span<const uint8_t> settings;
2202
+ if (!ssl_get_local_application_settings(hs, &settings,
2203
+ ssl->session->early_alpn) ||
2204
+ settings != ssl->session->local_application_settings) {
2205
+ ssl->s3->early_data_reason = ssl_early_data_alps_mismatch;
2206
+ return true;
2207
+ }
2208
+ }
1988
2209
  }
1989
2210
 
1990
2211
  // |early_data_reason| will be filled in later when the server responds.
@@ -2258,7 +2479,8 @@ bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
2258
2479
  return true;
2259
2480
  }
2260
2481
 
2261
- bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2482
+ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out,
2483
+ bool dry_run) {
2262
2484
  uint16_t group_id;
2263
2485
  CBB kse_bytes, public_key;
2264
2486
  if (!tls1_get_shared_group(hs, &group_id) ||
@@ -2271,10 +2493,10 @@ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2271
2493
  !CBB_flush(out)) {
2272
2494
  return false;
2273
2495
  }
2274
-
2275
- hs->ecdh_public_key.Reset();
2276
-
2277
- hs->new_session->group_id = group_id;
2496
+ if (!dry_run) {
2497
+ hs->ecdh_public_key.Reset();
2498
+ hs->new_session->group_id = group_id;
2499
+ }
2278
2500
  return true;
2279
2501
  }
2280
2502
 
@@ -2568,8 +2790,8 @@ static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2568
2790
 
2569
2791
  // QUIC Transport Parameters
2570
2792
 
2571
- static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2572
- CBB *out) {
2793
+ static bool ext_quic_transport_params_add_clienthello_impl(
2794
+ SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
2573
2795
  if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
2574
2796
  return true;
2575
2797
  }
@@ -2581,9 +2803,18 @@ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2581
2803
  return false;
2582
2804
  }
2583
2805
  assert(hs->min_version > TLS1_2_VERSION);
2806
+ if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2807
+ // Do nothing, we'll send the other codepoint.
2808
+ return true;
2809
+ }
2810
+
2811
+ uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
2812
+ if (hs->config->quic_use_legacy_codepoint) {
2813
+ extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
2814
+ }
2584
2815
 
2585
2816
  CBB contents;
2586
- if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
2817
+ if (!CBB_add_u16(out, extension_type) ||
2587
2818
  !CBB_add_u16_length_prefixed(out, &contents) ||
2588
2819
  !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2589
2820
  hs->config->quic_transport_params.size()) ||
@@ -2593,31 +2824,57 @@ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2593
2824
  return true;
2594
2825
  }
2595
2826
 
2596
- static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
2597
- uint8_t *out_alert,
2598
- CBS *contents) {
2827
+ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
2828
+ CBB *out) {
2829
+ return ext_quic_transport_params_add_clienthello_impl(
2830
+ hs, out, /*use_legacy_codepoint=*/false);
2831
+ }
2832
+
2833
+ static bool ext_quic_transport_params_add_clienthello_legacy(SSL_HANDSHAKE *hs,
2834
+ CBB *out) {
2835
+ return ext_quic_transport_params_add_clienthello_impl(
2836
+ hs, out, /*use_legacy_codepoint=*/true);
2837
+ }
2838
+
2839
+ static bool ext_quic_transport_params_parse_serverhello_impl(
2840
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
2841
+ bool used_legacy_codepoint) {
2599
2842
  SSL *const ssl = hs->ssl;
2600
2843
  if (contents == nullptr) {
2844
+ if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2845
+ // Silently ignore because we expect the other QUIC codepoint.
2846
+ return true;
2847
+ }
2601
2848
  if (!ssl->quic_method) {
2602
2849
  return true;
2603
2850
  }
2604
- assert(ssl->quic_method);
2605
2851
  *out_alert = SSL_AD_MISSING_EXTENSION;
2606
2852
  return false;
2607
2853
  }
2608
- if (!ssl->quic_method) {
2609
- *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2610
- return false;
2611
- }
2612
- // QUIC requires TLS 1.3.
2854
+ // The extensions parser will check for unsolicited extensions before
2855
+ // calling the callback.
2856
+ assert(ssl->quic_method != nullptr);
2613
2857
  assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2614
-
2858
+ assert(used_legacy_codepoint == hs->config->quic_use_legacy_codepoint);
2615
2859
  return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2616
2860
  }
2617
2861
 
