grpc 1.33.0.pre1 → 1.37.0.pre1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +1075 -2814
- data/etc/roots.pem +257 -573
- data/include/grpc/compression.h +1 -1
- data/include/grpc/grpc.h +29 -2
- data/include/grpc/grpc_security.h +215 -175
- data/include/grpc/impl/codegen/atm_windows.h +4 -0
- data/include/grpc/impl/codegen/byte_buffer.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +10 -3
- data/include/grpc/impl/codegen/log.h +0 -2
- data/include/grpc/impl/codegen/port_platform.h +24 -55
- data/include/grpc/impl/codegen/sync_windows.h +4 -0
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/support/sync.h +3 -3
- data/include/grpc/support/time.h +7 -7
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +2829 -1588
- data/src/core/ext/filters/client_channel/client_channel.h +0 -6
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/config_selector.h +15 -4
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +191 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +10 -7
- data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -4
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +7 -8
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
- data/src/core/ext/filters/client_channel/lb_policy.cc +9 -2
- data/src/core/ext/filters/client_channel/lb_policy.h +5 -6
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +115 -106
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +55 -23
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +370 -109
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/{eds_drop.cc → xds_cluster_impl.cc} +332 -108
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +22 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1384 -0
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +7 -5
- data/src/core/ext/filters/client_channel/resolver.h +5 -13
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +42 -58
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +444 -22
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +22 -23
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +21 -18
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +37 -30
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +342 -133
- data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +24 -38
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +8 -8
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
- data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
- data/src/core/ext/filters/client_channel/server_address.cc +9 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -4
- data/src/core/ext/filters/client_channel/service_config.cc +3 -1
- data/src/core/ext/filters/client_channel/service_config.h +1 -1
- data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
- data/src/core/ext/filters/client_channel/subchannel.cc +117 -207
- data/src/core/ext/filters/client_channel/subchannel.h +75 -113
- data/src/core/ext/filters/client_channel/subchannel_interface.h +7 -15
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +16 -10
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +495 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
- data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +36 -33
- data/src/core/ext/filters/message_size/message_size_filter.cc +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
- data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
- data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +23 -10
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +29 -16
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +629 -211
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +50 -39
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.h +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +27 -28
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +139 -40
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +119 -124
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +450 -284
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +24 -23
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +62 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +21 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +88 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +69 -45
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +275 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +19 -19
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +80 -43
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +27 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +30 -30
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +136 -49
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +41 -41
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +172 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +53 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +188 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +48 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -14
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +34 -32
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +151 -61
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +33 -29
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +138 -54
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +81 -35
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +15 -13
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +70 -37
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +257 -216
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +995 -495
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +26 -6
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -4
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +96 -98
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +378 -226
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +28 -25
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +124 -53
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +9 -12
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +29 -24
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +32 -33
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +118 -67
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +51 -44
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +179 -129
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -8
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -3
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +2 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +16 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +34 -34
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +149 -72
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +54 -37
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +171 -59
- data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
- data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
- data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +6 -6
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +251 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +543 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +136 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +272 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +135 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +231 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +107 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +195 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +193 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +101 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +944 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +290 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +505 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +170 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +246 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +142 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +80 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +80 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +69 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +310 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +7 -5
- data/src/core/ext/xds/certificate_provider_store.cc +87 -0
- data/src/core/ext/xds/certificate_provider_store.h +70 -8
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
- data/src/core/ext/xds/xds_api.cc +2378 -1183
- data/src/core/ext/xds/xds_api.h +373 -99
- data/src/core/ext/xds/xds_bootstrap.cc +250 -68
- data/src/core/ext/xds/xds_bootstrap.h +40 -13
- data/src/core/ext/xds/xds_certificate_provider.cc +405 -0
- data/src/core/ext/xds/xds_certificate_provider.h +151 -0
- data/src/core/ext/xds/xds_client.cc +364 -182
- data/src/core/ext/xds/xds_client.h +47 -12
- data/src/core/ext/xds/xds_client_stats.cc +43 -5
- data/src/core/ext/xds/xds_client_stats.h +4 -4
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +532 -0
- data/src/core/lib/channel/channel_args.cc +9 -8
- data/src/core/lib/channel/channel_stack.cc +12 -0
- data/src/core/lib/channel/channel_stack.h +7 -0
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channel_trace.h +1 -1
- data/src/core/lib/channel/channelz.cc +105 -18
- data/src/core/lib/channel/channelz.h +32 -4
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/channelz_registry.h +0 -1
- data/src/core/lib/channel/handshaker.cc +4 -46
- data/src/core/lib/channel/handshaker.h +3 -20
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_args.cc +3 -2
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats.h +2 -2
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/debug/stats_data.h +13 -13
- data/src/core/lib/gpr/alloc.cc +3 -2
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log.cc +59 -17
- data/src/core/lib/gpr/log_linux.cc +19 -3
- data/src/core/lib/gpr/log_posix.cc +15 -1
- data/src/core/lib/gpr/log_windows.cc +18 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +23 -22
- data/src/core/lib/gpr/string.h +5 -6
- data/src/core/lib/gpr/sync.cc +4 -4
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gpr/time.cc +12 -12
- data/src/core/lib/gpr/time_precise.cc +3 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/arena.h +3 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +46 -51
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +42 -48
- data/src/core/lib/gprpp/ref_counted_ptr.h +20 -12
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +3 -3
- data/src/core/lib/gprpp/thd_posix.cc +42 -37
- data/src/core/lib/gprpp/thd_windows.cc +3 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +3 -3
- data/src/core/lib/http/parser.cc +47 -27