2618
- static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
2862
+ static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
2619
2863
  uint8_t *out_alert,
2620
2864
  CBS *contents) {
2865
+ return ext_quic_transport_params_parse_serverhello_impl(
2866
+ hs, out_alert, contents, /*used_legacy_codepoint=*/false);
2867
+ }
2868
+
2869
+ static bool ext_quic_transport_params_parse_serverhello_legacy(
2870
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
2871
+ return ext_quic_transport_params_parse_serverhello_impl(
2872
+ hs, out_alert, contents, /*used_legacy_codepoint=*/true);
2873
+ }
2874
+
2875
+ static bool ext_quic_transport_params_parse_clienthello_impl(
2876
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
2877
+ bool used_legacy_codepoint) {
2621
2878
  SSL *const ssl = hs->ssl;
2622
2879
  if (!contents) {
2623
2880
  if (!ssl->quic_method) {
@@ -2628,29 +2885,72 @@ static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
2628
2885
  // for QUIC.
2629
2886
  OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2630
2887
  *out_alert = SSL_AD_INTERNAL_ERROR;
2888
+ return false;
2889
+ }
2890
+ if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2891
+ // Silently ignore because we expect the other QUIC codepoint.
2892
+ return true;
2631
2893
  }
2632
2894
  *out_alert = SSL_AD_MISSING_EXTENSION;
2633
2895
  return false;
2634
2896
  }
2635
2897
  if (!ssl->quic_method) {
2898
+ if (used_legacy_codepoint) {
2899
+ // Ignore the legacy private-use codepoint because that could be sent
2900
+ // to mean something else than QUIC transport parameters.
2901
+ return true;
2902
+ }
2903
+ // Fail if we received the codepoint registered with IANA for QUIC
2904
+ // because that is not allowed outside of QUIC.
2636
2905
  *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
2637
2906
  return false;
2638
2907
  }
2639
2908
  assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
2909
+ if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2910
+ // Silently ignore because we expect the other QUIC codepoint.
2911
+ return true;
2912
+ }
2640
2913
  return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
2641
2914
  }
2642
2915
 
2643
- static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2644
- CBB *out) {
2916
+ static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
2917
+ uint8_t *out_alert,
2918
+ CBS *contents) {
2919
+ return ext_quic_transport_params_parse_clienthello_impl(
2920
+ hs, out_alert, contents, /*used_legacy_codepoint=*/false);
2921
+ }
2922
+
2923
+ static bool ext_quic_transport_params_parse_clienthello_legacy(
2924
+ SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
2925
+ return ext_quic_transport_params_parse_clienthello_impl(
2926
+ hs, out_alert, contents, /*used_legacy_codepoint=*/true);
2927
+ }
2928
+
2929
+ static bool ext_quic_transport_params_add_serverhello_impl(
2930
+ SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
2931
+ if (hs->ssl->quic_method == nullptr && use_legacy_codepoint) {
2932
+ // Ignore the legacy private-use codepoint because that could be sent
2933
+ // to mean something else than QUIC transport parameters.
2934
+ return true;
2935
+ }
2645
2936
  assert(hs->ssl->quic_method != nullptr);
2646
2937
  if (hs->config->quic_transport_params.empty()) {
2647
2938
  // Transport parameters must be set when using QUIC.
2648
2939
  OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
2649
2940
  return false;
2650
2941
  }
2942
+ if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
2943
+ // Do nothing, we'll send the other codepoint.
2944
+ return true;
2945
+ }
2946
+
2947
+ uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
2948
+ if (hs->config->quic_use_legacy_codepoint) {
2949
+ extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
2950
+ }
2651
2951
 
2652
2952
  CBB contents;
2653
- if (!CBB_add_u16(out, TLSEXT_TYPE_quic_transport_parameters) ||
2953
+ if (!CBB_add_u16(out, extension_type) ||
2654
2954
  !CBB_add_u16_length_prefixed(out, &contents) ||
2655
2955
  !CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
2656
2956
  hs->config->quic_transport_params.size()) ||
@@ -2661,6 +2961,18 @@ static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2661
2961
  return true;
2662
2962
  }
2663
2963
 
2964
+ static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
2965
+ CBB *out) {
2966
+ return ext_quic_transport_params_add_serverhello_impl(
2967
+ hs, out, /*use_legacy_codepoint=*/false);
2968
+ }
2969
+
2970
+ static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs,
2971
+ CBB *out) {
2972
+ return ext_quic_transport_params_add_serverhello_impl(
2973
+ hs, out, /*use_legacy_codepoint=*/true);
2974
+ }
2975
+
2664
2976
  // Delegated credentials.
2665
2977
  //
2666
2978
  // https://tools.ietf.org/html/draft-ietf-tls-subcerts
@@ -2797,6 +3109,144 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
2797
3109
  return true;
2798
3110
  }
2799
3111
 
3112
+ // Application-level Protocol Settings
3113
+ //
3114
+ // https://tools.ietf.org/html/draft-vvv-tls-alps-01
3115
+
3116
+ static bool ext_alps_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
3117
+ SSL *const ssl = hs->ssl;
3118
+ if (// ALPS requires TLS 1.3.
3119
+ hs->max_version < TLS1_3_VERSION ||
3120
+ // Do not offer ALPS without ALPN.
3121
+ hs->config->alpn_client_proto_list.empty() ||
3122
+ // Do not offer ALPS if not configured.
3123
+ hs->config->alps_configs.empty() ||
3124
+ // Do not offer ALPS on renegotiation handshakes.
3125
+ ssl->s3->initial_handshake_complete) {
3126
+ return true;
3127
+ }
3128
+
3129
+ CBB contents, proto_list, proto;
3130
+ if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
3131
+ !CBB_add_u16_length_prefixed(out, &contents) ||
3132
+ !CBB_add_u16_length_prefixed(&contents, &proto_list)) {
3133
+ return false;
3134
+ }
3135
+
3136
+ for (const ALPSConfig &config : hs->config->alps_configs) {
3137
+ if (!CBB_add_u8_length_prefixed(&proto_list, &proto) ||
3138
+ !CBB_add_bytes(&proto, config.protocol.data(),
3139
+ config.protocol.size())) {
3140
+ return false;
3141
+ }
3142
+ }
3143
+
3144
+ return CBB_flush(out);
3145
+ }
3146
+
3147
+ static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
3148
+ CBS *contents) {
3149
+ SSL *const ssl = hs->ssl;
3150
+ if (contents == nullptr) {
3151
+ return true;
3152
+ }
3153
+
3154
+ assert(!ssl->s3->initial_handshake_complete);
3155
+ assert(!hs->config->alpn_client_proto_list.empty());
3156
+ assert(!hs->config->alps_configs.empty());
3157
+
3158
+ // ALPS requires TLS 1.3.
3159
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
3160
+ *out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
3161
+ OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
3162
+ return false;
3163
+ }
3164
+
3165