- data/src/core/lib/iomgr/buffer_list.h +1 -1
- data/src/core/lib/iomgr/call_combiner.cc +8 -5
- data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
- data/src/core/lib/iomgr/combiner.cc +2 -1
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/error.cc +17 -12
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +11 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +23 -16
- data/src/core/lib/iomgr/ev_epollex_linux.cc +29 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
- data/src/core/lib/iomgr/ev_posix.cc +3 -3
- data/src/core/lib/iomgr/exec_ctx.cc +7 -3
- data/src/core/lib/iomgr/exec_ctx.h +6 -4
- data/src/core/lib/iomgr/executor.cc +2 -1
- data/src/core/lib/iomgr/executor.h +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +4 -4
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/load_file.h +1 -1
- data/src/core/lib/iomgr/lockfree_event.cc +19 -14
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/parse_address.cc +127 -43
- data/src/core/lib/iomgr/parse_address.h +32 -8
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
- data/src/core/lib/iomgr/python_util.h +4 -4
- data/src/core/lib/iomgr/resolve_address.cc +4 -4
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/resource_quota.cc +5 -5
- data/src/core/lib/iomgr/sockaddr_utils.cc +131 -11
- data/src/core/lib/iomgr/sockaddr_utils.h +26 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_mutator.cc +3 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_custom.cc +22 -17
- data/src/core/lib/iomgr/tcp_posix.cc +17 -16
- data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
- data/src/core/lib/iomgr/tcp_uv.cc +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +5 -5
- data/src/core/lib/iomgr/timer_generic.cc +5 -5
- data/src/core/lib/iomgr/timer_manager.cc +3 -3
- data/src/core/lib/iomgr/udp_server.cc +1 -2
- data/src/core/lib/iomgr/udp_server.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +32 -21
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +12 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.h +167 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +339 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/security/context/security_context.cc +4 -3
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/credentials.cc +7 -7
- data/src/core/lib/security/credentials/credentials.h +5 -4
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +25 -18
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -4
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +39 -46
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +7 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +30 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +13 -14
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -150
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +57 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +18 -13
- data/src/core/lib/security/credentials/tls/tls_credentials.h +3 -3
- data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +209 -10
- data/src/core/lib/security/credentials/xds/xds_credentials.h +27 -9
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +3 -3
- data/src/core/lib/security/security_connector/security_connector.cc +4 -3
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -6
- data/src/core/lib/security/security_connector/ssl_utils.h +16 -21
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +360 -279
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +105 -61
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +36 -8
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +11 -13
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/surface/call.cc +41 -32
- data/src/core/lib/surface/call_details.cc +8 -8
- data/src/core/lib/surface/channel.cc +16 -10
- data/src/core/lib/surface/channel.h +6 -5
- data/src/core/lib/surface/channel_init.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +31 -25
- data/src/core/lib/surface/completion_queue.h +16 -16
- data/src/core/lib/surface/init.cc +19 -20
- data/src/core/lib/surface/lame_client.cc +47 -54
- data/src/core/lib/surface/lame_client.h +5 -0
- data/src/core/lib/surface/server.cc +106 -53
- data/src/core/lib/surface/server.h +114 -20
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +6 -4
- data/src/core/lib/transport/authority_override.h +7 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +9 -7
- data/src/core/lib/transport/error_utils.h +1 -1
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/metadata_batch.cc +27 -0
- data/src/core/lib/transport/metadata_batch.h +18 -4
- data/src/core/lib/transport/static_metadata.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +4 -3
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +8 -8
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +26 -8
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -25
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +43 -47
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
- data/src/core/tsi/fake_transport_security.cc +17 -5
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +3 -2
- data/src/core/tsi/ssl_transport_security.cc +73 -56
- data/src/core/tsi/ssl_transport_security.h +6 -6
- data/src/core/tsi/transport_security.cc +10 -8
- data/src/core/tsi/transport_security_interface.h +1 -1
- data/src/ruby/ext/grpc/extconf.rb +10 -2
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +36 -14
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +70 -37
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +4 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +728 -722
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +97 -39
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +155 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +90 -63
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +60 -60
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +179 -47
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -29
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +25 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +10 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +14 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +122 -34
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +31 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +31 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -99
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +546 -402
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +73 -17
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +49 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +87 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +18 -22
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +570 -53
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +55 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +192 -56
- data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
- data/third_party/upb/upb/decode.c +248 -167
- data/third_party/upb/upb/decode.h +20 -1
- data/third_party/upb/upb/decode.int.h +163 -0
- data/third_party/upb/upb/decode_fast.c +1040 -0
- data/third_party/upb/upb/decode_fast.h +126 -0
- data/third_party/upb/upb/def.c +2178 -0
- data/third_party/upb/upb/def.h +315 -0
- data/third_party/upb/upb/def.hpp +439 -0
- data/third_party/upb/upb/encode.c +227 -169
- data/third_party/upb/upb/encode.h +27 -2
- data/third_party/upb/upb/msg.c +167 -88
- data/third_party/upb/upb/msg.h +174 -34
- data/third_party/upb/upb/port_def.inc +74 -61
- data/third_party/upb/upb/port_undef.inc +3 -7
- data/third_party/upb/upb/reflection.c +408 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/table.c +34 -197
- data/third_party/upb/upb/table.int.h +14 -5
- data/third_party/upb/upb/text_encode.c +421 -0
- data/third_party/upb/upb/text_encode.h +38 -0
- data/third_party/upb/upb/upb.c +18 -41
- data/third_party/upb/upb/upb.h +36 -7
- data/third_party/upb/upb/upb.hpp +4 -4
- data/third_party/upb/upb/upb.int.h +29 -0
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +335 -75
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -1136
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -355
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -138
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -53
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -129
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -77
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -85
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -160
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -84
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +0 -377
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +0 -102
- data/src/core/lib/gprpp/map.h +0 -53
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -153
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -42
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -68
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -93
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -56
- data/src/core/lib/security/certificate_provider.h +0 -60
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -503
- data/third_party/upb/upb/port.c +0 -26
|
@@ -565,7 +565,6 @@ ssl_ctx_st::ssl_ctx_st(const SSL_METHOD *ssl_method)
|
|
|
565
565
|
grease_enabled(false),
|
|
566
566
|
allow_unknown_alpn_protos(false),
|
|
567
567
|
false_start_allowed_without_alpn(false),
|
|
568
|
-
ignore_tls13_downgrade(false),
|
|
569
568
|
handoff(false),
|
|
570
569
|
enable_early_data(false) {
|
|
571
570
|
CRYPTO_MUTEX_init(&lock);
|
|
@@ -711,7 +710,6 @@ SSL *SSL_new(SSL_CTX *ctx) {
|
|
|
711
710
|
ctx->signed_cert_timestamps_enabled;
|
|
712
711
|
ssl->config->ocsp_stapling_enabled = ctx->ocsp_stapling_enabled;
|
|
713
712
|
ssl->config->handoff = ctx->handoff;
|
|
714
|
-
ssl->config->ignore_tls13_downgrade = ctx->ignore_tls13_downgrade;
|
|
715
713
|
ssl->quic_method = ctx->quic_method;
|
|
716
714
|
|
|
717
715
|
if (!ssl->method->ssl_new(ssl.get()) ||
|
|
@@ -724,6 +722,7 @@ SSL *SSL_new(SSL_CTX *ctx) {
|
|
|
724
722
|
|
|
725
723
|
SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
|
|
726
724
|
: ssl(ssl_arg),
|
|
725
|
+
ech_grease_enabled(false),
|
|
727
726
|
signed_cert_timestamps_enabled(false),
|
|
728
727
|
ocsp_stapling_enabled(false),
|
|
729
728
|
channel_id_enabled(false),
|
|
@@ -731,8 +730,8 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
|
|
|
731
730
|
retain_only_sha256_of_client_certs(false),
|
|
732
731
|
handoff(false),
|
|
733
732
|
shed_handshake_config(false),
|
|
734
|
-
|
|
735
|
-
|
|
733
|
+
jdk11_workaround(false),
|
|
734
|
+
quic_use_legacy_codepoint(true) {
|
|
736
735
|
assert(ssl);
|
|
737
736
|
}
|
|
738
737
|
|
|
@@ -1294,6 +1293,43 @@ enum ssl_early_data_reason_t SSL_get_early_data_reason(const SSL *ssl) {
|
|
|
1294
1293
|
return ssl->s3->early_data_reason;
|
|
1295
1294
|
}
|
|
1296
1295
|
|
|
1296
|
+
const char *SSL_early_data_reason_string(enum ssl_early_data_reason_t reason) {
|
|
1297
|
+
switch (reason) {
|
|
1298
|
+
case ssl_early_data_unknown:
|
|
1299
|
+
return "unknown";
|
|
1300
|
+
case ssl_early_data_disabled:
|
|
1301
|
+
return "disabled";
|
|
1302
|
+
case ssl_early_data_accepted:
|
|
1303
|
+
return "accepted";
|
|
1304
|
+
case ssl_early_data_protocol_version:
|
|
1305
|
+
return "protocol_version";
|
|
1306
|
+
case ssl_early_data_peer_declined:
|
|
1307
|
+
return "peer_declined";
|
|
1308
|
+
case ssl_early_data_no_session_offered:
|
|
1309
|
+
return "no_session_offered";
|
|
1310
|
+
case ssl_early_data_session_not_resumed:
|
|
1311
|
+
return "session_not_resumed";
|
|
1312
|
+
case ssl_early_data_unsupported_for_session:
|
|
1313
|
+
return "unsupported_for_session";
|
|
1314
|
+
case ssl_early_data_hello_retry_request:
|
|
1315
|
+
return "hello_retry_request";
|
|
1316
|
+
case ssl_early_data_alpn_mismatch:
|
|
1317
|
+
return "alpn_mismatch";
|
|
1318
|
+
case ssl_early_data_channel_id:
|
|
1319
|
+
return "channel_id";
|
|
1320
|
+
case ssl_early_data_token_binding:
|
|
1321
|
+
return "token_binding";
|
|
1322
|
+
case ssl_early_data_ticket_age_skew:
|
|
1323
|
+
return "ticket_age_skew";
|
|
1324
|
+
case ssl_early_data_quic_parameter_mismatch:
|
|
1325
|
+
return "quic_parameter_mismatch";
|
|
1326
|
+
case ssl_early_data_alps_mismatch:
|
|
1327
|
+
return "alps_mismatch";
|
|
1328
|
+
}
|
|
1329
|
+
|
|
1330
|
+
return nullptr;
|
|
1331
|
+
}
|
|
1332
|
+
|
|
1297
1333
|
static int bio_retry_reason_to_error(int reason) {
|
|
1298
1334
|
switch (reason) {
|
|
1299
1335
|
case BIO_RR_CONNECT:
|
|
@@ -1432,6 +1468,13 @@ const char *SSL_error_description(int err) {
|
|
|
1432
1468
|
}
|
|
1433
1469
|
}
|
|
1434
1470
|
|
|
1471
|
+
void SSL_set_enable_ech_grease(SSL *ssl, int enable) {
|
|
1472
|
+
if (!ssl->config) {
|
|
1473
|
+
return;
|
|
1474
|
+
}
|
|
1475
|
+
ssl->config->ech_grease_enabled = !!enable;
|
|
1476
|
+
}
|
|
1477
|
+
|
|
1435
1478
|
uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) {
|
|
1436
1479
|
ctx->options |= options;
|
|
1437
1480
|
return ctx->options;
|
|
@@ -2241,6 +2284,36 @@ void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx, int enabled) {
|
|
|
2241
2284
|
ctx->allow_unknown_alpn_protos = !!enabled;
|
|
2242
2285
|
}
|
|
2243
2286
|
|
|
2287
|
+
int SSL_add_application_settings(SSL *ssl, const uint8_t *proto,
|
|
2288
|
+
size_t proto_len, const uint8_t *settings,
|
|
2289
|
+
size_t settings_len) {
|
|
2290
|
+
if (!ssl->config) {
|
|
2291
|
+
return 0;
|
|
2292
|
+
}
|
|
2293
|
+
ALPSConfig config;
|
|
2294
|
+
if (!config.protocol.CopyFrom(MakeConstSpan(proto, proto_len)) ||
|
|
2295
|
+
!config.settings.CopyFrom(MakeConstSpan(settings, settings_len)) ||
|
|
2296
|
+
!ssl->config->alps_configs.Push(std::move(config))) {
|
|
2297
|
+
return 0;
|
|
2298
|
+
}
|
|
2299
|
+
return 1;
|
|
2300
|
+
}
|
|
2301
|
+
|
|
2302
|
+
void SSL_get0_peer_application_settings(const SSL *ssl,
|
|
2303
|
+
const uint8_t **out_data,
|
|
2304
|
+
size_t *out_len) {
|
|
2305
|
+
const SSL_SESSION *session = SSL_get_session(ssl);
|
|
2306
|
+
Span<const uint8_t> settings =
|
|
2307
|
+
session ? session->peer_application_settings : Span<const uint8_t>();
|
|
2308
|
+
*out_data = settings.data();
|
|
2309
|
+
*out_len = settings.size();
|
|
2310
|
+
}
|
|
2311
|
+
|
|
2312
|
+
int SSL_has_application_settings(const SSL *ssl) {
|
|
2313
|
+
const SSL_SESSION *session = SSL_get_session(ssl);
|
|
2314
|
+
return session && session->has_application_settings;
|
|
2315
|
+
}
|
|
2316
|
+
|
|
2244
2317
|
int SSL_CTX_add_cert_compression_alg(SSL_CTX *ctx, uint16_t alg_id,
|
|
2245
2318
|
ssl_cert_compression_func_t compress,
|
|
2246
2319
|
ssl_cert_decompression_func_t decompress) {
|
|
@@ -2862,22 +2935,15 @@ void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx, int allowed) {
|
|
|
2862
2935
|
ctx->false_start_allowed_without_alpn = !!allowed;
|
|
2863
2936
|
}
|
|
2864
2937
|
|
|
2865
|
-
int SSL_is_tls13_downgrade(const SSL *ssl) { return
|
|
2938
|
+
int SSL_is_tls13_downgrade(const SSL *ssl) { return 0; }
|
|
2866
2939
|
|
|
2867
2940
|
int SSL_used_hello_retry_request(const SSL *ssl) {
|
|
2868
2941
|
return ssl->s3->used_hello_retry_request;
|
|
2869
2942
|
}
|
|
2870
2943
|
|
|
2871
|
-
void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {
|
|
2872
|
-
ctx->ignore_tls13_downgrade = !!ignore;
|
|
2873
|
-
}
|
|
2944
|
+
void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx, int ignore) {}
|
|
2874
2945
|
|
|
2875
|
-
void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {
|
|
2876
|
-
if (!ssl->config) {
|
|
2877
|
-
return;
|
|
2878
|
-
}
|
|
2879
|
-
ssl->config->ignore_tls13_downgrade = !!ignore;
|
|
2880
|
-
}
|
|
2946
|
+
void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore) {}
|
|
2881
2947
|
|
|
2882
2948
|
void SSL_set_shed_handshake_config(SSL *ssl, int enable) {
|
|
2883
2949
|
if (!ssl->config) {
|
|
@@ -2893,6 +2959,13 @@ void SSL_set_jdk11_workaround(SSL *ssl, int enable) {
|
|
|
2893
2959
|
ssl->config->jdk11_workaround = !!enable;
|
|
2894
2960
|
}
|
|
2895
2961
|
|
|
2962
|
+
void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) {
|
|
2963
|
+
if (!ssl->config) {
|
|
2964
|
+
return;
|
|
2965
|
+
}
|
|
2966
|
+
ssl->config->quic_use_legacy_codepoint = !!use_legacy;
|
|
2967
|
+
}
|
|
2968
|
+
|
|
2896
2969
|
int SSL_clear(SSL *ssl) {
|
|
2897
2970
|
if (!ssl->config) {
|
|
2898
2971
|
return 0; // SSL_clear may not be used after shedding config.
|
|
@@ -202,9 +202,8 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
|
202
202
|
OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
|
|
203
203
|
|
|
204
204
|
// Copy the key material.
|
|
205
|
-
new_session->
|
|
206
|
-
OPENSSL_memcpy(new_session->
|
|
207
|
-
session->master_key_length);
|
|
205
|
+
new_session->secret_length = session->secret_length;
|
|
206
|
+
OPENSSL_memcpy(new_session->secret, session->secret, session->secret_length);
|
|
208
207
|
new_session->cipher = session->cipher;
|
|
209
208
|
|
|
210
209
|
// Copy authentication state.
|
|
@@ -264,13 +263,15 @@ UniquePtr<SSL_SESSION> SSL_SESSION_dup(SSL_SESSION *session, int dup_flags) {
|
|
|
264
263
|
new_session->ticket_age_add = session->ticket_age_add;
|
|
265
264
|
new_session->ticket_max_early_data = session->ticket_max_early_data;
|
|
266
265
|
new_session->extended_master_secret = session->extended_master_secret;
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
session->
|
|
266
|
+
new_session->has_application_settings = session->has_application_settings;
|
|
267
|
+
|
|
268
|
+
if (!new_session->early_alpn.CopyFrom(session->early_alpn) ||
|
|
269
|
+
!new_session->quic_early_data_context.CopyFrom(
|
|
270
|
+
session->quic_early_data_context) ||
|
|
271
|
+
!new_session->local_application_settings.CopyFrom(
|
|
272
|
+
session->local_application_settings) ||
|
|
273
|
+
!new_session->peer_application_settings.CopyFrom(
|
|
274
|
+
session->peer_application_settings)) {
|
|
274
275
|
return nullptr;
|
|
275
276
|
}
|
|
276
277
|
}
|
|
@@ -364,12 +365,6 @@ int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server) {
|
|
|
364
365
|
session->is_server = is_server;
|
|
365
366
|
session->ssl_version = ssl->version;
|
|
366
367
|
session->is_quic = ssl->quic_method != nullptr;
|
|
367
|
-
if (is_server && ssl->enable_early_data && session->is_quic) {
|
|
368
|
-
if (!session->quic_early_data_context.CopyFrom(
|
|
369
|
-
hs->config->quic_early_data_context)) {
|
|
370
|
-
return 0;
|
|
371
|
-
}
|
|
372
|
-
}
|
|
373
368
|
|
|
374
369
|
// Fill in the time from the |SSL_CTX|'s clock.
|
|
375
370
|
struct OPENSSL_timeval now;
|
|
@@ -870,7 +865,8 @@ ssl_session_st::ssl_session_st(const SSL_X509_METHOD *method)
|
|
|
870
865
|
not_resumable(false),
|
|
871
866
|
ticket_age_add_valid(false),
|
|
872
867
|
is_server(false),
|
|
873
|
-
is_quic(false)
|
|
868
|
+
is_quic(false),
|
|
869
|
+
has_application_settings(false) {
|
|
874
870
|
CRYPTO_new_ex_data(&ex_data);
|
|
875
871
|
time = ::time(nullptr);
|
|
876
872
|
}
|
|
@@ -966,14 +962,14 @@ void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
|
|
|
966
962
|
|
|
967
963
|
size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
|
|
968
964
|
size_t max_out) {
|
|
969
|
-
// TODO(davidben): Fix
|
|
965
|
+
// TODO(davidben): Fix secret_length's type and remove these casts.
|
|
970
966
|
if (max_out == 0) {
|
|
971
|
-
return (size_t)session->
|
|
967
|
+
return (size_t)session->secret_length;
|
|
972
968
|
}
|
|
973
|
-
if (max_out > (size_t)session->
|
|
974
|
-
max_out = (size_t)session->
|
|
969
|
+
if (max_out > (size_t)session->secret_length) {
|
|
970
|
+
max_out = (size_t)session->secret_length;
|
|
975
971
|
}
|
|
976
|
-
OPENSSL_memcpy(out, session->
|
|
972
|
+
OPENSSL_memcpy(out, session->secret, max_out);
|
|
977
973
|
return max_out;
|
|
978
974
|
}
|
|
979
975
|
|
|
@@ -265,8 +265,8 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len,
|
|
|
265
265
|
|
|
266
266
|
static const size_t kFinishedLen = 12;
|
|
267
267
|
if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen),
|
|
268
|
-
MakeConstSpan(session->
|
|
269
|
-
|
|
268
|
+
MakeConstSpan(session->secret, session->secret_length), label,
|
|
269
|
+
MakeConstSpan(digest, digest_len), {})) {
|
|
270
270
|
return false;
|
|
271
271
|
}
|
|
272
272
|
|
|
@@ -191,15 +191,14 @@ static bool get_key_block_lengths(const SSL *ssl, size_t *out_mac_secret_len,
|
|
|
191
191
|
|
|
192
192
|
static bool generate_key_block(const SSL *ssl, Span<uint8_t> out,
|
|
193
193
|
const SSL_SESSION *session) {
|
|
194
|
-
auto
|
|
195
|
-
MakeConstSpan(session->master_key, session->master_key_length);
|
|
194
|
+
auto secret = MakeConstSpan(session->secret, session->secret_length);
|
|
196
195
|
static const char kLabel[] = "key expansion";
|
|
197
196
|
auto label = MakeConstSpan(kLabel, sizeof(kLabel) - 1);
|
|
198
197
|
|
|
199
198
|
const EVP_MD *digest = ssl_session_get_digest(session);
|
|
200
199
|
// Note this function assumes that |session|'s key material corresponds to
|
|
201
200
|
// |ssl->s3->client_random| and |ssl->s3->server_random|.