+ // Note extension callbacks may run in any order, so we defer checking
3166
+ // consistency with ALPN to |ssl_check_serverhello_tlsext|.
3167
+ if (!hs->new_session->peer_application_settings.CopyFrom(*contents)) {
3168
+ *out_alert = SSL_AD_INTERNAL_ERROR;
3169
+ return false;
3170
+ }
3171
+
3172
+ hs->new_session->has_application_settings = true;
3173
+ return true;
3174
+ }
3175
+
3176
+ static bool ext_alps_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
3177
+ SSL *const ssl = hs->ssl;
3178
+ // If early data is accepted, we omit the ALPS extension. It is implicitly
3179
+ // carried over from the previous connection.
3180
+ if (hs->new_session == nullptr ||
3181
+ !hs->new_session->has_application_settings ||
3182
+ ssl->s3->early_data_accepted) {
3183
+ return true;
3184
+ }
3185
+
3186
+ CBB contents;
3187
+ if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
3188
+ !CBB_add_u16_length_prefixed(out, &contents) ||
3189
+ !CBB_add_bytes(&contents,
3190
+ hs->new_session->local_application_settings.data(),
3191
+ hs->new_session->local_application_settings.size()) ||
3192
+ !CBB_flush(out)) {
3193
+ return false;
3194
+ }
3195
+
3196
+ return true;
3197
+ }
3198
+
3199
+ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
3200
+ const SSL_CLIENT_HELLO *client_hello) {
3201
+ SSL *const ssl = hs->ssl;
3202
+ if (ssl->s3->alpn_selected.empty()) {
3203
+ return true;
3204
+ }
3205
+
3206
+ // If we negotiate ALPN over TLS 1.3, try to negotiate ALPS.
3207
+ CBS alps_contents;
3208
+ Span<const uint8_t> settings;
3209
+ if (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
3210
+ ssl_get_local_application_settings(hs, &settings,
3211
+ ssl->s3->alpn_selected) &&
3212
+ ssl_client_hello_get_extension(client_hello, &alps_contents,
3213
+ TLSEXT_TYPE_application_settings)) {
3214
+ // Check if the client supports ALPS with the selected ALPN.
3215
+ bool found = false;
3216
+ CBS alps_list;
3217
+ if (!CBS_get_u16_length_prefixed(&alps_contents, &alps_list) ||
3218
+ CBS_len(&alps_contents) != 0 ||
3219
+ CBS_len(&alps_list) == 0) {
3220
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3221
+ *out_alert = SSL_AD_DECODE_ERROR;
3222
+ return false;
3223
+ }
3224
+ while (CBS_len(&alps_list) > 0) {
3225
+ CBS protocol_name;
3226
+ if (!CBS_get_u8_length_prefixed(&alps_list, &protocol_name) ||
3227
+ // Empty protocol names are forbidden.
3228
+ CBS_len(&protocol_name) == 0) {
3229
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
3230
+ *out_alert = SSL_AD_DECODE_ERROR;
3231
+ return false;
3232
+ }
3233
+ if (protocol_name == MakeConstSpan(ssl->s3->alpn_selected)) {
3234
+ found = true;
3235
+ }
3236
+ }
3237
+
3238
+ // Negotiate ALPS if both client also supports ALPS for this protocol.
3239
+ if (found) {
3240
+ hs->new_session->has_application_settings = true;
3241
+ if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
3242
+ *out_alert = SSL_AD_INTERNAL_ERROR;
3243
+ return false;
3244
+ }
3245
+ }
3246
+ }
3247
+
3248
+ return true;
3249
+ }
2800
3250
 