|
|
202
|
-
return tls1_prf(digest, out,
|
|
201
|
+
return tls1_prf(digest, out, secret, label, ssl->s3->server_random,
|
|
203
202
|
ssl->s3->client_random);
|
|
204
203
|
}
|
|
205
204
|
|
|
@@ -379,8 +378,7 @@ int SSL_export_keying_material(SSL *ssl, uint8_t *out, size_t out_len,
|
|
|
379
378
|
|
|
380
379
|
const SSL_SESSION *session = SSL_get_session(ssl);
|
|
381
380
|
const EVP_MD *digest = ssl_session_get_digest(session);
|
|
382
|
-
return tls1_prf(
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
MakeConstSpan(label, label_len), seed, {});
|
|
381
|
+
return tls1_prf(digest, MakeSpan(out, out_len),
|
|
382
|
+
MakeConstSpan(session->secret, session->secret_length),
|
|
383
|
+
MakeConstSpan(label, label_len), seed, {});
|
|
386
384
|
}
|
|
@@ -113,10 +113,13 @@
|
|
|
113
113
|
#include <stdlib.h>
|
|
114
114
|
#include <string.h>
|
|
115
115
|
|
|
116
|
+
#include <algorithm>
|
|
116
117
|
#include <utility>
|
|
117
118
|
|
|
119
|
+
#include <openssl/aead.h>
|
|
118
120
|
#include <openssl/bytestring.h>
|
|
119
121
|
#include <openssl/chacha.h>
|
|
122
|
+
#include <openssl/curve25519.h>
|
|
120
123
|
#include <openssl/digest.h>
|
|
121
124
|
#include <openssl/err.h>
|
|
122
125
|
#include <openssl/evp.h>
|
|
@@ -125,13 +128,15 @@
|
|
|
125
128
|
#include <openssl/nid.h>
|
|
126
129
|
#include <openssl/rand.h>
|
|
127
130
|
|
|
128
|
-
#include "internal.h"
|
|
131
|
+
#include "../crypto/hpke/internal.h"
|
|
129
132
|
#include "../crypto/internal.h"
|
|
133
|
+
#include "internal.h"
|
|
130
134
|
|
|
131
135
|
|
|
132
136
|
BSSL_NAMESPACE_BEGIN
|
|
133
137
|
|
|
134
138
|
static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs);
|
|
139
|
+
static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs);
|
|
135
140
|
|
|
136
141
|
static int compare_uint16_t(const void *p1, const void *p2) {
|
|
137
142
|
uint16_t u1 = *((const uint16_t *)p1);
|
|
@@ -512,7 +517,7 @@ struct tls_extension {
|
|
|
512
517
|
};
|
|
513
518
|
|
|
514
519
|
static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
515
|
-
|
|
520
|
+
CBS *contents) {
|
|
516
521
|
if (contents != NULL) {
|
|
517
522
|
// Servers MUST NOT send this extension.
|
|
518
523
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
|
@@ -524,7 +529,7 @@ static bool forbid_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
524
529
|
}
|
|
525
530
|
|
|
526
531
|
static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
527
|
-
|
|
532
|
+
CBS *contents) {
|
|
528
533
|
// This extension from the client is handled elsewhere.
|
|
529
534
|
return true;
|
|
530
535
|
}
|
|
@@ -586,6 +591,182 @@ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
586
591
|
}
|
|
587
592
|
|
|
588
593
|
|
|
594
|
+
// Encrypted Client Hello (ECH)
|
|
595
|
+
//
|
|
596
|
+
// https://tools.ietf.org/html/draft-ietf-tls-esni-09
|
|
597
|
+
|
|
598
|
+
// random_size returns a random value between |min| and |max|, inclusive.
|
|
599
|
+
static size_t random_size(size_t min, size_t max) {
|
|
600
|
+
assert(min < max);
|
|
601
|
+
size_t value;
|
|
602
|
+
RAND_bytes(reinterpret_cast<uint8_t *>(&value), sizeof(value));
|
|
603
|
+
return value % (max - min + 1) + min;
|
|
604
|
+
}
|
|
605
|
+
|
|
606
|
+
static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) {
|
|
607
|
+
// If we are responding to the server's HelloRetryRequest, we repeat the bytes
|
|
608
|
+
// of the first ECH GREASE extension.
|
|
609
|
+
if (hs->ssl->s3->used_hello_retry_request) {
|
|
610
|
+
CBB ech_body;
|
|
611
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
|
612
|
+
!CBB_add_u16_length_prefixed(out, &ech_body) ||
|
|
613
|
+
!CBB_add_bytes(&ech_body, hs->ech_grease.data(),
|
|
614
|
+
hs->ech_grease.size()) ||
|
|
615
|
+
!CBB_flush(out)) {
|
|
616
|
+
return false;
|
|
617
|
+
}
|
|
618
|
+
return true;
|
|
619
|
+
}
|
|
620
|
+
|
|
621
|
+
constexpr uint16_t kdf_id = EVP_HPKE_HKDF_SHA256;
|
|
622
|
+
const uint16_t aead_id = EVP_has_aes_hardware()
|
|
623
|
+
? EVP_HPKE_AEAD_AES_GCM_128
|
|
624
|
+
: EVP_HPKE_AEAD_CHACHA20POLY1305;
|
|
625
|
+
const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id);
|
|
626
|
+
assert(aead != nullptr);
|
|
627
|
+
|
|
628
|
+
uint8_t ech_config_id[8];
|
|
629
|
+
RAND_bytes(ech_config_id, sizeof(ech_config_id));
|
|
630
|
+
|
|
631
|
+
uint8_t ech_enc[X25519_PUBLIC_VALUE_LEN];
|
|
632
|
+
uint8_t private_key_unused[X25519_PRIVATE_KEY_LEN];
|
|
633
|
+
X25519_keypair(ech_enc, private_key_unused);
|
|
634
|
+
|
|
635
|
+
// To determine a plausible length for the payload, we first estimate the size
|
|
636
|
+
// of a typical EncodedClientHelloInner, with an expected use of
|
|
637
|
+
// outer_extensions. To limit the size, we only consider initial ClientHellos
|
|
638
|
+
// that do not offer resumption.
|
|
639
|
+
//
|
|
640
|
+
// Field/Extension Size
|
|
641
|
+
// ---------------------------------------------------------------------
|
|
642
|
+
// version 2
|
|
643
|
+
// random 32
|
|
644
|
+
// legacy_session_id 1
|
|
645
|
+
// - Has a U8 length prefix, but body is
|
|
646
|
+
// always empty string in inner CH.
|
|
647
|
+
// cipher_suites 2 (length prefix)
|
|
648
|
+
// - Only includes TLS 1.3 ciphers (3). 6
|
|
649
|
+
// - Maybe also include a GREASE suite. 2
|
|
650
|
+
// legacy_compression_methods 2 (length prefix)
|
|
651
|
+
// - Always has "null" compression method. 1
|
|
652
|
+
// extensions: 2 (length prefix)
|
|
653
|
+
// - encrypted_client_hello (empty). 4 (id + length prefix)
|
|
654
|
+
// - supported_versions. 4 (id + length prefix)
|
|
655
|
+
// - U8 length prefix 1
|
|
656
|
+
// - U16 protocol version (TLS 1.3) 2
|
|
657
|
+
// - outer_extensions. 4 (id + length prefix)
|
|
658
|
+
// - U8 length prefix 1
|
|
659
|
+
// - N extension IDs (2 bytes each):
|
|
660
|
+
// - key_share 2
|
|
661
|
+
// - sigalgs 2
|
|
662
|
+
// - sct 2
|
|
663
|
+
// - alpn 2
|
|
664
|
+
// - supported_groups. 2
|
|
665
|
+
// - status_request. 2
|
|
666
|
+
// - psk_key_exchange_modes. 2
|
|
667
|
+
// - compress_certificate. 2
|
|
668
|
+
//
|
|
669
|
+
// The server_name extension has an overhead of 9 bytes, plus up to an
|
|
670
|
+
// estimated 100 bytes of hostname. Rounding up to a multiple of 32 yields a
|
|
671
|
+
// range of 96 to 192. Note that this estimate does not fully capture
|
|
672
|
+
// optional extensions like GREASE, but the rounding gives some leeway.
|
|
673
|
+
|
|
674
|
+
uint8_t payload[EVP_AEAD_MAX_OVERHEAD + 192];
|
|
675
|
+
const size_t payload_len =
|
|
676
|
+
EVP_AEAD_max_overhead(aead) + 32 * random_size(96 / 32, 192 / 32);
|
|
677
|
+
assert(payload_len <= sizeof(payload));
|
|
678
|
+
RAND_bytes(payload, payload_len);
|
|
679
|
+
|
|
680
|
+
// Inside the TLS extension contents, write a serialized ClientEncryptedCH.
|
|
681
|
+
CBB ech_body, config_id_cbb, enc_cbb, payload_cbb;
|
|
682
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
|
683
|
+
!CBB_add_u16_length_prefixed(out, &ech_body) ||
|
|
684
|
+
!CBB_add_u16(&ech_body, kdf_id) || //
|
|
685
|
+
!CBB_add_u16(&ech_body, aead_id) ||
|
|
686
|
+
!CBB_add_u8_length_prefixed(&ech_body, &config_id_cbb) ||
|
|
687
|
+
!CBB_add_bytes(&config_id_cbb, ech_config_id, sizeof(ech_config_id)) ||
|
|
688
|
+
!CBB_add_u16_length_prefixed(&ech_body, &enc_cbb) ||
|
|
689
|
+
!CBB_add_bytes(&enc_cbb, ech_enc, OPENSSL_ARRAY_SIZE(ech_enc)) ||
|
|
690
|
+
!CBB_add_u16_length_prefixed(&ech_body, &payload_cbb) ||
|
|
691
|
+
!CBB_add_bytes(&payload_cbb, payload, payload_len) || //
|
|
692
|
+
!CBB_flush(&ech_body)) {
|
|
693
|
+
return false;
|
|
694
|
+
}
|
|
695
|
+
// Save the bytes of the newly-generated extension in case the server sends
|
|
696
|
+
// a HelloRetryRequest.
|
|
697
|
+
if (!hs->ech_grease.CopyFrom(
|
|
698
|
+
MakeConstSpan(CBB_data(&ech_body), CBB_len(&ech_body)))) {
|
|
699
|
+
return false;
|
|
700
|
+
}
|
|
701
|
+
return CBB_flush(out);
|
|
702
|
+
}
|
|
703
|
+
|
|
704
|
+
static bool ext_ech_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
705
|
+
if (hs->max_version < TLS1_3_VERSION) {
|
|
706
|
+
return true;
|
|
707
|
+
}
|
|
708
|
+
if (hs->config->ech_grease_enabled) {
|
|
709
|
+
return ext_ech_add_clienthello_grease(hs, out);
|
|
710
|
+
}
|
|
711
|
+
// Nothing to do, since we don't yet implement the non-GREASE parts of ECH.
|
|
712
|
+
return true;
|
|
713
|
+
}
|
|
714
|
+
|
|
715
|
+
static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
716
|
+
CBS *contents) {
|
|
717
|
+
if (contents == NULL) {
|
|
718
|
+
return true;
|
|
719
|
+
}
|
|
720
|
+
|
|
721
|
+
// If the client only sent GREASE, we must check the extension syntactically.
|
|
722
|
+
CBS ech_configs;
|
|
723
|
+
if (!CBS_get_u16_length_prefixed(contents, &ech_configs) ||
|
|
724
|
+
CBS_len(&ech_configs) == 0 || //
|
|
725
|
+
CBS_len(contents) > 0) {
|
|
726
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
727
|
+
return false;
|
|
728
|
+
}
|
|
729
|
+
while (CBS_len(&ech_configs) > 0) {
|
|
730
|
+
// Do a top-level parse of the ECHConfig, stopping before ECHConfigContents.
|
|
731
|
+
uint16_t version;
|
|
732
|
+
CBS ech_config_contents;
|
|
733
|
+
if (!CBS_get_u16(&ech_configs, &version) ||
|
|
734
|
+
!CBS_get_u16_length_prefixed(&ech_configs, &ech_config_contents)) {
|
|
735
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
736
|
+
return false;
|
|
737
|
+
}
|
|
738
|
+
}
|
|
739
|
+
return true;
|
|
740
|
+
}
|
|
741
|
+
|
|
742
|
+
static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
743
|
+
CBS *contents) {
|
|
744
|
+
if (contents != nullptr) {
|
|
745
|
+
hs->ech_present = true;
|
|
746
|
+
return true;
|
|
747
|
+
}
|
|
748
|
+
return true;
|
|
749
|
+
}
|
|
750
|
+
|
|
751
|
+
static bool ext_ech_is_inner_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
752
|
+
return true;
|
|
753
|
+
}
|
|
754
|
+
|
|
755
|
+
static bool ext_ech_is_inner_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
756
|
+
uint8_t *out_alert,
|
|
757
|
+
CBS *contents) {
|
|
758
|
+
if (contents == nullptr) {
|
|
759
|
+
return true;
|
|
760
|
+
}
|
|
761
|
+
if (CBS_len(contents) > 0) {
|
|
762
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
763
|
+
return false;
|
|
764
|
+
}
|
|
765
|
+
hs->ech_is_inner_present = true;
|
|
766
|
+
return true;
|
|
767
|
+
}
|
|
768
|
+
|
|
769
|
+
|
|
589
770
|
// Renegotiation indication.
|
|
590
771
|
//
|
|
591
772
|
// https://tools.ietf.org/html/rfc5746
|
|
@@ -1247,7 +1428,7 @@ static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1247
1428
|
SSL *const ssl = hs->ssl;
|
|
1248
1429
|
if (hs->config->alpn_client_proto_list.empty() && ssl->quic_method) {
|
|
1249
1430
|
// ALPN MUST be used with QUIC.
|
|
1250
|
-
OPENSSL_PUT_ERROR(SSL,
|
|
1431
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
|
|
1251
1432
|
return false;
|
|
1252
1433
|
}
|
|
1253
1434
|
|
|
@@ -1275,7 +1456,7 @@ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1275
1456
|
if (contents == NULL) {
|
|
1276
1457
|
if (ssl->quic_method) {
|
|
1277
1458
|
// ALPN is required when QUIC is used.
|
|
1278
|
-
OPENSSL_PUT_ERROR(SSL,
|
|
1459
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
|
|
1279
1460
|
*out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
|
|
1280
1461
|
return false;
|
|
1281
1462
|
}
|
|
@@ -1356,7 +1537,7 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1356
1537
|
TLSEXT_TYPE_application_layer_protocol_negotiation)) {
|
|
1357
1538
|
if (ssl->quic_method) {
|
|
1358
1539
|
// ALPN is required when QUIC is used.
|
|
1359
|
-
OPENSSL_PUT_ERROR(SSL,
|
|
1540
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
|
|
1360
1541
|
*out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
|
|
1361
1542
|
return false;
|
|
1362
1543
|
}
|
|
@@ -1380,7 +1561,6 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1380
1561
|
CBS protocol_name_list_copy = protocol_name_list;
|
|
1381
1562
|
while (CBS_len(&protocol_name_list_copy) > 0) {
|
|
1382
1563
|
CBS protocol_name;
|
|
1383
|
-
|
|
1384
1564
|
if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
|
|
1385
1565
|
// Empty protocol names are forbidden.
|
|
1386
1566
|
CBS_len(&protocol_name) == 0) {
|
|
@@ -1392,25 +1572,39 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1392
1572
|
|
|
1393
1573
|
const uint8_t *selected;
|
|
1394
1574
|
uint8_t selected_len;
|
|
1395
|
-
|
|
1396
|
-
|
|
1397
|
-
|
|
1398
|
-
|
|
1399
|
-
|
|
1400
|
-
|
|
1401
|
-
|
|
1575
|
+
int ret = ssl->ctx->alpn_select_cb(
|
|
1576
|
+
ssl, &selected, &selected_len, CBS_data(&protocol_name_list),
|
|
1577
|
+
CBS_len(&protocol_name_list), ssl->ctx->alpn_select_cb_arg);
|
|
1578
|
+
// ALPN is required when QUIC is used.
|
|
1579
|
+
if (ssl->quic_method &&
|
|
1580
|
+
(ret == SSL_TLSEXT_ERR_NOACK || ret == SSL_TLSEXT_ERR_ALERT_WARNING)) {
|
|
1581
|
+
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
|
|
1582
|
+
}
|
|
1583
|
+
switch (ret) {
|
|
1584
|
+
case SSL_TLSEXT_ERR_OK:
|
|
1585
|
+
if (selected_len == 0) {
|
|
1586
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
|
|
1587
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1588
|
+
return false;
|
|
1589
|
+
}
|
|
1590
|
+
if (!ssl->s3->alpn_selected.CopyFrom(
|
|
1591
|
+
MakeConstSpan(selected, selected_len))) {
|
|
1592
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1593
|
+
return false;
|
|
1594
|
+
}
|
|
1595
|
+
break;
|
|
1596
|
+
case SSL_TLSEXT_ERR_NOACK:
|
|
1597
|
+
case SSL_TLSEXT_ERR_ALERT_WARNING:
|
|
1598
|
+
break;
|
|
1599
|
+
case SSL_TLSEXT_ERR_ALERT_FATAL:
|
|
1600
|
+
*out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
|
|
1601
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
|
|
1402
1602
|
return false;
|
|
1403
|
-
|
|
1404
|
-
|
|
1405
|
-
MakeConstSpan(selected, selected_len))) {
|
|
1603
|
+
default:
|
|
1604
|
+
// Invalid return value.
|
|
1406
1605
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
1606
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
1407
1607
|
return false;
|
|
1408
|
-
}
|
|
1409
|
-
} else if (ssl->quic_method) {
|
|
1410
|
-
// ALPN is required when QUIC is used.
|
|
1411
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_ALPN);
|
|
1412
|
-
*out_alert = SSL_AD_NO_APPLICATION_PROTOCOL;
|
|
1413
|
-
return false;
|
|
1414
1608
|
}
|
|
1415
1609
|
|
|
1416
1610
|
return true;
|
|
@@ -1946,6 +2140,21 @@ static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
1946
2140
|
//
|
|
1947
2141
|
// https://tools.ietf.org/html/rfc8446#section-4.2.10
|
|
1948
2142
|
|
|
2143
|
+
// ssl_get_local_application_settings looks up the configured ALPS value for
|
|
2144
|
+
// |protocol|. If found, it sets |*out_settings| to the value and returns true.