2801
3251
  // kExtensions contains all the supported extensions.
2802
3252
  static const struct tls_extension kExtensions[] = {
@@ -2808,6 +3258,22 @@ static const struct tls_extension kExtensions[] = {
2808
3258
  ext_sni_parse_clienthello,
2809
3259
  ext_sni_add_serverhello,
2810
3260
  },
3261
+ {
3262
+ TLSEXT_TYPE_encrypted_client_hello,
3263
+ NULL,
3264
+ ext_ech_add_clienthello,
3265
+ ext_ech_parse_serverhello,
3266
+ ext_ech_parse_clienthello,
3267
+ dont_add_serverhello,
3268
+ },
3269
+ {
3270
+ TLSEXT_TYPE_ech_is_inner,
3271
+ NULL,
3272
+ ext_ech_is_inner_add_clienthello,
3273
+ forbid_parse_serverhello,
3274
+ ext_ech_is_inner_parse_clienthello,
3275
+ dont_add_serverhello,
3276
+ },
2811
3277
  {
2812
3278
  TLSEXT_TYPE_extended_master_secret,
2813
3279
  NULL,
@@ -2947,13 +3413,21 @@ static const struct tls_extension kExtensions[] = {
2947
3413
  dont_add_serverhello,
2948
3414
  },
2949
3415
  {
2950
- TLSEXT_TYPE_quic_transport_parameters,
3416
+ TLSEXT_TYPE_quic_transport_parameters_standard,
2951
3417
  NULL,
2952
3418
  ext_quic_transport_params_add_clienthello,
2953
3419
  ext_quic_transport_params_parse_serverhello,
2954
3420
  ext_quic_transport_params_parse_clienthello,
2955
3421
  ext_quic_transport_params_add_serverhello,
2956
3422
  },
3423
+ {
3424
+ TLSEXT_TYPE_quic_transport_parameters_legacy,
3425
+ NULL,
3426
+ ext_quic_transport_params_add_clienthello_legacy,
3427
+ ext_quic_transport_params_parse_serverhello_legacy,
3428
+ ext_quic_transport_params_parse_clienthello_legacy,
3429
+ ext_quic_transport_params_add_serverhello_legacy,
3430
+ },
2957
3431
  {
2958
3432
  TLSEXT_TYPE_token_binding,
2959
3433
  NULL,
@@ -2978,6 +3452,15 @@ static const struct tls_extension kExtensions[] = {
2978
3452
  ext_delegated_credential_parse_clienthello,
2979
3453
  dont_add_serverhello,
2980
3454
  },
3455
+ {
3456
+ TLSEXT_TYPE_application_settings,
3457
+ NULL,
3458
+ ext_alps_add_clienthello,
3459
+ ext_alps_parse_serverhello,
3460
+ // ALPS is negotiated late in |ssl_negotiate_alpn|.
3461
+ ignore_parse_clienthello,
3462
+ ext_alps_add_serverhello,
3463
+ },
2981
3464
  };
2982
3465
 
2983
3466
  #define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
@@ -3370,6 +3853,36 @@ static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
3370
3853
  }
3371
3854
  }
3372
3855
 
3856
+ static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) {
3857
+ SSL *const ssl = hs->ssl;
3858
+ // ALPS and ALPN have a dependency between each other, so we defer checking
3859
+ // consistency to after the callbacks run.
3860
+ if (hs->new_session != nullptr && hs->new_session->has_application_settings) {
3861
+ // ALPN must be negotiated.
3862
+ if (ssl->s3->alpn_selected.empty()) {
3863
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN);
3864
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
3865
+ return false;
3866
+ }
3867
+
3868
+ // The negotiated protocol must be one of the ones we advertised for ALPS.
3869
+ Span<const uint8_t> settings;
3870
+ if (!ssl_get_local_application_settings(hs, &settings,
3871
+ ssl->s3->alpn_selected)) {
3872
+ OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
3873
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
3874
+ return false;
3875
+ }
3876
+
3877
+ if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
3878
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
3879
+ return false;
3880
+ }
3881
+ }
3882
+
3883
+ return true;
3884
+ }
3885
+
3373
3886
  bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
3374
3887
  SSL *const ssl = hs->ssl;
3375
3888
  int alert = SSL_AD_DECODE_ERROR;
@@ -3378,6 +3891,10 @@ bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
3378
3891
  return false;
3379
3892
  }
3380
3893
 
3894
+ if (!ssl_check_serverhello_tlsext(hs)) {
3895
+ return false;
3896
+ }
3897
+
3381
3898
  return true;
3382
3899
  }
3383
3900