|
|
2145
|
+
// Otherwise, it returns false.
|
|
2146
|
+
static bool ssl_get_local_application_settings(
|
|
2147
|
+
const SSL_HANDSHAKE *hs, Span<const uint8_t> *out_settings,
|
|
2148
|
+
Span<const uint8_t> protocol) {
|
|
2149
|
+
for (const ALPSConfig &config : hs->config->alps_configs) {
|
|
2150
|
+
if (protocol == config.protocol) {
|
|
2151
|
+
*out_settings = config.settings;
|
|
2152
|
+
return true;
|
|
2153
|
+
}
|
|
2154
|
+
}
|
|
2155
|
+
return false;
|
|
2156
|
+
}
|
|
2157
|
+
|
|
1949
2158
|
static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1950
2159
|
SSL *const ssl = hs->ssl;
|
|
1951
2160
|
// The second ClientHello never offers early data, and we must have already
|
|
@@ -1978,13 +2187,25 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1978
2187
|
return true;
|
|
1979
2188
|
}
|
|
1980
2189
|
|
|
1981
|
-
|
|
1982
|
-
|
|
1983
|
-
|
|
1984
|
-
|
|
1985
|
-
|
|
1986
|
-
|
|
1987
|
-
|
|
2190
|
+
if (!ssl->session->early_alpn.empty()) {
|
|
2191
|
+
if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
|
|
2192
|
+
// Avoid reporting a confusing value in |SSL_get0_alpn_selected|.
|
|
2193
|
+
ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
|
|
2194
|
+
return true;
|
|
2195
|
+
}
|
|
2196
|
+
|
|
2197
|
+
// If the previous connection negotiated ALPS, only offer 0-RTT when the
|
|
2198
|
+
// local are settings are consistent with what we'd offer for this
|
|
2199
|
+
// connection.
|
|
2200
|
+
if (ssl->session->has_application_settings) {
|
|
2201
|
+
Span<const uint8_t> settings;
|
|
2202
|
+
if (!ssl_get_local_application_settings(hs, &settings,
|
|
2203
|
+
ssl->session->early_alpn) ||
|
|
2204
|
+
settings != ssl->session->local_application_settings) {
|
|
2205
|
+
ssl->s3->early_data_reason = ssl_early_data_alps_mismatch;
|
|
2206
|
+
return true;
|
|
2207
|
+
}
|
|
2208
|
+
}
|
|
1988
2209
|
}
|
|
1989
2210
|
|
|
1990
2211
|
// |early_data_reason| will be filled in later when the server responds.
|
|
@@ -2258,7 +2479,8 @@ bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
|
2258
2479
|
return true;
|
|
2259
2480
|
}
|
|
2260
2481
|
|
|
2261
|
-
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out
|
|
2482
|
+
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out,
|
|
2483
|
+
bool dry_run) {
|
|
2262
2484
|
uint16_t group_id;
|
|
2263
2485
|
CBB kse_bytes, public_key;
|
|
2264
2486
|
if (!tls1_get_shared_group(hs, &group_id) ||
|
|
@@ -2271,10 +2493,10 @@ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2271
2493
|
!CBB_flush(out)) {
|
|
2272
2494
|
return false;
|
|
2273
2495
|
}
|
|
2274
|
-
|
|
2275
|
-
|
|
2276
|
-
|
|
2277
|
-
|
|
2496
|
+
if (!dry_run) {
|
|
2497
|
+
hs->ecdh_public_key.Reset();
|
|
2498
|
+
hs->new_session->group_id = group_id;
|
|
2499
|
+
}
|
|
2278
2500
|
return true;
|
|
2279
2501
|
}
|
|
2280
2502
|
|
|
@@ -2568,8 +2790,8 @@ static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2568
2790
|
|
|
2569
2791
|
// QUIC Transport Parameters
|
|
2570
2792
|
|
|
2571
|
-
static bool
|
|
2572
|
-
|
|
2793
|
+
static bool ext_quic_transport_params_add_clienthello_impl(
|
|
2794
|
+
SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
|
|
2573
2795
|
if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
|
|
2574
2796
|
return true;
|
|
2575
2797
|
}
|
|
@@ -2581,9 +2803,18 @@ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
|
|
2581
2803
|
return false;
|
|
2582
2804
|
}
|
|
2583
2805
|
assert(hs->min_version > TLS1_2_VERSION);
|
|
2806
|
+
if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
|
2807
|
+
// Do nothing, we'll send the other codepoint.
|
|
2808
|
+
return true;
|
|
2809
|
+
}
|
|
2810
|
+
|
|
2811
|
+
uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
|
|
2812
|
+
if (hs->config->quic_use_legacy_codepoint) {
|
|
2813
|
+
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
|
|
2814
|
+
}
|
|
2584
2815
|
|
|
2585
2816
|
CBB contents;
|
|
2586
|
-
if (!CBB_add_u16(out,
|
|
2817
|
+
if (!CBB_add_u16(out, extension_type) ||
|
|
2587
2818
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2588
2819
|
!CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
|
|
2589
2820
|
hs->config->quic_transport_params.size()) ||
|
|
@@ -2593,31 +2824,57 @@ static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
|
|
2593
2824
|
return true;
|
|
2594
2825
|
}
|
|
2595
2826
|
|
|
2596
|
-
static bool
|
|
2597
|
-
|
|
2598
|
-
|
|
2827
|
+
static bool ext_quic_transport_params_add_clienthello(SSL_HANDSHAKE *hs,
|
|
2828
|
+
CBB *out) {
|
|
2829
|
+
return ext_quic_transport_params_add_clienthello_impl(
|
|
2830
|
+
hs, out, /*use_legacy_codepoint=*/false);
|
|
2831
|
+
}
|
|
2832
|
+
|
|
2833
|
+
static bool ext_quic_transport_params_add_clienthello_legacy(SSL_HANDSHAKE *hs,
|
|
2834
|
+
CBB *out) {
|
|
2835
|
+
return ext_quic_transport_params_add_clienthello_impl(
|
|
2836
|
+
hs, out, /*use_legacy_codepoint=*/true);
|
|
2837
|
+
}
|
|
2838
|
+
|
|
2839
|
+
static bool ext_quic_transport_params_parse_serverhello_impl(
|
|
2840
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
|
|
2841
|
+
bool used_legacy_codepoint) {
|
|
2599
2842
|
SSL *const ssl = hs->ssl;
|
|
2600
2843
|
if (contents == nullptr) {
|
|
2844
|
+
if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
|
2845
|
+
// Silently ignore because we expect the other QUIC codepoint.
|
|
2846
|
+
return true;
|
|
2847
|
+
}
|
|
2601
2848
|
if (!ssl->quic_method) {
|
|
2602
2849
|
return true;
|
|
2603
2850
|
}
|
|
2604
|
-
assert(ssl->quic_method);
|
|
2605
2851
|
*out_alert = SSL_AD_MISSING_EXTENSION;
|
|
2606
2852
|
return false;
|
|
2607
2853
|
}
|
|
2608
|
-
|
|
2609
|
-
|
|
2610
|
-
|
|
2611
|
-
}
|
|
2612
|
-
// QUIC requires TLS 1.3.
|
|
2854
|
+
// The extensions parser will check for unsolicited extensions before
|
|
2855
|
+
// calling the callback.
|
|
2856
|
+
assert(ssl->quic_method != nullptr);
|
|
2613
2857
|
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
|
2614
|
-
|
|
2858
|
+
assert(used_legacy_codepoint == hs->config->quic_use_legacy_codepoint);
|
|
2615
2859
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
|
2616
2860
|
}
|
|
2617
2861
|
|
|
2618
|
-
static bool
|
|
2862
|
+
static bool ext_quic_transport_params_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2619
2863
|
uint8_t *out_alert,
|
|
2620
2864
|
CBS *contents) {
|
|
2865
|
+
return ext_quic_transport_params_parse_serverhello_impl(
|
|
2866
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/false);
|
|
2867
|
+
}
|
|
2868
|
+
|
|
2869
|
+
static bool ext_quic_transport_params_parse_serverhello_legacy(
|
|
2870
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
|
|
2871
|
+
return ext_quic_transport_params_parse_serverhello_impl(
|
|
2872
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/true);
|
|
2873
|
+
}
|
|
2874
|
+
|
|
2875
|
+
static bool ext_quic_transport_params_parse_clienthello_impl(
|
|
2876
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents,
|
|
2877
|
+
bool used_legacy_codepoint) {
|
|
2621
2878
|
SSL *const ssl = hs->ssl;
|
|
2622
2879
|
if (!contents) {
|
|
2623
2880
|
if (!ssl->quic_method) {
|
|
@@ -2628,29 +2885,72 @@ static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
2628
2885
|
// for QUIC.
|
|
2629
2886
|
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
|
2630
2887
|
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
2888
|
+
return false;
|
|
2889
|
+
}
|
|
2890
|
+
if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
|
2891
|
+
// Silently ignore because we expect the other QUIC codepoint.
|
|
2892
|
+
return true;
|
|
2631
2893
|
}
|
|
2632
2894
|
*out_alert = SSL_AD_MISSING_EXTENSION;
|
|
2633
2895
|
return false;
|
|
2634
2896
|
}
|
|
2635
2897
|
if (!ssl->quic_method) {
|
|
2898
|
+
if (used_legacy_codepoint) {
|
|
2899
|
+
// Ignore the legacy private-use codepoint because that could be sent
|
|
2900
|
+
// to mean something else than QUIC transport parameters.
|
|
2901
|
+
return true;
|
|
2902
|
+
}
|
|
2903
|
+
// Fail if we received the codepoint registered with IANA for QUIC
|
|
2904
|
+
// because that is not allowed outside of QUIC.
|
|
2636
2905
|
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
|
2637
2906
|
return false;
|
|
2638
2907
|
}
|
|
2639
2908
|
assert(ssl_protocol_version(ssl) == TLS1_3_VERSION);
|
|
2909
|
+
if (used_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
|
2910
|
+
// Silently ignore because we expect the other QUIC codepoint.
|
|
2911
|
+
return true;
|
|
2912
|
+
}
|
|
2640
2913
|
return ssl->s3->peer_quic_transport_params.CopyFrom(*contents);
|
|
2641
2914
|
}
|
|
2642
2915
|
|
|
2643
|
-
static bool
|
|
2644
|
-
|
|
2916
|
+
static bool ext_quic_transport_params_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2917
|
+
uint8_t *out_alert,
|
|
2918
|
+
CBS *contents) {
|
|
2919
|
+
return ext_quic_transport_params_parse_clienthello_impl(
|
|
2920
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/false);
|
|
2921
|
+
}
|
|
2922
|
+
|
|
2923
|
+
static bool ext_quic_transport_params_parse_clienthello_legacy(
|
|
2924
|
+
SSL_HANDSHAKE *hs, uint8_t *out_alert, CBS *contents) {
|
|
2925
|
+
return ext_quic_transport_params_parse_clienthello_impl(
|
|
2926
|
+
hs, out_alert, contents, /*used_legacy_codepoint=*/true);
|
|
2927
|
+
}
|
|
2928
|
+
|
|
2929
|
+
static bool ext_quic_transport_params_add_serverhello_impl(
|
|
2930
|
+
SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
|
|
2931
|
+
if (hs->ssl->quic_method == nullptr && use_legacy_codepoint) {
|
|
2932
|
+
// Ignore the legacy private-use codepoint because that could be sent
|
|
2933
|
+
// to mean something else than QUIC transport parameters.
|
|
2934
|
+
return true;
|
|
2935
|
+
}
|
|
2645
2936
|
assert(hs->ssl->quic_method != nullptr);
|
|
2646
2937
|
if (hs->config->quic_transport_params.empty()) {
|
|
2647
2938
|
// Transport parameters must be set when using QUIC.
|
|
2648
2939
|
OPENSSL_PUT_ERROR(SSL, SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED);
|
|
2649
2940
|
return false;
|
|
2650
2941
|
}
|
|
2942
|
+
if (use_legacy_codepoint != hs->config->quic_use_legacy_codepoint) {
|
|
2943
|
+
// Do nothing, we'll send the other codepoint.
|
|
2944
|
+
return true;
|
|
2945
|
+
}
|
|
2946
|
+
|
|
2947
|
+
uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
|
|
2948
|
+
if (hs->config->quic_use_legacy_codepoint) {
|
|
2949
|
+
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
|
|
2950
|
+
}
|
|
2651
2951
|
|
|
2652
2952
|
CBB contents;
|
|
2653
|
-
if (!CBB_add_u16(out,
|
|
2953
|
+
if (!CBB_add_u16(out, extension_type) ||
|
|
2654
2954
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2655
2955
|
!CBB_add_bytes(&contents, hs->config->quic_transport_params.data(),
|
|
2656
2956
|
hs->config->quic_transport_params.size()) ||
|
|
@@ -2661,6 +2961,18 @@ static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
|
|
|
2661
2961
|
return true;
|
|
2662
2962
|
}
|
|
2663
2963
|
|
|
2964
|
+
static bool ext_quic_transport_params_add_serverhello(SSL_HANDSHAKE *hs,
|
|
2965
|
+
CBB *out) {
|
|
2966
|
+
return ext_quic_transport_params_add_serverhello_impl(
|
|
2967
|
+
hs, out, /*use_legacy_codepoint=*/false);
|
|
2968
|
+
}
|
|
2969
|
+
|
|
2970
|
+
static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs,
|
|
2971
|
+
CBB *out) {
|
|
2972
|
+
return ext_quic_transport_params_add_serverhello_impl(
|
|
2973
|
+
hs, out, /*use_legacy_codepoint=*/true);
|
|
2974
|
+
}
|
|
2975
|
+
|
|
2664
2976
|
// Delegated credentials.
|
|
2665
2977
|
//
|
|
2666
2978
|
// https://tools.ietf.org/html/draft-ietf-tls-subcerts
|
|
@@ -2797,6 +3109,144 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2797
3109
|
return true;
|
|
2798
3110
|
}
|
|
2799
3111
|
|
|
3112
|
+
// Application-level Protocol Settings
|
|
3113
|
+
//
|
|
3114
|
+
// https://tools.ietf.org/html/draft-vvv-tls-alps-01
|
|
3115
|
+
|
|
3116
|
+
static bool ext_alps_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
3117
|
+
SSL *const ssl = hs->ssl;
|
|
3118
|
+
if (// ALPS requires TLS 1.3.
|
|
3119
|
+
hs->max_version < TLS1_3_VERSION ||
|
|
3120
|
+
// Do not offer ALPS without ALPN.
|
|
3121
|
+
hs->config->alpn_client_proto_list.empty() ||
|
|
3122
|
+
// Do not offer ALPS if not configured.
|
|
3123
|
+
hs->config->alps_configs.empty() ||
|
|
3124
|
+
// Do not offer ALPS on renegotiation handshakes.
|
|
3125
|
+
ssl->s3->initial_handshake_complete) {
|
|
3126
|
+
return true;
|
|
3127
|
+
}
|
|
3128
|
+
|
|
3129
|
+
CBB contents, proto_list, proto;
|
|
3130
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
|
|
3131
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
3132
|
+
!CBB_add_u16_length_prefixed(&contents, &proto_list)) {
|
|
3133
|
+
return false;
|
|
3134
|
+
}
|
|
3135
|
+
|
|
3136
|
+
for (const ALPSConfig &config : hs->config->alps_configs) {
|
|
3137
|
+
if (!CBB_add_u8_length_prefixed(&proto_list, &proto) ||
|
|
3138
|
+
!CBB_add_bytes(&proto, config.protocol.data(),
|
|
3139
|
+
config.protocol.size())) {
|
|
3140
|
+
return false;
|
|
3141
|
+
}
|
|
3142
|
+
}
|
|
3143
|
+
|
|
3144
|
+
return CBB_flush(out);
|
|
3145
|
+
}
|
|
3146
|
+
|
|
3147
|
+
static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
3148
|
+
CBS *contents) {
|
|
3149
|
+
SSL *const ssl = hs->ssl;
|
|
3150
|
+
if (contents == nullptr) {
|
|
3151
|
+
return true;
|
|
3152
|
+
}
|
|
3153
|
+
|
|
3154
|
+
assert(!ssl->s3->initial_handshake_complete);
|
|
3155
|
+
assert(!hs->config->alpn_client_proto_list.empty());
|
|
3156
|
+
assert(!hs->config->alps_configs.empty());
|
|
3157
|
+
|
|
3158
|
+
// ALPS requires TLS 1.3.
|
|
3159
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
|
3160
|
+
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
|
3161
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
|
3162
|
+
return false;
|
|
3163
|
+
}
|
|
3164
|
+
|
|
3165
|
+
// Note extension callbacks may run in any order, so we defer checking
|
|
3166
|
+
// consistency with ALPN to |ssl_check_serverhello_tlsext|.
|
|
3167
|
+
if (!hs->new_session->peer_application_settings.CopyFrom(*contents)) {
|
|
3168
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
3169
|
+
return false;
|
|
3170
|
+
}
|
|
3171
|
+
|
|
3172
|
+
hs->new_session->has_application_settings = true;
|
|
3173
|
+
return true;
|
|
3174
|
+
}
|
|
3175
|
+
|
|
3176
|
+
static bool ext_alps_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
3177
|
+
SSL *const ssl = hs->ssl;
|
|
3178
|
+
// If early data is accepted, we omit the ALPS extension. It is implicitly
|
|
3179
|
+
// carried over from the previous connection.
|
|
3180
|
+
if (hs->new_session == nullptr ||
|
|
3181
|
+
!hs->new_session->has_application_settings ||
|
|
3182
|
+
ssl->s3->early_data_accepted) {
|
|
3183
|
+
return true;
|
|
3184
|
+
}
|
|
3185
|
+
|
|
3186
|
+
CBB contents;
|
|
3187
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_application_settings) ||
|
|
3188
|
+
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
3189
|
+
!CBB_add_bytes(&contents,
|
|
3190
|
+
hs->new_session->local_application_settings.data(),
|
|
3191
|
+
hs->new_session->local_application_settings.size()) ||
|
|
3192
|
+
!CBB_flush(out)) {
|
|
3193
|
+
return false;
|
|
3194
|
+
}
|
|
3195
|
+
|
|
3196
|
+
return true;
|
|
3197
|
+
}
|
|
3198
|
+
|
|
3199
|
+
bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
3200
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
|
3201
|
+
SSL *const ssl = hs->ssl;
|
|
3202
|
+
if (ssl->s3->alpn_selected.empty()) {
|
|
3203
|
+
return true;
|
|
3204
|
+
}
|
|
3205
|
+
|
|
3206
|
+
// If we negotiate ALPN over TLS 1.3, try to negotiate ALPS.
|
|
3207
|
+
CBS alps_contents;
|
|
3208
|
+
Span<const uint8_t> settings;
|
|
3209
|
+
if (ssl_protocol_version(ssl) >= TLS1_3_VERSION &&
|
|
3210
|
+
ssl_get_local_application_settings(hs, &settings,
|
|
3211
|
+
ssl->s3->alpn_selected) &&
|
|
3212
|
+
ssl_client_hello_get_extension(client_hello, &alps_contents,
|
|
3213
|
+
TLSEXT_TYPE_application_settings)) {
|
|
3214
|
+
// Check if the client supports ALPS with the selected ALPN.
|
|
3215
|
+
bool found = false;
|
|
3216
|
+
CBS alps_list;
|
|
3217
|
+
if (!CBS_get_u16_length_prefixed(&alps_contents, &alps_list) ||
|
|
3218
|
+
CBS_len(&alps_contents) != 0 ||
|
|
3219
|
+
CBS_len(&alps_list) == 0) {
|
|
3220
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
3221
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
3222
|
+
return false;
|
|
3223
|
+
}
|
|
3224
|
+
while (CBS_len(&alps_list) > 0) {
|
|
3225
|
+
CBS protocol_name;
|
|
3226
|
+
if (!CBS_get_u8_length_prefixed(&alps_list, &protocol_name) ||
|
|
3227
|
+
// Empty protocol names are forbidden.
|
|
3228
|
+
CBS_len(&protocol_name) == 0) {
|
|
3229
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
3230
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
3231
|
+
return false;
|
|
3232
|
+
}
|
|
3233
|
+
if (protocol_name == MakeConstSpan(ssl->s3->alpn_selected)) {
|
|
3234
|
+
found = true;
|
|
3235
|
+
}
|
|
3236
|
+
}
|
|
3237
|
+
|
|
3238
|
+
// Negotiate ALPS if both client also supports ALPS for this protocol.
|
|
3239
|
+
if (found) {
|
|
3240
|
+
hs->new_session->has_application_settings = true;
|
|
3241
|
+
if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
|
|
3242
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
3243
|
+
return false;
|
|
3244
|
+
}
|
|
3245
|
+
}
|
|
3246
|
+
}
|
|
3247
|
+
|
|
3248
|
+
return true;
|
|
3249
|
+
}
|
|
2800
3250
|
|
|
2801
3251
|
// kExtensions contains all the supported extensions.
|
|
2802
3252
|
static const struct tls_extension kExtensions[] = {
|
|
@@ -2808,6 +3258,22 @@ static const struct tls_extension kExtensions[] = {
|
|
|
2808
3258
|
ext_sni_parse_clienthello,
|
|
2809
3259
|
ext_sni_add_serverhello,
|
|
2810
3260
|
},
|
|
3261
|
+
{
|
|
3262
|
+
TLSEXT_TYPE_encrypted_client_hello,
|
|
3263
|
+
NULL,
|
|
3264
|
+
ext_ech_add_clienthello,
|
|
3265
|
+
ext_ech_parse_serverhello,
|
|
3266
|
+
ext_ech_parse_clienthello,
|
|
3267
|
+
dont_add_serverhello,
|
|
3268
|
+
},
|
|
3269
|
+
{
|
|
3270
|
+
TLSEXT_TYPE_ech_is_inner,
|
|
3271
|
+
NULL,
|
|
3272
|
+
ext_ech_is_inner_add_clienthello,
|
|
3273
|
+
forbid_parse_serverhello,
|
|
3274
|
+
ext_ech_is_inner_parse_clienthello,
|
|
3275
|
+
dont_add_serverhello,
|
|
3276
|
+
},
|
|
2811
3277
|
{
|
|
2812
3278
|
TLSEXT_TYPE_extended_master_secret,
|
|
2813
3279
|
NULL,
|
|
@@ -2947,13 +3413,21 @@ static const struct tls_extension kExtensions[] = {
|
|
|
2947
3413
|
dont_add_serverhello,
|
|
2948
3414
|
},
|
|
2949
3415
|
{
|
|
2950
|
-
|
|
3416
|
+
TLSEXT_TYPE_quic_transport_parameters_standard,
|
|
2951
3417
|
NULL,
|
|
2952
3418
|
ext_quic_transport_params_add_clienthello,
|
|
2953
3419
|
ext_quic_transport_params_parse_serverhello,
|
|
2954
3420
|
ext_quic_transport_params_parse_clienthello,
|
|
2955
3421
|
ext_quic_transport_params_add_serverhello,
|
|
2956
3422
|
},
|
|
3423
|
+
{
|
|
3424
|
+
TLSEXT_TYPE_quic_transport_parameters_legacy,
|
|
3425
|
+
NULL,
|
|
3426
|
+
ext_quic_transport_params_add_clienthello_legacy,
|
|
3427
|
+
ext_quic_transport_params_parse_serverhello_legacy,
|
|
3428
|
+
ext_quic_transport_params_parse_clienthello_legacy,
|
|
3429
|
+
ext_quic_transport_params_add_serverhello_legacy,
|
|
3430
|
+
},
|
|
2957
3431
|
{
|
|
2958
3432
|
TLSEXT_TYPE_token_binding,
|
|
2959
3433
|
NULL,
|
|
@@ -2978,6 +3452,15 @@ static const struct tls_extension kExtensions[] = {
|
|
|
2978
3452
|
ext_delegated_credential_parse_clienthello,
|
|
2979
3453
|
dont_add_serverhello,
|
|
2980
3454
|
},
|
|
3455
|
+
{
|
|
3456
|
+
TLSEXT_TYPE_application_settings,
|
|
3457
|
+
NULL,
|
|
3458
|
+
ext_alps_add_clienthello,
|
|
3459
|
+
ext_alps_parse_serverhello,
|
|
3460
|
+
// ALPS is negotiated late in |ssl_negotiate_alpn|.
|
|
3461
|
+
ignore_parse_clienthello,
|
|
3462
|
+
ext_alps_add_serverhello,
|
|
3463
|
+
},
|
|
2981
3464
|
};
|
|
2982
3465
|
|
|
2983
3466
|
#define kNumExtensions (sizeof(kExtensions) / sizeof(struct tls_extension))
|
|
@@ -3370,6 +3853,36 @@ static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
|
|
|
3370
3853
|
}
|
|
3371
3854
|
}
|
|
3372
3855
|
|
|
3856
|
+
static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) {
|
|
3857
|
+
SSL *const ssl = hs->ssl;
|
|
3858
|
+
// ALPS and ALPN have a dependency between each other, so we defer checking
|
|
3859
|
+
// consistency to after the callbacks run.
|
|
3860
|
+
if (hs->new_session != nullptr && hs->new_session->has_application_settings) {
|
|
3861
|
+
// ALPN must be negotiated.
|
|
3862
|
+
if (ssl->s3->alpn_selected.empty()) {
|
|
3863
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN);
|
|
3864
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
|
3865
|
+
return false;
|
|
3866
|
+
}
|
|
3867
|
+
|
|
3868
|
+
// The negotiated protocol must be one of the ones we advertised for ALPS.
|
|
3869
|
+
Span<const uint8_t> settings;
|
|
3870
|
+
if (!ssl_get_local_application_settings(hs, &settings,
|
|
3871
|
+
ssl->s3->alpn_selected)) {
|
|
3872
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPN_PROTOCOL);
|
|
3873
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
|
|
3874
|
+
return false;
|
|
3875
|
+
}
|
|
3876
|
+
|
|
3877
|
+
if (!hs->new_session->local_application_settings.CopyFrom(settings)) {
|
|
3878
|
+
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
|
|
3879
|
+
return false;
|
|
3880
|
+
}
|
|
3881
|
+
}
|
|
3882
|
+
|
|
3883
|
+
return true;
|
|
3884
|
+
}
|
|
3885
|
+
|
|
3373
3886
|
bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
|
|
3374
3887
|
SSL *const ssl = hs->ssl;
|
|
3375
3888
|
int alert = SSL_AD_DECODE_ERROR;
|
|
@@ -3378,6 +3891,10 @@ bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
|
|
|
3378
3891
|
return false;
|
|
3379
3892
|
}
|
|
3380
3893
|
|
|
3894
|
+
if (!ssl_check_serverhello_tlsext(hs)) {
|
|
3895
|
+
return false;
|
|
3896
|
+
}
|
|
3897
|
+
|
|
3381
3898
|
return true;
|
|
3382
3899
|
}
|
|
3383
3900
|
|